The latest articles on DEV Community by Erik Lundevall Zara (@eriklz). https://dev.to/eriklz https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F121517%2Ff36841e0-42a9-4c2d-b1ce-2843a8187afb.jpg https://dev.to/eriklz en Erik Lundevall Zara Mon, 24 Mar 2025 09:30:51 +0000 https://dev.to/eriklz/quick-blog-set-up-with-quarto-and-flyio-51ed https://dev.to/eriklz/quick-blog-set-up-with-quarto-and-flyio-51ed <p>This is a quick tip to get started to set up your own blog website, similar to <a href="https://eriklz.online" rel="noopener noreferrer">my blog website https://eriklz.online</a>.<br> I have set up a couple of websites with blogs using this approach, and I find it quite nice - and I hope you will find it useful as well!</p> <p>The set-up here is pretty much the same as I use with my blog, and it is fairly straightforward to do.</p> <p>There are a few key components needed:</p> <ul> <li> <a href="https://www.docker.com/products/docker-desktop/" rel="noopener noreferrer">Docker Desktop</a>, or something that is a compatible alternative</li> <li> <a href="https://quarto.org" rel="noopener noreferrer">Quarto</a>, a technical publication system to create websites, books, documents etc from Markdown</li> <li> <a href="https://fly.io" rel="noopener noreferrer">Fly.io</a>, a developer-centric and friendly cloud platform</li> <li>Optional: <a href="https://github.com" rel="noopener noreferrer">GitHub</a>, for version control and automating publishing of updates</li> </ul> <h2> Installation </h2> <p>Follow the installation instructions for your platform for Docker Desktop and Quarto, if you do not have them installed already.</p> <p>Also, create a personal account on Fly.io, and install their <strong>flyctl</strong> command-line tool.</p> <h2> Set-up of website/blog content </h2> <p>First, if you are going to use GitHub for version control, create a repository there, let us assume it is called <strong>my-awesome-blog</strong>. It is fine to have a private repository.<br> You can then clone it to your local computer from the command-line, e.g.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone git@github.com/myuser/my-awesome-blog.git </code></pre> </div> <p>Change to this repository and set up a blog project using Quarto:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>my-awesome-blog quarto create project blog <span class="nb">.</span> </code></pre> </div> <p>The quarto command will ask for the title of the blog, and then generate some initial files for a blog set-up.<br> You can view what the current setup looks like in the browser by running <code>quarto preview</code>.<br> This command will generate the website content, start a local web server and open up the home page in a browser.</p> <p>For updating the actual content, you will need to look a bit further in the <strong>quarto</strong> documentation.<br> For general text and image content, it should be pretty ok to learn - quarto uses Markdown files, but has also a lot of extensions on top of the regular Markdown.</p> <p>The <code>_quarto.yml</code> file is the file that will control the overall layout of the webpage, and individual <code>.qmd</code> files are essentially the Quarto Markdown files that provide content for each page.</p> <p>To generate the web site content for "real" you would rather use the <code>quarto render</code> command.<br> This is what you use to generate the content to be used with further steps to deploy the blog, so you can run that and verify that it works.</p> <p>The generated content will be in the directory <code>_site</code>.</p> <h2> Set-up of webserver </h2> <p>Next step is to set up a web server to serve the content to the real world.<br> For this, we use <strong>fly.io</strong>.</p> <p>In the root of your project/repository, create a file <code>Dockerfile</code> with the following content:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>FROM nginx:alpine COPY _site /usr/share/nginx/html </code></pre> </div> <p>We use a container image for <strong>nginx</strong> web server, and we copy the generated output from <em>quarto</em>, which will be in directory <code>_site</code>, to where web pages will be served from in nginx.</p> <p>Now on the command-line, in the root directory of your project, run the command<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>flyctl launch </code></pre> </div> <p>This will start a wizard to set up a server to run <em>nginx</em>.<br> If it asks to include the contents of the <code>.gitignore</code> file into <code>.dockerignore</code>, you can also answer no.<br> When it asks if you want to modify the configuration in <code>fly.toml</code> you can answer <strong>yes</strong>, and at least change the port number from <em>8080</em> to <em>80</em>.</p> <p>You can also change the app name, since it will generate a hostname by default that is <code>my-awesome-blog.fly.dev</code> for you.<br> (The app name will be <code>my-awesome-blog</code> unless that is already in use, and fly.io will generate a different app name for you)</p> <p>Once the wizard has created the configuration, it will also try to deploy the web server and start it.<br> If that works ok, you will be able to access your blog web site on <code>my-awesome-blog.fly.dev</code>.</p> <p>If you need to tweak the configuration, you can do that in the generated <code>fly.toml</code> file and run <code>flyctl deploy</code> to re-deploy the web server.</p> <p>By default, the generated configuration will scale down to 0 machines after some idle time, and automatically start up a new machine if there is incoming traffic.<br> So if you are not getting much traffic, the costs will be quite low.<br> Fly.io even waives your bill if it is lower than $5 in a month.</p> <p>So I would say it is pretty safe to start experimenting this way without worrying about runaway costs.</p> <h2> Version control tweaks </h2> <p>At this stage, you may want to commit your updates to your git repository.<br> Before you do that, you can add <code>_site</code> to your <code>.gitignore</code> file.</p> <p>Thus you will only keep the source data in version control, not the generated result.</p> <h2> Optional - automate deployment on change through GitHub actions </h2> <p>If you have a GitHub repository, the flyctl wizard will have generated a file <code>.github/workflows/fly-deploy.yml</code> for you.<br> This include enough to essentially run <code>flyctl deploy</code> through GitHub actions.</p> <p>However, you also want to let quarto render the web site content before deploying.<br> You can replace the content of this workflow file with the following content to also invoke <code>quarto render</code> before deployment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Fly Deploy</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy app</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">concurrency</span><span class="pi">:</span> <span class="s">deploy-group</span> <span class="c1"># optional: ensure only one action runs at a time</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">quarto-dev/quarto-actions/setup@v2</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">quarto-dev/quarto-actions/render@v2</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">superfly/flyctl-actions/setup-flyctl@master</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s">flyctl deploy --remote-only</span> <span class="na">env</span><span class="pi">:</span> <span class="na">FLY_API_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.FLY_API_TOKEN }}</span> </code></pre> </div> <p>In the GitHub repository, you must also add a secret in the settings for the repository, <strong>FLY_API_TOKEN</strong>.<br> On the command-line in the project, run the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>flyctl tokens create deploy </code></pre> </div> <p>Copy all the content in the output to the <strong>FLY_API_TOKEN</strong> secret in the GitHub repository.</p> <p>Now any update to the main branch should trigger the workflow and re-deploy the updated website.</p> <h2> Custom domain and certificates </h2> <p>If you want to set up your own custom domain and create certificates for your awesome blog, then you need to register your domain name of choice with a domain registrar.<br> After that, you can go through <a href="https://fly.io/docs/networking/custom-domain/" rel="noopener noreferrer">this guide at fly.io</a> to set up your custom domain for your website.</p> <h2> Final remarks </h2> <p>I have set up multiple websites with this approach, including blogs and online books.<br> For this purpose, Quarto and Fly.io have worked really well, I think.<br> Since the cost will essentially be 0 for low traffic, you can experiment with this type of setup without worrying too much about the cost.</p> <p>You can of course publish Quarto-based material through other means as well, including GitHub pages, Netlify, etc.<br> For me, using fly.io has suited me very well, and their developer experience is quite nice.</p> <p>I hope this information has been useful to you, and inspire to using Quarto and/or fly.io!</p> webdev productivity markdown Erik Lundevall Zara Tue, 18 Jul 2023 08:30:00 +0000 https://dev.to/eriklz/an-opinionated-aws-cdk-project-template-for-python-hi5 https://dev.to/eriklz/an-opinionated-aws-cdk-project-template-for-python-hi5 <p>AWS Cloud Development Kit (AWS CDK) is a nice framework to use if you build infrastructure for AWS. It can be relatively quick to define various types of cloud infrastructure for AWS.</p> <p>However, I have found the experience to set up a new project to be lacking. This project template, found at <a href="https://github.com/cloudgnosis/awscdk-python-template" rel="noopener noreferrer">https://github.com/cloudgnosis/awscdk-python-template</a>, addresses some of these issues, specifically for Python users..</p> <h3> Template summary </h3> <p>The summary here of what is included you can see here, to read a bit more about the reasoning, look further below:</p> <ul> <li>Adding config to CDK context automatically, from TOML files.</li> <li>Encourage a flatter, non-inheritance approach to resource composition to facilitate refactoring</li> <li>Simplified stack creation - automatic if single stack project, and always assign AWS account and region to stacks</li> <li>Simplified stack-level tagging of resources</li> <li>Modern package manager usage option - PDM</li> <li>Python development tools include: <ul> <li>black - code formatting</li> <li>ruff - fast linter</li> <li>pre-commit - Pre-commit hooks for formatting and linting</li> <li>pytest - testing framework</li> </ul> </li> <li>Logging and print debugging <ul> <li>structlog</li> <li>icecream</li> </ul> </li> <li>Extendable model and behaviour processing of project setup options</li> <li>Requires Python 3.10 or higher currently</li> </ul> <h3> Usage </h3> <p>This is a <strong>GitHub template repository</strong>, so if you re using the GitHub GUI, you can click on <strong>Use this template</strong> and select <em>Create a new repository</em>. </p> <p><a href="https://github.com/cloudgnosis/awscdk-python-template" rel="noopener noreferrer">https://github.com/cloudgnosis/awscdk-python-template</a></p> <p>Or just copy the files, or use the parts that fit your use cases. Either way, I hope you find some parts of it useful.</p> <h3> Reasoning behind the template </h3> <p>The core of the template comes from a frustration with the regular <code>cdk init</code> templates, which is not that flexible. I rip out or change a lot of the content - to where I might have set it up from scratch instead.</p> <p>There is also a certain amount of boilerplate work for handling config data, stacks, tags, and AWS environment setup. I'm a fan of black (code formatting), ruff (code linting), pytest (testing) and pre-commit (run checks before git commit). So these are included by default.</p> <p>AWS CDK examples encourage building solutions with inheritance, and push most logic into constructors. Grouping resources through inheritance leads to (too) long resource identifiers. Keeping resources after refactoring is difficult because of CloudFormation's restrictions.</p> <p>Also, I think inheritance is overused. <strong>It might be useful for building specific reusable components, but not for everything in a CDK-based solution.</strong></p> <p>There are multiple project scaffolding solutions that work for Python, but not so much aimed at issues with AWS CDK and Python.</p> <p>The intention is to provide a rather lightweight template for setting up AWS CDK projects, which may cover some common use cases. It is extendable and many behaviours can be replaced easily, if desired.</p> <h3> Examples </h3> <p><em>All examples below call a function <code>add_sqs_sns_example()</code> to add an SQS queue and an SNS topic, with the SQS as a subscriber to that topic. This is very much like the default AWS CDK template generated, except that the stack to add them to is passed as a parameter to this function. The same pattern can be used for any resources.</em></p> <p>Here is a rather simple example, which will have a single stack, and all resources tagged with <code>Environment = dev</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">main_example</span><span class="p">():</span> <span class="n">model</span> <span class="o">=</span> <span class="n">ias</span><span class="p">.</span><span class="nf">init_ias_model</span><span class="p">(</span> <span class="p">{</span> <span class="sh">"</span><span class="s">deployment_name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">examples</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">tags</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Environment</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">dev</span><span class="sh">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="p">)</span> <span class="n">stack</span> <span class="o">=</span> <span class="n">model</span><span class="p">[</span><span class="sh">"</span><span class="s">stacks</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">default</span><span class="sh">"</span><span class="p">]</span> <span class="nf">add_sqs_sns_example</span><span class="p">(</span><span class="n">stack</span><span class="p">)</span> <span class="n">ias</span><span class="p">.</span><span class="nf">generate_from_model</span><span class="p">(</span><span class="n">model</span><span class="p">)</span> </code></pre> </div> <p>This will set up a CDK App, and a single stack with id <code>default</code> and name <code>examples</code>. All resources will be tagged with tag <em>Environment</em> with value <em>dev</em>. The <strong>model</strong> object is a dictionary that contains the app, stack, and environment resources.</p> <p>You get the stack from the model, and can call functions to add resources to that stack. When this is done, the <code>generate_from_model()</code> function will create the CloudFormation, the same as calling <code>app.synth()</code> on the CDK App object.</p> <p>AWS account and region will be determined based on the currently active credentials, in this case. </p> <p>A slightly more complicated example may look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">main_example</span><span class="p">():</span> <span class="n">model</span> <span class="o">=</span> <span class="n">ias</span><span class="p">.</span><span class="nf">init_ias_model</span><span class="p">(</span> <span class="p">{</span> <span class="sh">"</span><span class="s">deployment_name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">examples</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">stacks</span><span class="sh">"</span><span class="p">:</span> <span class="p">[{</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">main</span><span class="sh">"</span><span class="p">},</span> <span class="p">{</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">other</span><span class="sh">"</span><span class="p">}],</span> <span class="sh">"</span><span class="s">tags</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">Environment</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">dev</span><span class="sh">"</span><span class="p">},</span> <span class="p">},</span> <span class="n">option_processors</span><span class="o">=</span><span class="p">[</span><span class="n">ias</span><span class="p">.</span><span class="n">simple_config_defaults</span><span class="p">],</span> <span class="p">)</span> <span class="n">main_stack</span> <span class="o">=</span> <span class="n">model</span><span class="p">[</span><span class="sh">"</span><span class="s">stacks</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">main</span><span class="sh">"</span><span class="p">]</span> <span class="n">other_stack</span> <span class="o">=</span> <span class="n">model</span><span class="p">[</span><span class="sh">"</span><span class="s">stacks</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">other</span><span class="sh">"</span><span class="p">]</span> <span class="nf">add_sqs_sns_example</span><span class="p">(</span><span class="n">main_stack</span><span class="p">)</span> <span class="nf">add_sqs_sns_example</span><span class="p">(</span><span class="n">other_stack</span><span class="p">)</span> <span class="n">ias</span><span class="p">.</span><span class="nf">generate_from_model</span><span class="p">(</span><span class="n">model</span><span class="p">)</span> </code></pre> </div> <p>Here there are two stacks, with ids <code>main</code> and <code>other</code> and stack names <code>examples-main</code> and <code>examples-other</code> . There is a different <strong>option processor</strong>, which in this case includes reading config from TOML files. All config data is available though CDK context, so it can be retrieved via any CDK Construct-type object (Construct, Stack, Stage, App).</p> <p>The <em>option processors</em> are simply functions that update the input options and return a new set of input options. When all these processors have been executed, the actual model initialisation takes place.</p> <p>The example resource function that works for the main example functions above look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">add_sqs_sns_example</span><span class="p">(</span><span class="n">scope</span><span class="p">:</span> <span class="n">cdk</span><span class="p">.</span><span class="n">Stack</span><span class="p">):</span> <span class="n">config_group</span> <span class="o">=</span> <span class="n">scope</span><span class="p">.</span><span class="n">node</span><span class="p">.</span><span class="nb">id</span> <span class="c1"># Use CDK stack id as config group name </span> <span class="n">queue</span> <span class="o">=</span> <span class="n">sqs</span><span class="p">.</span><span class="nc">Queue</span><span class="p">(</span><span class="n">scope</span><span class="p">,</span> <span class="sh">"</span><span class="s">queue</span><span class="sh">"</span><span class="p">,</span> <span class="n">visibility_timeout</span><span class="o">=</span><span class="n">cdk</span><span class="p">.</span><span class="n">Duration</span><span class="p">.</span><span class="nf">seconds</span><span class="p">(</span><span class="mi">300</span><span class="p">))</span> <span class="n">topic</span> <span class="o">=</span> <span class="n">sns</span><span class="p">.</span><span class="nc">Topic</span><span class="p">(</span> <span class="n">scope</span><span class="p">,</span> <span class="sh">"</span><span class="s">topic</span><span class="sh">"</span><span class="p">,</span> <span class="n">topic_name</span><span class="o">=</span><span class="n">ias</span><span class="p">.</span><span class="nf">get_context_data</span><span class="p">(</span><span class="n">scope</span><span class="p">,</span> <span class="p">[</span><span class="n">config_group</span><span class="p">,</span> <span class="sh">"</span><span class="s">topic_name</span><span class="sh">"</span><span class="p">]),</span> <span class="p">)</span> <span class="n">topic</span><span class="p">.</span><span class="nf">add_subscription</span><span class="p">(</span><span class="n">subs</span><span class="p">.</span><span class="nc">SqsSubscription</span><span class="p">(</span><span class="n">queue</span><span class="p">))</span> </code></pre> </div> <p>and the example TOML config file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="nn">[main]</span> <span class="py">topic_name</span> <span class="p">=</span> <span class="s">"my-topic"</span> <span class="nn">[other]</span> <span class="py">topic_name</span> <span class="p">=</span> <span class="s">"other-topic"</span> </code></pre> </div> <h3> Design considerations </h3> <p>All options and the model structure use the <strong>TypedDict</strong> feature. This is like a regular dictionary, but also includes typing information for the defined fields. Thus you can get type hints in your editor of choice for these structures, plus it allows for you to extend them yourself as well. It also uses <strong>structural typing</strong>, meaning that as long as the dictionary includes the required fields, it is a valid data structure. No need to create class objects explicitly. It is kind of similar to the typing experience found in, for example, TypeScript.</p> <p>Rather than loading resources into the stack constructor, I suggest using regular functions to add them. This should help with building a bit more modular code without too much boilerplate.</p> <h3> Things to do </h3> <ul> <li>Add handling for stack dependencies</li> <li>Generate API docs <ul> <li>Issues with getting <strong>pdoc</strong> to work when JSII is involved</li> </ul> </li> <li>Figure out reasonable scope without making it too heavy, for example <ul> <li>Wrappers for sharing data between stacks? (Parameter store, etc)</li> <li>Add (optional) default monitoring (e.g. via cdk-monitoring-constructs)?</li> <li>Add (optional) default security/policy processing (e.g. via cdk-nag)?</li> </ul> </li> <li>Get more feedback</li> </ul> <h3> Summary </h3> <p>This template is an attempt to make some nicer defaults for people developing AWS CDK solutions with Python. Check out <a href="https://github.com/cloudgnosis/awscdk-python-template" rel="noopener noreferrer">https://github.com/cloudgnosis/awscdk-python-template</a> and tell me what you think of it!</p> aws productivity cdk python Erik Lundevall Zara Tue, 04 Oct 2022 09:44:18 +0000 https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-8-3jk7 https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-8-3jk7 <p>In this article, we are going to wrap up this article series on using AWS CDK for managing infrastructure as code. We will cover two topics in this article:</p> <ul> <li><p>Monitoring infrastructure</p></li> <li><p>Finding and using 3rd party libraries for AWS CDK</p></li> </ul> <p>By the end of this article, you will know more about setting up monitoring and alarms for your infrastructure, and you will know more about finding useful libraries, not only from the core AWS CDK team.</p> <p>The infrastructure we will monitor is based on what has been defined from previous articles in this series, so please have a look at earlier articles to see what the infrastructure we will manage is.</p> <p>This article series uses Typescript as an example language. However, there are repositories with example code for multiple languages. </p> <ul> <li><p><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-ts" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-ts</a></p></li> <li><p><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-python" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-python</a></p></li> <li><p><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-go" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-go</a></p></li> </ul> <p>The repositories will contain all the code examples from the articles series, implemented in different languages with the AWS CDK. You can view the code from specific parts and stages in the series by checking out the code tagged with a specific part and step in that part. See the README file in each repository for more details.</p> <p><strong><em>Note:</em></strong> <em>At the time of this writing, the code from this article will only be available for Typescript and Python. This is because of the 3rd party library we will use is not yet published for Go. When the library will become available for Go, the example code above will be updated accordingly.</em></p> <h2> Finding and using 3rd party libraries for AWS CDK </h2> <p>Currently, one of the best places to find libraries and resources for use with AWS CDK, or any other CDK (CDKTF, CDK8s) is <a href="https://constructs.dev" rel="noopener noreferrer">Construct Hub</a>.</p> <p>It is a website which contains information about many CDK construct libraries, including the standard ones from AWS, 3rd party libraries and generated constructs for public CloudFormation registry modules.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fha7403gojv5lj0c4a4u7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fha7403gojv5lj0c4a4u7.png" alt="Construct Hub" width="800" height="363"></a></p> <p>Since we are going to set up some monitoring for our infrastructure, let us search for <strong>monitoring</strong> and see what we get...</p> <p>The first one in the search result is a library called <strong>cdk-monitoring-constructs</strong>, which sounds pretty promising. Other results include something for <em>DataDog</em>. There are many other hits for the term <em>monitoring</em> as well. However, for now, let us look at <em>cdk-monitoring-constructs</em>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8lvzqelrqz0qmdxff0bo.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8lvzqelrqz0qmdxff0bo.png" alt="Construct Hub monitoring search" width="800" height="363"></a></p> <p>We can see from the symbols that this library is available for Typescript, Python, Java and .NET (C#). No Go though (yet).</p> <p>We can click on the entry to get into the documentation, read about installation and how to use this construct library. Good stuff!</p> <p>This will be the starting point for our work to set up some monitoring for our solution.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1zdsk1edymaea5dtgszs.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1zdsk1edymaea5dtgszs.png" alt="CDK monitoring docs" width="800" height="354"></a></p> <h2> Set up our solution monitoring </h2> <h3> Recap of solution setup </h3> <p>If you have read the previous articles in this series, you know that we have defined an infrastructure running a containerized application in an AWS ECS cluster, behind a load balancer and with auto-scaling set up, to increase or decrease the number of container instances based on various performance characteristics (CPU and memory).</p> <p>The application we have used is the <em>Apache httpd web server</em>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frww6uvcokexkaxkaccnp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frww6uvcokexkaxkaccnp.png" alt="Application solution" width="611" height="736"></a></p> <p>We currently have our infrastructure code divided up into 3 different files:</p> <ul> <li><p><code>bin/my-container-infrastructure.ts</code> - the main program</p></li> <li><p><code>lib/containers/container-management.ts</code> - support functions for container infrastructure</p></li> <li><p><code>test/containers/container-management.test.ts</code>- test code for support functions</p></li> </ul> <p>The current code can be seen here, and is also available in the GitHub repositories mentioned at the beginning of this article.</p> <h4> bin/my-container-infrastructure.ts </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">IVpc</span><span class="p">,</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">addCluster</span><span class="p">,</span> <span class="nx">addLoadBalancedService</span><span class="p">,</span> <span class="nx">addTaskDefinitionWithContainer</span><span class="p">,</span> <span class="nx">ContainerConfig</span><span class="p">,</span> <span class="nx">setServiceScaling</span><span class="p">,</span> <span class="nx">TaskConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/containers/container-management</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">my-container-infrastructure</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">env</span><span class="p">:</span> <span class="p">{</span> <span class="na">account</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_ACCOUNT</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_REGION</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">let</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">vpcName</span> <span class="o">=</span> <span class="nx">app</span><span class="p">.</span><span class="nx">node</span><span class="p">.</span><span class="nf">tryGetContext</span><span class="p">(</span><span class="dl">'</span><span class="s1">vpcname</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">vpcName</span><span class="p">)</span> <span class="p">{</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="nx">Vpc</span><span class="p">.</span><span class="nf">fromLookup</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpcName</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">vpcName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">my-vpc</span><span class="dl">'</span><span class="p">,</span> <span class="na">natGateways</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maxAzs</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">id</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">my-test-cluster</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="mi">512</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="mi">1024</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="dl">'</span><span class="s1">webserver</span><span class="dl">'</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">,</span> <span class="na">tcpPorts</span><span class="p">:</span> <span class="p">[</span><span class="mi">80</span><span class="p">]</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`taskdef-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addLoadBalancedService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`service-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="mi">80</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> <span class="nf">setServiceScaling</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">service</span><span class="p">,</span> <span class="p">{</span> <span class="na">minCount</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maxCount</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span> <span class="na">scaleCpuTarget</span><span class="p">:</span> <span class="p">{</span> <span class="na">percent</span><span class="p">:</span> <span class="mi">50</span> <span class="p">},</span> <span class="na">scaleMemoryTarget</span><span class="p">:</span> <span class="p">{</span> <span class="na">percent</span><span class="p">:</span> <span class="mi">70</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <h4> lib/containers/container-management.ts </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">CfnOutput</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">IVpc</span><span class="p">,</span> <span class="nx">Peer</span><span class="p">,</span> <span class="nx">Port</span><span class="p">,</span> <span class="nx">SecurityGroup</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">ContainerImage</span><span class="p">,</span> <span class="nx">FargateService</span><span class="p">,</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">LogDriver</span><span class="p">,</span> <span class="nx">IService</span><span class="p">,</span> <span class="nx">TaskDefinition</span><span class="p">,</span> <span class="nx">Protocol</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ecs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ApplicationLoadBalancedFargateService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ecs-patterns</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">RetentionDays</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-logs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addCluster</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">):</span> <span class="nx">Cluster</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Cluster</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">TaskConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">cpu</span><span class="p">:</span> <span class="mi">256</span> <span class="o">|</span> <span class="mi">512</span> <span class="o">|</span> <span class="mi">1024</span> <span class="o">|</span> <span class="mi">2048</span> <span class="o">|</span> <span class="mi">4096</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">memoryLimitMB</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">family</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ContainerConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">dockerHubImage</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">tcpPorts</span><span class="p">:</span> <span class="kr">number</span><span class="p">[];</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addTaskDefinitionWithContainer</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span><span class="p">):</span> <span class="nx">TaskDefinition</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateTaskDefinition</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">cpu</span><span class="p">,</span> <span class="na">memoryLimitMiB</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">memoryLimitMB</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">image</span> <span class="o">=</span> <span class="nx">ContainerImage</span><span class="p">.</span><span class="nf">fromRegistry</span><span class="p">(</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">logdriver</span> <span class="o">=</span> <span class="nx">LogDriver</span><span class="p">.</span><span class="nf">awsLogs</span><span class="p">({</span> <span class="na">streamPrefix</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="na">logRetention</span><span class="p">:</span> <span class="nx">RetentionDays</span><span class="p">.</span><span class="nx">ONE_DAY</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">containerDef</span> <span class="o">=</span> <span class="nx">taskdef</span><span class="p">.</span><span class="nf">addContainer</span><span class="p">(</span><span class="s2">`container-</span><span class="p">${</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="nx">image</span><span class="p">,</span> <span class="na">logging</span><span class="p">:</span> <span class="nx">logdriver</span> <span class="p">});</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">port</span> <span class="k">of</span> <span class="nx">containerConfig</span><span class="p">.</span><span class="nx">tcpPorts</span><span class="p">)</span> <span class="p">{</span> <span class="nx">containerDef</span><span class="p">.</span><span class="nf">addPortMappings</span><span class="p">({</span> <span class="na">containerPort</span><span class="p">:</span> <span class="nx">port</span><span class="p">,</span> <span class="na">protocol</span><span class="p">:</span> <span class="nx">Protocol</span><span class="p">.</span><span class="nx">TCP</span> <span class="p">});</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">taskdef</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addLoadBalancedService</span> <span class="o">=</span> <span class="nf">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">:</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">taskDef</span><span class="p">:</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">port</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">publicEndpoint</span><span class="p">?:</span> <span class="nx">boolean</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">?:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">ApplicationLoadBalancedFargateService</span> <span class="p">{</span> <span class="c1">// const sg = new SecurityGroup(scope, `${id}-security-group`, {</span> <span class="c1">// description: `Security group for service ${serviceName ?? ''}`,</span> <span class="c1">// vpc: cluster.vpc,</span> <span class="c1">// });</span> <span class="c1">// sg.addIngressRule(Peer.anyIpv4(), Port.tcp(port));</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ApplicationLoadBalancedFargateService</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">cluster</span><span class="p">,</span> <span class="na">taskDefinition</span><span class="p">:</span> <span class="nx">taskDef</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">,</span> <span class="c1">//securityGroups: [sg],</span> <span class="na">circuitBreaker</span><span class="p">:</span> <span class="p">{</span> <span class="na">rollback</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="na">publicLoadBalancer</span><span class="p">:</span> <span class="nx">publicEndpoint</span><span class="p">,</span> <span class="na">listenerPort</span><span class="p">:</span> <span class="nx">port</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">service</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ScalingThreshold</span> <span class="p">{</span> <span class="nl">percent</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ServiceScalingConfig</span> <span class="p">{</span> <span class="nl">minCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">maxCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">scaleCpuTarget</span><span class="p">:</span> <span class="nx">ScalingThreshold</span><span class="p">;</span> <span class="nl">scaleMemoryTarget</span><span class="p">:</span> <span class="nx">ScalingThreshold</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">setServiceScaling</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">service</span><span class="p">:</span> <span class="nx">FargateService</span><span class="p">,</span> <span class="nx">config</span><span class="p">:</span> <span class="nx">ServiceScalingConfig</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">scaling</span> <span class="o">=</span> <span class="nx">service</span><span class="p">.</span><span class="nf">autoScaleTaskCount</span><span class="p">({</span> <span class="na">maxCapacity</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">maxCount</span><span class="p">,</span> <span class="na">minCapacity</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">minCount</span><span class="p">,</span> <span class="p">});</span> <span class="nx">scaling</span><span class="p">.</span><span class="nf">scaleOnCpuUtilization</span><span class="p">(</span><span class="dl">'</span><span class="s1">CpuScaling</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">targetUtilizationPercent</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">scaleCpuTarget</span><span class="p">.</span><span class="nx">percent</span><span class="p">,</span> <span class="p">});</span> <span class="nx">scaling</span><span class="p">.</span><span class="nf">scaleOnMemoryUtilization</span><span class="p">(</span><span class="dl">'</span><span class="s1">MemoryScaling</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">targetUtilizationPercent</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">scaleMemoryTarget</span><span class="p">.</span><span class="nx">percent</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h4> test/containers/container-management.test.ts </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Capture</span><span class="p">,</span> <span class="nx">Match</span><span class="p">,</span> <span class="nx">Template</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/assertions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">addCluster</span><span class="p">,</span> <span class="nx">addLoadBalancedService</span><span class="p">,</span> <span class="nx">addTaskDefinitionWithContainer</span><span class="p">,</span> <span class="nx">ContainerConfig</span><span class="p">,</span> <span class="nx">setServiceScaling</span><span class="p">,</span> <span class="nx">TaskConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../../lib/containers/container-management</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">TaskDefinition</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ecs</span><span class="dl">'</span><span class="p">;</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">ECS cluster is defined with existing vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Cluster</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">cluster</span><span class="p">.</span><span class="nx">vpc</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">vpc</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">ECS Fargate task definition defined</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span><span class="p">,</span> <span class="na">tcpPorts</span><span class="p">:</span> <span class="p">[</span><span class="mi">80</span><span class="p">]</span> <span class="p">};</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">.</span><span class="nx">isFargateCompatible</span><span class="p">).</span><span class="nf">toBeTruthy</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">stack</span><span class="p">.</span><span class="nx">node</span><span class="p">.</span><span class="nx">children</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">)).</span><span class="nf">toBeTruthy</span><span class="p">();</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">RequiresCompatibilities</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">FARGATE</span><span class="dl">'</span> <span class="p">],</span> <span class="na">Cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">.</span><span class="nf">toString</span><span class="p">(),</span> <span class="na">Memory</span><span class="p">:</span> <span class="nx">memval</span><span class="p">.</span><span class="nf">toString</span><span class="p">(),</span> <span class="na">Family</span><span class="p">:</span> <span class="nx">familyval</span><span class="p">,</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Container definition added to task definition</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span><span class="p">,</span> <span class="na">tcpPorts</span><span class="p">:</span> <span class="p">[</span><span class="mi">80</span><span class="p">]</span> <span class="p">};</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">containerDef</span> <span class="o">=</span> <span class="nx">taskdef</span><span class="p">.</span><span class="nx">defaultContainer</span><span class="p">;</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">.</span><span class="nx">defaultContainer</span><span class="p">).</span><span class="nf">toBeDefined</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">containerDef</span><span class="p">?.</span><span class="nx">imageName</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">imageName</span><span class="p">);</span> <span class="c1">// Works from v2.11 of aws-cdk-lib</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">ContainerDefinitions</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">Image</span><span class="p">:</span> <span class="nx">imageName</span><span class="p">,</span> <span class="p">}),</span> <span class="p">]),</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">describe</span><span class="p">(</span><span class="dl">'</span><span class="s1">Test service creation options</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="na">stack</span><span class="p">:</span> <span class="nx">Stack</span><span class="p">;</span> <span class="kd">let</span> <span class="na">cluster</span><span class="p">:</span> <span class="nx">Cluster</span><span class="p">;</span> <span class="kd">let</span> <span class="na">taskdef</span><span class="p">:</span> <span class="nx">TaskDefinition</span><span class="p">;</span> <span class="nf">beforeEach</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span><span class="p">,</span> <span class="na">tcpPorts</span><span class="p">:</span> <span class="p">[</span><span class="mi">80</span><span class="p">]</span> <span class="p">};</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Fargate load-balanced service created, with provided mandatory properties only</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">80</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">desiredCount</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addLoadBalancedService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-service</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="nx">port</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">sgCapture</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Capture</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">cluster</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">cluster</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">taskDefinition</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Service</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Service</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">DesiredCount</span><span class="p">:</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="na">LaunchType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">FARGATE</span><span class="dl">'</span><span class="p">,</span> <span class="na">NetworkConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">AwsvpcConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">AssignPublicIp</span><span class="p">:</span> <span class="dl">'</span><span class="s1">DISABLED</span><span class="dl">'</span><span class="p">,</span> <span class="na">SecurityGroups</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span><span class="nx">sgCapture</span><span class="p">]),</span> <span class="p">}),</span> <span class="p">}),</span> <span class="p">});</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ElasticLoadBalancingV2::LoadBalancer</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ElasticLoadBalancingV2::LoadBalancer</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">Type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application</span><span class="dl">'</span><span class="p">,</span> <span class="na">Scheme</span><span class="p">:</span> <span class="dl">'</span><span class="s1">internet-facing</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="c1">//template.resourceCountIs('AWS::EC2::SecurityGroup', 1);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::EC2::SecurityGroup</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">SecurityGroupIngress</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">CidrIp</span><span class="p">:</span> <span class="dl">'</span><span class="s1">0.0.0.0/0</span><span class="dl">'</span><span class="p">,</span> <span class="na">FromPort</span><span class="p">:</span> <span class="nx">port</span><span class="p">,</span> <span class="na">IpProtocol</span><span class="p">:</span> <span class="dl">'</span><span class="s1">tcp</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">]),</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Fargate load-balanced service created, without public access</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">80</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">desiredCount</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addLoadBalancedService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-service</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="nx">port</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ElasticLoadBalancingV2::LoadBalancer</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ElasticLoadBalancingV2::LoadBalancer</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">Type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application</span><span class="dl">'</span><span class="p">,</span> <span class="na">Scheme</span><span class="p">:</span> <span class="dl">'</span><span class="s1">internal</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Scaling settings of load balancer</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">80</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">desiredCount</span> <span class="o">=</span> <span class="mi">2</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addLoadBalancedService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-service</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="nx">port</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">minCount</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maxCount</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="na">scaleCpuTarget</span><span class="p">:</span> <span class="p">{</span> <span class="na">percent</span><span class="p">:</span> <span class="mi">50</span> <span class="p">},</span> <span class="na">scaleMemoryTarget</span><span class="p">:</span> <span class="p">{</span> <span class="na">percent</span><span class="p">:</span> <span class="mi">50</span> <span class="p">},</span> <span class="p">};</span> <span class="nf">setServiceScaling</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">service</span><span class="p">,</span> <span class="nx">config</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">scaleResource</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Capture</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalableTarget</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalableTarget</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">MaxCapacity</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">maxCount</span><span class="p">,</span> <span class="na">MinCapacity</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">minCount</span><span class="p">,</span> <span class="na">ResourceId</span><span class="p">:</span> <span class="nx">scaleResource</span><span class="p">,</span> <span class="na">ScalableDimension</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ecs:service:DesiredCount</span><span class="dl">'</span><span class="p">,</span> <span class="na">ServiceNamespace</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ecs</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalingPolicy</span><span class="dl">'</span><span class="p">,</span> <span class="mi">2</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalingPolicy</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">PolicyType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">TargetTrackingScaling</span><span class="dl">'</span><span class="p">,</span> <span class="na">TargetTrackingScalingPolicyConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">PredefinedMetricSpecification</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectEquals</span><span class="p">({</span> <span class="na">PredefinedMetricType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ECSServiceAverageCPUUtilization</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="na">TargetValue</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">scaleCpuTarget</span><span class="p">.</span><span class="nx">percent</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalingPolicy</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">PolicyType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">TargetTrackingScaling</span><span class="dl">'</span><span class="p">,</span> <span class="na">TargetTrackingScalingPolicyConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">PredefinedMetricSpecification</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectEquals</span><span class="p">({</span> <span class="na">PredefinedMetricType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ECSServiceAverageMemoryUtilization</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="na">TargetValue</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">scaleMemoryTarget</span><span class="p">.</span><span class="nx">percent</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h3> Where to start with the monitoring? </h3> <p>So where do we start? We have found a monitoring library for AWS CDK that may make our lives easier perhaps, but we do not know that much about it yet.</p> <p>If we have some monitoring, we want to see how our solution is doing, based on some kind of metrics, and we may want alerts when things may go bad. It would be good with some visualisation of this.</p> <p>You may already have some corporate solution you want to hook up your monitoring to, but for this article series, we are just going to stick within the AWS services. One option available to us in this case is <strong>to set up monitoring dashboards in CloudWatch</strong>.</p> <p>Thus, our infrastructure code should set up a dashboard at least, and then we have to sort out what we may want to put on that dashboard and how.</p> <p><em>Let us explore that! **We will start by writing a test</em><em>.</em></p> <h3> Add monitoring foundation </h3> <p>Our initial idea here is that if we should add monitoring to our solution, we should also have at least one dashboard that can visualize information for us. We may change our minds later about this, but it is a starting point.</p> <p>For this purpose, we will create a file to include tests for our monitoring - <code>test/monitoring.test.ts</code>. We add a test for a function called <strong>initMonitoring</strong>, which we can apply to our stack, and provide a configuration input. This should return data or handle that we can use for handling the monitoring we want to add. At the very least, we should have an empty CloudWatch dashboard set up. It seems appropriate to include the dashboard name then in the config.</p> <p>How do we know if we will have a dashboard? The documentation for <strong>cdk-monitoring-constructs</strong> is not entirely clear from initial view, but it seems it may add a dashboard implicitly. If we look at the CloudFormation documentation, we also see that there is an <strong>AWS::CloudWatch::Dashboard</strong> resource.</p> <p>So our test can make a call to an <em>initMonitoring</em> function and this should cause that a CloudWatch dashboard being added to the generated CloudFormation. Let us also now initially log what the generated CloudFormation will look like to see what we actually get.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Template</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/assertions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">initMonitoring</span><span class="p">,</span> <span class="nx">MonitoringConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/monitoring</span><span class="dl">'</span><span class="p">;</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Init monitoring of stack, with only defaults</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="na">monitoringConfig</span><span class="p">:</span> <span class="nx">MonitoringConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dashboardName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">test-monitoring</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">monitoring</span> <span class="o">=</span> <span class="nf">initMonitoring</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="nx">monitoringConfig</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">template</span><span class="p">.</span><span class="nf">toJSON</span><span class="p">(),</span> <span class="kc">null</span><span class="p">,</span> <span class="mi">2</span><span class="p">));</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::CloudWatch::Dashboard</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::CloudWatch::Dashboard</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">DashboardName</span><span class="p">:</span> <span class="nx">monitoringConfig</span><span class="p">.</span><span class="nx">dashboardName</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>For implementing <em>initMonitoring</em>, we can try to use the <strong>MonitoringFacade</strong> from cdk-monitoring-constructs. The function can simply return a structure which includes the MonitoringFacade object, which seems suitable for our purposes.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">MonitoringFacade</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cdk-monitoring-constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">MonitoringConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">dashboardName</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">MonitoringContext</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">handler</span><span class="p">:</span> <span class="nx">MonitoringFacade</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">initMonitoring</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">config</span><span class="p">:</span> <span class="nx">MonitoringConfig</span><span class="p">):</span> <span class="nx">MonitoringContext</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">handler</span><span class="p">:</span> <span class="k">new</span> <span class="nc">MonitoringFacade</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">config</span><span class="p">.</span><span class="nx">dashboardName</span><span class="p">),</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Running the test now when the code compiles, we can see both from our test and the log output, that our guess was correct, <em>there will be a dashboard created when we create the MonitoringFacade</em>!</p> <p>We can add a call in our main program also to initialize the monitoring. The docs for the monitoring library also show that we can add header info to the dashboard, so we can include that as well.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">monitoring</span> <span class="o">=</span> <span class="nf">initMonitoring</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="p">{</span> <span class="na">dashboardName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">monitoring</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="nx">monitoring</span><span class="p">.</span><span class="nx">handler</span><span class="p">.</span><span class="nf">addMediumHeader</span><span class="p">(</span><span class="dl">'</span><span class="s1">Test App monitoring</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>You can deploy the updated AWS CDK code if you want and verify that there will be an actual dashboard created. It would not contain anything, though.</p> <h3> Add monitoring of actual resources </h3> <p>Our next step is to add some actual monitoring of resources. We can look at what <strong>cdk-monitoring-constructs</strong> provides for us. From the documentation, we can see that are many functions available from the <em>MonitoringFacade</em>, that start with <strong>monitor</strong> in the name and refer to different resources.</p> <p>Since our solution sets up a Fargate Service in an ECS cluster with an application load balancer in front of the containers we run, the functions <strong>monitorFargateApplicationLoadBalancer</strong> and <strong>monitorFargateService</strong> seems relevant in this case. There is also a more generic <strong>monitorScope</strong>, which could also apply. Reading the somewhat sparse docs a bit more, <em>monitorFargateService</em> may be more appropriate if you use the AWS CDK <strong>ApplicationLoadBalancedFargateService</strong>, which is what we use in our solution.</p> <p>So let us add monitoring using this function! There is only one required property for configuring monitoring, which is the <em>ApplicationLoadBalancedFargateService</em> object we have created. An optional field we may want to add also is the <strong>humanReadableName</strong> property as well.</p> <p>After we add this call to our code, we can deploy the solution and see what we get.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addLoadBalancedService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`service-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="mi">80</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> <span class="nf">setServiceScaling</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">service</span><span class="p">,</span> <span class="p">{</span> <span class="na">minCount</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maxCount</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span> <span class="na">scaleCpuTarget</span><span class="p">:</span> <span class="p">{</span> <span class="na">percent</span><span class="p">:</span> <span class="mi">50</span> <span class="p">},</span> <span class="na">scaleMemoryTarget</span><span class="p">:</span> <span class="p">{</span> <span class="na">percent</span><span class="p">:</span> <span class="mi">70</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">monitoring</span> <span class="o">=</span> <span class="nf">initMonitoring</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="p">{</span> <span class="na">dashboardName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">monitoring</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="nx">monitoring</span><span class="p">.</span><span class="nx">handler</span><span class="p">.</span><span class="nf">addMediumHeader</span><span class="p">(</span><span class="dl">'</span><span class="s1">Test App monitoring</span><span class="dl">'</span><span class="p">);</span> <span class="nx">monitoring</span><span class="p">.</span><span class="nx">handler</span><span class="p">.</span><span class="nf">monitorFargateService</span><span class="p">({</span> <span class="na">fargateService</span><span class="p">:</span> <span class="nx">service</span><span class="p">,</span> <span class="na">humanReadableName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">My test service</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>After deployment, we can check out in CloudWatch to see what has been added.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2ry7itwdxhyipo8cwedr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2ry7itwdxhyipo8cwedr.png" alt="Monitoring dashboard" width="800" height="227"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fonf6pesxobso8shh6am1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fonf6pesxobso8shh6am1.png" alt="Monitoring dashboard" width="800" height="293"></a></p> <p>We have a few widgets here for CPU and memory, TCP traffic and task health. That is a good start! The task health view actually shows a property of our configuration. We have set the desired task count for our service to 2, but we have also set up our auto-scaling to have a minimum task count of 1 and a maximum of 4. So the service initially started with 2 tasks running and then scaled down to a single task.</p> <p><strong>Note</strong>: <em>I also tried to use the **monitorFargateApplicationLoadBalancer</em>* function, and the result was the same dashboard. The difference was the parameters that you were required to provide in the call*.</p> <h3> Setting up alarms - what do we need? </h3> <p>Now that we have some visuals in dashboard for our monitoring, let us try to set up some kind of alarm as well. For easy testing, let us set some alarm on the number of tasks running in our solution.</p> <p>Reading the docs for <em>cdk-monitoring-constructs</em>, there is an option for us to add an alarm for <strong>running task count</strong>, e.g. if the number of running tasks go below a certain threshold for some time.</p> <p>Reading through the docs, one can see that for this type of alarm to work, we need to enable <strong>container insights</strong> on the ECS Cluster. By default, this is disabled. The aws-ecs Cluster construct in AWS CDK allows us to set this properly, but does not allow us to check the state on the created cluster. This means that in order to test this, we need to check the generated CloudFormation.</p> <p>Also, if we set an alarm, we need to send a notification about the alarm somewhere. One common approach is to send notifications on an <em>SNS topic</em>. Thus, we need to make sure we have an SNS topic that alarms will go to.</p> <p>So we have 3 things to develop here that we can immediately think of:</p> <ul> <li><p>The running task alarm itself</p></li> <li><p>The SNS topic to send alarms to</p></li> <li><p>Enabling container insights on the ECS Cluster</p></li> </ul> <p>Container insights should be in place before the alarm itself, so let us start there. The SNS topic does not have to be in place before the alarm, since notification is optional and SNS is not the only way to send notifications.</p> <h3> Enabling container insights </h3> <p>Let us start by adding a new test for creating an ECS cluster. Right now we have the <strong>addCluster</strong> function, which we pass in a construct scope, and id and a VPC. If we are going to pass in more properties to this function, we can add more function parameters. We can also use the same pattern as CDK constructs and pass in a set of properties as a single parameter.</p> <p>I like the latter better, because it becomes more clear what each input is with named properties - at least in Typescript.</p> <p>So let us refactor the current <strong>addCluster</strong> function to pass in a set of properties as a single parameter, and then add a new property to enable <em>container insights</em>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kr">interface</span> <span class="nx">ClusterConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">enableContainerInsights</span><span class="p">?:</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addCluster</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">config</span><span class="p">:</span> <span class="nx">ClusterConfig</span><span class="p">):</span> <span class="nx">Cluster</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Cluster</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="na">vpc</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">vpc</span><span class="p">,</span> <span class="na">containerInsights</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">enableContainerInsights</span> <span class="o">??</span> <span class="kc">false</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>In our new test to check the container insights checking, we test the generated CloudFormation for the setting.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Check that container insights will be enabled when that option is set</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="na">config</span><span class="p">:</span> <span class="nx">ClusterConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="na">enableContainerInsights</span><span class="p">:</span> <span class="kc">true</span> <span class="p">};</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="nx">config</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Cluster</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">ClusterSettings</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectEquals</span><span class="p">({</span> <span class="na">Name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">containerInsights</span><span class="dl">'</span><span class="p">,</span> <span class="na">Value</span><span class="p">:</span> <span class="dl">'</span><span class="s1">enabled</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">]),</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>We can re-deploy the cluster with the new setting if we want.</p> <h3> Adding an alarm </h3> <p>Next step is to add an alarm. Here, the logic lives with the <strong>cdk-monitoring-constructs</strong> library itself. <em>So there is not much point in making sure the alarm is there, if we are just using the functions in the library itself.</em></p> <p>The alarm to set up for testing this feature will be <em>to trigger an alarm if the number of running tasks is less than 2 for 10 minutes or more</em>.</p> <p>The alarm configuration will use 5-minute periods and trigger an alarm if 2 evaluation periods have passed and 2 data points fulfill the condition for the alarm. Why not just a single 10-minute period? The reason here is that sometimes data may be delayed or simply missing in CloudWatch. <em>To avoid false positives, we set the evaluation to include multiple periods and data points.</em></p> <p>We can provide alarm information in our call to <strong>monitorFargateService</strong>, which we set up for an alarm if the number of tasks go below 2. We know this will happen since our minimal task count in the auto-scaling is set to 1.</p> <p>We add the alarm to our code and redeploy to see what the effect is on our monitoring deployment. The dashboard has an update, and there is a new alarm in place. We can see that the alarm has no action associated with it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">monitoring</span><span class="p">.</span><span class="nx">handler</span><span class="p">.</span><span class="nf">addMediumHeader</span><span class="p">(</span><span class="dl">'</span><span class="s1">Test App monitoring</span><span class="dl">'</span><span class="p">);</span> <span class="nx">monitoring</span><span class="p">.</span><span class="nx">handler</span><span class="p">.</span><span class="nf">monitorFargateService</span><span class="p">({</span> <span class="na">fargateService</span><span class="p">:</span> <span class="nx">service</span><span class="p">,</span> <span class="na">humanReadableName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">My test service</span><span class="dl">'</span><span class="p">,</span> <span class="na">addRunningTaskCountAlarm</span><span class="p">:</span> <span class="p">{</span> <span class="na">alarm1</span><span class="p">:</span> <span class="p">{</span> <span class="na">maxRunningTasks</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">comparisonOperatorOverride</span><span class="p">:</span> <span class="nx">ComparisonOperator</span><span class="p">.</span><span class="nx">LESS_THAN_THRESHOLD</span><span class="p">,</span> <span class="na">evaluationPeriods</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">datapointsToAlarm</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">period</span><span class="p">:</span> <span class="nx">Duration</span><span class="p">.</span><span class="nf">minutes</span><span class="p">(</span><span class="mi">5</span><span class="p">),</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>Thus, the next step for us is to associate the alarm with an SNS topic.</p> <h3> Add an alarm notification topic </h3> <p>Our next consideration is how this SNS topic should be added, and how to test that.</p> <p>We can add an alarm action for each alarm we define, which includes an SNS topic. However, it may be cumbersome to add this for every single alarm we define - especially if we decide to use the same topic for all or most alarms.</p> <p>Fortunately, <strong>cdk-monitoring-constructs</strong> allows us to define <em>a default action for alarms</em>, when we create the <em>MonitoringFacade</em>. In that way, we can define the topic once only, and in one place.</p> <p>Let us add an optional property to the configuration passed to <strong>initMonitoring</strong>, which is an SNS topic construct, and set that up as the default action. We can refactor this function to include a topic that will be set as a default action.</p> <p>But how do we test this? Unfortunately, there is not any easy test, since we cannot directly extract that information from the created MonitoringFacade object. We essentially would need to create an alarm on some resource that we also created and then examine the created alarm if it has an action which includes the default SNS topic we have set. To do this, we would also need to examine the generated CloudFormation to see the details there.</p> <p>Technically, we can certainly build such a test to check that this is generated properly. But then we also would mainly test the <strong>cdk-monitoring-constructs</strong> library, and not that much of our own code. That is wasteful. And possibly also brittle, since we cannot be 100% sure that our test code would work if the underlying implementation changed.</p> <p>So we will relax on the test coverage here a bit for now.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Init monitoring of stack, with SNS topic for alarms</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span><span class="nx">vpc</span><span class="p">});</span> <span class="kd">const</span> <span class="nx">alarmTopic</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Topic</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">alarm-topic</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">dashboardName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test-monitoring</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">monitoringConfig</span><span class="p">:</span> <span class="nx">MonitoringConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">dashboardName</span><span class="p">,</span> <span class="na">defaultAlarmTopic</span><span class="p">:</span> <span class="nx">alarmTopic</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">monitoring</span> <span class="o">=</span> <span class="nf">initMonitoring</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="nx">monitoringConfig</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">monitoring</span><span class="p">.</span><span class="nx">defaultAlarmTopic</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">alarmTopic</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <h3> Add an alarm notification </h3> <p>We can deploy the infrastructure updates and see that we have alarm information in place as well now, which has an action to send to our SNS topic.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">alarmTopic</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Topic</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">alarm-topic</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">displayName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Alarm topic</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">monitoring</span> <span class="o">=</span> <span class="nf">initMonitoring</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="p">{</span> <span class="na">dashboardName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">monitoring</span><span class="dl">'</span><span class="p">,</span> <span class="na">defaultAlarmTopic</span><span class="p">:</span> <span class="nx">alarmTopic</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>If you want to check that the notification is sent via SNS, you can add an email subscriber to the topic and check that way.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">alarmEmail</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">hello@example.com</span><span class="dl">'</span><span class="p">;</span> <span class="nx">alarmTopic</span><span class="p">.</span><span class="nf">addSubscription</span><span class="p">(</span><span class="k">new</span> <span class="nc">EmailSubscription</span><span class="p">(</span><span class="nx">alarmEmail</span><span class="p">));</span> </code></pre> </div> <h3> Alarm severity and category </h3> <p>When we send the alarm to SNS, we have nothing right now to show the severity of the alarm, nor any categorization of the alarm beside the name of the alarm.</p> <p>This is often handled by external solutions. It is also possible to use AWS services for this, like AWS Systems Manager OpsCenter. We can add some code to include sending alarm info to OpsCenter also, besides the SNS topic, with an override on the default alarm strategy on our alarm.</p> <p>Deploying this code will allow the alarm to be visible at the OpsCenter dashboard as well!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">alarmActions</span><span class="p">:</span> <span class="nx">IAlarmActionStrategy</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[</span> <span class="k">new</span> <span class="nc">OpsItemAlarmActionStrategy</span><span class="p">(</span><span class="nx">OpsItemSeverity</span><span class="p">.</span><span class="nx">MEDIUM</span><span class="p">,</span> <span class="nx">OpsItemCategory</span><span class="p">.</span><span class="nx">PERFORMANCE</span><span class="p">),</span> <span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="nx">monitoring</span><span class="p">.</span><span class="nx">defaultAlarmTopic</span><span class="p">)</span> <span class="p">{</span> <span class="nx">alarmActions</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="k">new</span> <span class="nc">SnsAlarmActionStrategy</span><span class="p">({</span> <span class="na">onAlarmTopic</span><span class="p">:</span> <span class="nx">monitoring</span><span class="p">.</span><span class="nx">defaultAlarmTopic</span><span class="p">,</span> <span class="na">onOkTopic</span><span class="p">:</span> <span class="nx">monitoring</span><span class="p">.</span><span class="nx">defaultAlarmTopic</span><span class="p">,</span> <span class="p">}));</span> <span class="p">}</span> <span class="nx">monitoring</span><span class="p">.</span><span class="nx">handler</span><span class="p">.</span><span class="nf">addMediumHeader</span><span class="p">(</span><span class="dl">'</span><span class="s1">Test App monitoring</span><span class="dl">'</span><span class="p">);</span> <span class="nx">monitoring</span><span class="p">.</span><span class="nx">handler</span><span class="p">.</span><span class="nf">monitorFargateService</span><span class="p">({</span> <span class="na">fargateService</span><span class="p">:</span> <span class="nx">service</span><span class="p">,</span> <span class="na">humanReadableName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">My test service</span><span class="dl">'</span><span class="p">,</span> <span class="na">addRunningTaskCountAlarm</span><span class="p">:</span> <span class="p">{</span> <span class="na">alarm1</span><span class="p">:</span> <span class="p">{</span> <span class="na">maxRunningTasks</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">comparisonOperatorOverride</span><span class="p">:</span> <span class="nx">ComparisonOperator</span><span class="p">.</span><span class="nx">LESS_THAN_THRESHOLD</span><span class="p">,</span> <span class="na">evaluationPeriods</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">datapointsToAlarm</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">period</span><span class="p">:</span> <span class="nx">Duration</span><span class="p">.</span><span class="nf">minutes</span><span class="p">(</span><span class="mi">5</span><span class="p">),</span> <span class="na">actionOverride</span><span class="p">:</span> <span class="k">new</span> <span class="nc">MultipleAlarmActionStrategy</span><span class="p">(</span><span class="nx">alarmActions</span><span class="p">),</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8dq4h9qoamkn7kj14iss.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8dq4h9qoamkn7kj14iss.png" alt="Monitoring alarm view 1" width="800" height="267"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8c1vgqfl1u3602pw8uyj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8c1vgqfl1u3602pw8uyj.png" alt="Monitoring alarm view 2" width="800" height="384"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frjx89voy4kfs0t3492xm.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frjx89voy4kfs0t3492xm.png" alt="Monitoring alarm view 3" width="800" height="448"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz2p8prk0ixdp8bjmlw7a.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz2p8prk0ixdp8bjmlw7a.png" alt="Monitoring alarm view 4" width="800" height="323"></a></p> <h2> Summary and final words </h2> <p>In this article, we took an add-on library for AWS CDK to facilitate monitoring of our solution infrastructure. With that, we set up a dashboard with a few widgets for monitoring visualisation.</p> <p>We also added an alarm with notification via SNS topic and to AWS Systems Manager OpsCenter.</p> <p>We have kept the solution small and simple in this article series, and kept all infrastructure in the same stack. In a real-world setting, we may have multiple stacks, each dedicated to a specific group of resources.</p> <p>We would also likely add some automation for the provisioning of the infrastructure. This is, however, beyond this article series.</p> <p>This is the final part of this article series. However, it is not the end of this material. It will be refactored into a new form and with more material to come.</p> <p>I hope you have enjoyed this article series, and it has provided some value to you. If it has, I would be happy to know more! If it has not, I would be happy to know about that as well! We need feedback to improve.</p> <p>Thank you for your time!</p> <p>/Erik</p> <h2> Appendix: Code re-cap </h2> <p>Our final code will now look like this:</p> <h4> bin/my-container-infrastructure.ts </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">Duration</span><span class="p">,</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ComparisonOperator</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-cloudwatch</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">OpsItemCategory</span><span class="p">,</span> <span class="nx">OpsItemSeverity</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-cloudwatch-actions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">IVpc</span><span class="p">,</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Topic</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-sns</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">EmailSubscription</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-sns-subscriptions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">IAlarmActionStrategy</span><span class="p">,</span> <span class="nx">MultipleAlarmActionStrategy</span><span class="p">,</span> <span class="nx">OpsItemAlarmActionStrategy</span><span class="p">,</span> <span class="nx">SnsAlarmActionStrategy</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cdk-monitoring-constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">addCluster</span><span class="p">,</span> <span class="nx">addLoadBalancedService</span><span class="p">,</span> <span class="nx">addTaskDefinitionWithContainer</span><span class="p">,</span> <span class="nx">ClusterConfig</span><span class="p">,</span> <span class="nx">ContainerConfig</span><span class="p">,</span> <span class="nx">setServiceScaling</span><span class="p">,</span> <span class="nx">TaskConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/containers/container-management</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">initMonitoring</span><span class="p">,</span> <span class="nx">MonitoringConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/monitoring</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">my-container-infrastructure</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">env</span><span class="p">:</span> <span class="p">{</span> <span class="na">account</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_ACCOUNT</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_REGION</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">let</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">vpcName</span> <span class="o">=</span> <span class="nx">app</span><span class="p">.</span><span class="nx">node</span><span class="p">.</span><span class="nf">tryGetContext</span><span class="p">(</span><span class="dl">'</span><span class="s1">vpcname</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">vpcName</span><span class="p">)</span> <span class="p">{</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="nx">Vpc</span><span class="p">.</span><span class="nf">fromLookup</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpcName</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">vpcName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">my-vpc</span><span class="dl">'</span><span class="p">,</span> <span class="na">natGateways</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maxAzs</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">id</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">my-test-cluster</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">clusterConfig</span><span class="p">:</span> <span class="nx">ClusterConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="na">enableContainerInsights</span><span class="p">:</span> <span class="kc">true</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">clusterConfig</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="mi">512</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="mi">1024</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="dl">'</span><span class="s1">webserver</span><span class="dl">'</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">,</span> <span class="na">tcpPorts</span><span class="p">:</span> <span class="p">[</span><span class="mi">80</span><span class="p">]</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`taskdef-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addLoadBalancedService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`service-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="mi">80</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> <span class="nf">setServiceScaling</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">service</span><span class="p">,</span> <span class="p">{</span> <span class="na">minCount</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maxCount</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span> <span class="na">scaleCpuTarget</span><span class="p">:</span> <span class="p">{</span> <span class="na">percent</span><span class="p">:</span> <span class="mi">50</span> <span class="p">},</span> <span class="na">scaleMemoryTarget</span><span class="p">:</span> <span class="p">{</span> <span class="na">percent</span><span class="p">:</span> <span class="mi">70</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">alarmTopic</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Topic</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">alarm-topic</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">displayName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Alarm topic</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">monitoring</span> <span class="o">=</span> <span class="nf">initMonitoring</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="p">{</span> <span class="na">dashboardName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">monitoring</span><span class="dl">'</span><span class="p">,</span> <span class="na">defaultAlarmTopic</span><span class="p">:</span> <span class="nx">alarmTopic</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">alarmActions</span><span class="p">:</span> <span class="nx">IAlarmActionStrategy</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[</span> <span class="k">new</span> <span class="nc">OpsItemAlarmActionStrategy</span><span class="p">(</span><span class="nx">OpsItemSeverity</span><span class="p">.</span><span class="nx">MEDIUM</span><span class="p">,</span> <span class="nx">OpsItemCategory</span><span class="p">.</span><span class="nx">PERFORMANCE</span><span class="p">),</span> <span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="nx">monitoring</span><span class="p">.</span><span class="nx">defaultAlarmTopic</span><span class="p">)</span> <span class="p">{</span> <span class="nx">alarmActions</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="k">new</span> <span class="nc">SnsAlarmActionStrategy</span><span class="p">({</span> <span class="na">onAlarmTopic</span><span class="p">:</span> <span class="nx">monitoring</span><span class="p">.</span><span class="nx">defaultAlarmTopic</span><span class="p">,</span> <span class="na">onOkTopic</span><span class="p">:</span> <span class="nx">monitoring</span><span class="p">.</span><span class="nx">defaultAlarmTopic</span><span class="p">,</span> <span class="p">}));</span> <span class="p">}</span> <span class="nx">monitoring</span><span class="p">.</span><span class="nx">handler</span><span class="p">.</span><span class="nf">addMediumHeader</span><span class="p">(</span><span class="dl">'</span><span class="s1">Test App monitoring</span><span class="dl">'</span><span class="p">);</span> <span class="nx">monitoring</span><span class="p">.</span><span class="nx">handler</span><span class="p">.</span><span class="nf">monitorFargateService</span><span class="p">({</span> <span class="na">fargateService</span><span class="p">:</span> <span class="nx">service</span><span class="p">,</span> <span class="na">humanReadableName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">My test service</span><span class="dl">'</span><span class="p">,</span> <span class="na">addRunningTaskCountAlarm</span><span class="p">:</span> <span class="p">{</span> <span class="na">alarm1</span><span class="p">:</span> <span class="p">{</span> <span class="na">maxRunningTasks</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">comparisonOperatorOverride</span><span class="p">:</span> <span class="nx">ComparisonOperator</span><span class="p">.</span><span class="nx">LESS_THAN_THRESHOLD</span><span class="p">,</span> <span class="na">evaluationPeriods</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">datapointsToAlarm</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">period</span><span class="p">:</span> <span class="nx">Duration</span><span class="p">.</span><span class="nf">minutes</span><span class="p">(</span><span class="mi">5</span><span class="p">),</span> <span class="na">actionOverride</span><span class="p">:</span> <span class="k">new</span> <span class="nc">MultipleAlarmActionStrategy</span><span class="p">(</span><span class="nx">alarmActions</span><span class="p">),</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">alarmEmail</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">hello@example.com</span><span class="dl">'</span><span class="p">;</span> <span class="nx">alarmTopic</span><span class="p">.</span><span class="nf">addSubscription</span><span class="p">(</span><span class="k">new</span> <span class="nc">EmailSubscription</span><span class="p">(</span><span class="nx">alarmEmail</span><span class="p">));</span> </code></pre> </div> <h4> lib/containers/container-management.ts </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">CfnOutput</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">IVpc</span><span class="p">,</span> <span class="nx">Peer</span><span class="p">,</span> <span class="nx">Port</span><span class="p">,</span> <span class="nx">SecurityGroup</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">ContainerImage</span><span class="p">,</span> <span class="nx">FargateService</span><span class="p">,</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">LogDriver</span><span class="p">,</span> <span class="nx">IService</span><span class="p">,</span> <span class="nx">TaskDefinition</span><span class="p">,</span> <span class="nx">Protocol</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ecs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ApplicationLoadBalancedFargateService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ecs-patterns</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">RetentionDays</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-logs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ClusterConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">enableContainerInsights</span><span class="p">?:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addCluster</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">config</span><span class="p">:</span> <span class="nx">ClusterConfig</span><span class="p">):</span> <span class="nx">Cluster</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Cluster</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="na">vpc</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">vpc</span><span class="p">,</span> <span class="na">containerInsights</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">enableContainerInsights</span> <span class="o">??</span> <span class="kc">false</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">TaskConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">cpu</span><span class="p">:</span> <span class="mi">256</span> <span class="o">|</span> <span class="mi">512</span> <span class="o">|</span> <span class="mi">1024</span> <span class="o">|</span> <span class="mi">2048</span> <span class="o">|</span> <span class="mi">4096</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">memoryLimitMB</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">family</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ContainerConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">dockerHubImage</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">tcpPorts</span><span class="p">:</span> <span class="kr">number</span><span class="p">[];</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addTaskDefinitionWithContainer</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span><span class="p">):</span> <span class="nx">TaskDefinition</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateTaskDefinition</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">cpu</span><span class="p">,</span> <span class="na">memoryLimitMiB</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">memoryLimitMB</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">image</span> <span class="o">=</span> <span class="nx">ContainerImage</span><span class="p">.</span><span class="nf">fromRegistry</span><span class="p">(</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">logdriver</span> <span class="o">=</span> <span class="nx">LogDriver</span><span class="p">.</span><span class="nf">awsLogs</span><span class="p">({</span> <span class="na">streamPrefix</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="na">logRetention</span><span class="p">:</span> <span class="nx">RetentionDays</span><span class="p">.</span><span class="nx">ONE_DAY</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">containerDef</span> <span class="o">=</span> <span class="nx">taskdef</span><span class="p">.</span><span class="nf">addContainer</span><span class="p">(</span><span class="s2">`container-</span><span class="p">${</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="nx">image</span><span class="p">,</span> <span class="na">logging</span><span class="p">:</span> <span class="nx">logdriver</span> <span class="p">});</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">port</span> <span class="k">of</span> <span class="nx">containerConfig</span><span class="p">.</span><span class="nx">tcpPorts</span><span class="p">)</span> <span class="p">{</span> <span class="nx">containerDef</span><span class="p">.</span><span class="nf">addPortMappings</span><span class="p">({</span> <span class="na">containerPort</span><span class="p">:</span> <span class="nx">port</span><span class="p">,</span> <span class="na">protocol</span><span class="p">:</span> <span class="nx">Protocol</span><span class="p">.</span><span class="nx">TCP</span> <span class="p">});</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">taskdef</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addLoadBalancedService</span> <span class="o">=</span> <span class="nf">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">:</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">taskDef</span><span class="p">:</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">port</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">publicEndpoint</span><span class="p">?:</span> <span class="nx">boolean</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">?:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">ApplicationLoadBalancedFargateService</span> <span class="p">{</span> <span class="c1">// const sg = new SecurityGroup(scope, `${id}-security-group`, {</span> <span class="c1">// description: `Security group for service ${serviceName ?? ''}`,</span> <span class="c1">// vpc: cluster.vpc,</span> <span class="c1">// });</span> <span class="c1">// sg.addIngressRule(Peer.anyIpv4(), Port.tcp(port));</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ApplicationLoadBalancedFargateService</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">cluster</span><span class="p">,</span> <span class="na">taskDefinition</span><span class="p">:</span> <span class="nx">taskDef</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">,</span> <span class="c1">//securityGroups: [sg],</span> <span class="na">circuitBreaker</span><span class="p">:</span> <span class="p">{</span> <span class="na">rollback</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="na">publicLoadBalancer</span><span class="p">:</span> <span class="nx">publicEndpoint</span><span class="p">,</span> <span class="na">listenerPort</span><span class="p">:</span> <span class="nx">port</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">service</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ScalingThreshold</span> <span class="p">{</span> <span class="nl">percent</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ServiceScalingConfig</span> <span class="p">{</span> <span class="nl">minCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">maxCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">scaleCpuTarget</span><span class="p">:</span> <span class="nx">ScalingThreshold</span><span class="p">;</span> <span class="nl">scaleMemoryTarget</span><span class="p">:</span> <span class="nx">ScalingThreshold</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">setServiceScaling</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">service</span><span class="p">:</span> <span class="nx">FargateService</span><span class="p">,</span> <span class="nx">config</span><span class="p">:</span> <span class="nx">ServiceScalingConfig</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">scaling</span> <span class="o">=</span> <span class="nx">service</span><span class="p">.</span><span class="nf">autoScaleTaskCount</span><span class="p">({</span> <span class="na">maxCapacity</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">maxCount</span><span class="p">,</span> <span class="na">minCapacity</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">minCount</span><span class="p">,</span> <span class="p">});</span> <span class="nx">scaling</span><span class="p">.</span><span class="nf">scaleOnCpuUtilization</span><span class="p">(</span><span class="dl">'</span><span class="s1">CpuScaling</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">targetUtilizationPercent</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">scaleCpuTarget</span><span class="p">.</span><span class="nx">percent</span><span class="p">,</span> <span class="p">});</span> <span class="nx">scaling</span><span class="p">.</span><span class="nf">scaleOnMemoryUtilization</span><span class="p">(</span><span class="dl">'</span><span class="s1">MemoryScaling</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">targetUtilizationPercent</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">scaleMemoryTarget</span><span class="p">.</span><span class="nx">percent</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h4> lib/monitoring/index.ts </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">IAlarmActionStrategy</span><span class="p">,</span> <span class="nx">MonitoringFacade</span><span class="p">,</span> <span class="nx">NoopAlarmActionStrategy</span><span class="p">,</span> <span class="nx">SnsAlarmActionStrategy</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cdk-monitoring-constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ITopic</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-sns</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">MonitoringConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">dashboardName</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">defaultAlarmNamePrefix</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">defaultAlarmTopic</span><span class="p">?:</span> <span class="nx">ITopic</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">MonitoringContext</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">handler</span><span class="p">:</span> <span class="nx">MonitoringFacade</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">defaultAlarmTopic</span><span class="p">?:</span> <span class="nx">ITopic</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">defaultAlarmNamePrefix</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">initMonitoring</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">config</span><span class="p">:</span> <span class="nx">MonitoringConfig</span><span class="p">):</span> <span class="nx">MonitoringContext</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">snsAlarmStrategy</span><span class="p">:</span> <span class="nx">IAlarmActionStrategy</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">NoopAlarmActionStrategy</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">config</span><span class="p">.</span><span class="nx">defaultAlarmTopic</span><span class="p">)</span> <span class="p">{</span> <span class="nx">snsAlarmStrategy</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SnsAlarmActionStrategy</span><span class="p">({</span> <span class="na">onAlarmTopic</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">defaultAlarmTopic</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">defaultAlarmNamePrefix</span> <span class="o">=</span> <span class="nx">config</span><span class="p">.</span><span class="nx">defaultAlarmNamePrefix</span> <span class="o">??</span> <span class="nx">config</span><span class="p">.</span><span class="nx">dashboardName</span><span class="p">;</span> <span class="k">return</span> <span class="p">{</span> <span class="na">handler</span><span class="p">:</span> <span class="k">new</span> <span class="nc">MonitoringFacade</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">config</span><span class="p">.</span><span class="nx">dashboardName</span><span class="p">,</span> <span class="p">{</span> <span class="na">alarmFactoryDefaults</span><span class="p">:</span> <span class="p">{</span> <span class="na">actionsEnabled</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">action</span><span class="p">:</span> <span class="nx">snsAlarmStrategy</span><span class="p">,</span> <span class="na">alarmNamePrefix</span><span class="p">:</span> <span class="nx">defaultAlarmNamePrefix</span><span class="p">,</span> <span class="p">},</span> <span class="p">}),</span> <span class="na">defaultAlarmTopic</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">defaultAlarmTopic</span><span class="p">,</span> <span class="nx">defaultAlarmNamePrefix</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h4> test/containers/container-management.test.ts </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Capture</span><span class="p">,</span> <span class="nx">Match</span><span class="p">,</span> <span class="nx">Template</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/assertions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">addCluster</span><span class="p">,</span> <span class="nx">addLoadBalancedService</span><span class="p">,</span> <span class="nx">addTaskDefinitionWithContainer</span><span class="p">,</span> <span class="nx">ClusterConfig</span><span class="p">,</span> <span class="nx">ContainerConfig</span><span class="p">,</span> <span class="nx">setServiceScaling</span><span class="p">,</span> <span class="nx">TaskConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../../lib/containers/container-management</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">TaskDefinition</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ecs</span><span class="dl">'</span><span class="p">;</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">ECS cluster is defined with existing vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span><span class="nx">vpc</span><span class="p">});</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Cluster</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">cluster</span><span class="p">.</span><span class="nx">vpc</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">vpc</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Check that container insights will be enabled when that option is set</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="na">config</span><span class="p">:</span> <span class="nx">ClusterConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="na">enableContainerInsights</span><span class="p">:</span> <span class="kc">true</span> <span class="p">};</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="nx">config</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Cluster</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">ClusterSettings</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectEquals</span><span class="p">({</span> <span class="na">Name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">containerInsights</span><span class="dl">'</span><span class="p">,</span> <span class="na">Value</span><span class="p">:</span> <span class="dl">'</span><span class="s1">enabled</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">]),</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">ECS Fargate task definition defined</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span><span class="p">,</span> <span class="na">tcpPorts</span><span class="p">:</span> <span class="p">[</span><span class="mi">80</span><span class="p">]</span> <span class="p">};</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">.</span><span class="nx">isFargateCompatible</span><span class="p">).</span><span class="nf">toBeTruthy</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">stack</span><span class="p">.</span><span class="nx">node</span><span class="p">.</span><span class="nx">children</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">)).</span><span class="nf">toBeTruthy</span><span class="p">();</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">RequiresCompatibilities</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">FARGATE</span><span class="dl">'</span> <span class="p">],</span> <span class="na">Cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">.</span><span class="nf">toString</span><span class="p">(),</span> <span class="na">Memory</span><span class="p">:</span> <span class="nx">memval</span><span class="p">.</span><span class="nf">toString</span><span class="p">(),</span> <span class="na">Family</span><span class="p">:</span> <span class="nx">familyval</span><span class="p">,</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Container definition added to task definition</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span><span class="p">,</span> <span class="na">tcpPorts</span><span class="p">:</span> <span class="p">[</span><span class="mi">80</span><span class="p">]</span> <span class="p">};</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">containerDef</span> <span class="o">=</span> <span class="nx">taskdef</span><span class="p">.</span><span class="nx">defaultContainer</span><span class="p">;</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">.</span><span class="nx">defaultContainer</span><span class="p">).</span><span class="nf">toBeDefined</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">containerDef</span><span class="p">?.</span><span class="nx">imageName</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">imageName</span><span class="p">);</span> <span class="c1">// Works from v2.11 of aws-cdk-lib</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">ContainerDefinitions</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">Image</span><span class="p">:</span> <span class="nx">imageName</span><span class="p">,</span> <span class="p">}),</span> <span class="p">]),</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">describe</span><span class="p">(</span><span class="dl">'</span><span class="s1">Test service creation options</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="na">stack</span><span class="p">:</span> <span class="nx">Stack</span><span class="p">;</span> <span class="kd">let</span> <span class="na">cluster</span><span class="p">:</span> <span class="nx">Cluster</span><span class="p">;</span> <span class="kd">let</span> <span class="na">taskdef</span><span class="p">:</span> <span class="nx">TaskDefinition</span><span class="p">;</span> <span class="nf">beforeEach</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span><span class="nx">vpc</span><span class="p">});</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span><span class="p">,</span> <span class="na">tcpPorts</span><span class="p">:</span> <span class="p">[</span><span class="mi">80</span><span class="p">]</span> <span class="p">};</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Fargate load-balanced service created, with provided mandatory properties only</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">80</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">desiredCount</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addLoadBalancedService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-service</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="nx">port</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">sgCapture</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Capture</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">cluster</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">cluster</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">taskDefinition</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Service</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Service</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">DesiredCount</span><span class="p">:</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="na">LaunchType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">FARGATE</span><span class="dl">'</span><span class="p">,</span> <span class="na">NetworkConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">AwsvpcConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">AssignPublicIp</span><span class="p">:</span> <span class="dl">'</span><span class="s1">DISABLED</span><span class="dl">'</span><span class="p">,</span> <span class="na">SecurityGroups</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span><span class="nx">sgCapture</span><span class="p">]),</span> <span class="p">}),</span> <span class="p">}),</span> <span class="p">});</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ElasticLoadBalancingV2::LoadBalancer</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ElasticLoadBalancingV2::LoadBalancer</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">Type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application</span><span class="dl">'</span><span class="p">,</span> <span class="na">Scheme</span><span class="p">:</span> <span class="dl">'</span><span class="s1">internet-facing</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="c1">//template.resourceCountIs('AWS::EC2::SecurityGroup', 1);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::EC2::SecurityGroup</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">SecurityGroupIngress</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">CidrIp</span><span class="p">:</span> <span class="dl">'</span><span class="s1">0.0.0.0/0</span><span class="dl">'</span><span class="p">,</span> <span class="na">FromPort</span><span class="p">:</span> <span class="nx">port</span><span class="p">,</span> <span class="na">IpProtocol</span><span class="p">:</span> <span class="dl">'</span><span class="s1">tcp</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">]),</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Fargate load-balanced service created, without public access</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">80</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">desiredCount</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addLoadBalancedService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-service</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="nx">port</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ElasticLoadBalancingV2::LoadBalancer</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ElasticLoadBalancingV2::LoadBalancer</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">Type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application</span><span class="dl">'</span><span class="p">,</span> <span class="na">Scheme</span><span class="p">:</span> <span class="dl">'</span><span class="s1">internal</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Scaling settings of load balancer</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">80</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">desiredCount</span> <span class="o">=</span> <span class="mi">2</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addLoadBalancedService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-service</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="nx">port</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">minCount</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maxCount</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="na">scaleCpuTarget</span><span class="p">:</span> <span class="p">{</span> <span class="na">percent</span><span class="p">:</span> <span class="mi">50</span> <span class="p">},</span> <span class="na">scaleMemoryTarget</span><span class="p">:</span> <span class="p">{</span> <span class="na">percent</span><span class="p">:</span> <span class="mi">50</span> <span class="p">},</span> <span class="p">};</span> <span class="nf">setServiceScaling</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">service</span><span class="p">,</span> <span class="nx">config</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">scaleResource</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Capture</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalableTarget</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalableTarget</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">MaxCapacity</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">maxCount</span><span class="p">,</span> <span class="na">MinCapacity</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">minCount</span><span class="p">,</span> <span class="na">ResourceId</span><span class="p">:</span> <span class="nx">scaleResource</span><span class="p">,</span> <span class="na">ScalableDimension</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ecs:service:DesiredCount</span><span class="dl">'</span><span class="p">,</span> <span class="na">ServiceNamespace</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ecs</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalingPolicy</span><span class="dl">'</span><span class="p">,</span> <span class="mi">2</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalingPolicy</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">PolicyType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">TargetTrackingScaling</span><span class="dl">'</span><span class="p">,</span> <span class="na">TargetTrackingScalingPolicyConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">PredefinedMetricSpecification</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectEquals</span><span class="p">({</span> <span class="na">PredefinedMetricType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ECSServiceAverageCPUUtilization</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="na">TargetValue</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">scaleCpuTarget</span><span class="p">.</span><span class="nx">percent</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalingPolicy</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">PolicyType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">TargetTrackingScaling</span><span class="dl">'</span><span class="p">,</span> <span class="na">TargetTrackingScalingPolicyConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">PredefinedMetricSpecification</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectEquals</span><span class="p">({</span> <span class="na">PredefinedMetricType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ECSServiceAverageMemoryUtilization</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="na">TargetValue</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">scaleMemoryTarget</span><span class="p">.</span><span class="nx">percent</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h4> test/monitoring.test.ts </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Template</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/assertions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Topic</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-sns</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">initMonitoring</span><span class="p">,</span> <span class="nx">MonitoringConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/monitoring</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">addCluster</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/containers/container-management</span><span class="dl">'</span><span class="p">;</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Init monitoring of stack, with only defaults</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="na">monitoringConfig</span><span class="p">:</span> <span class="nx">MonitoringConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dashboardName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">test-monitoring</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">monitoring</span> <span class="o">=</span> <span class="nf">initMonitoring</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="nx">monitoringConfig</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="c1">//console.log(JSON.stringify(template.toJSON(), null, 2));</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::CloudWatch::Dashboard</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::CloudWatch::Dashboard</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">DashboardName</span><span class="p">:</span> <span class="nx">monitoringConfig</span><span class="p">.</span><span class="nx">dashboardName</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Init monitoring of stack, with SNS topic for alarms</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span><span class="nx">vpc</span><span class="p">});</span> <span class="kd">const</span> <span class="nx">alarmTopic</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Topic</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">alarm-topic</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">dashboardName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test-monitoring</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">monitoringConfig</span><span class="p">:</span> <span class="nx">MonitoringConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">dashboardName</span><span class="p">,</span> <span class="na">defaultAlarmTopic</span><span class="p">:</span> <span class="nx">alarmTopic</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">monitoring</span> <span class="o">=</span> <span class="nf">initMonitoring</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="nx">monitoringConfig</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">monitoring</span><span class="p">.</span><span class="nx">defaultAlarmTopic</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">alarmTopic</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">monitoring</span><span class="p">.</span><span class="nx">defaultAlarmNamePrefix</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">dashboardName</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Init monitoring of stack, with SNS topic for alarms and alarm prefix set</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span><span class="nx">vpc</span><span class="p">});</span> <span class="kd">const</span> <span class="nx">alarmTopic</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Topic</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">alarm-topic</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">dashboardName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test-monitoring</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">alarmPrefix</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">my-prefix</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">monitoringConfig</span><span class="p">:</span> <span class="nx">MonitoringConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">dashboardName</span><span class="p">,</span> <span class="na">defaultAlarmTopic</span><span class="p">:</span> <span class="nx">alarmTopic</span><span class="p">,</span> <span class="na">defaultAlarmNamePrefix</span><span class="p">:</span> <span class="nx">alarmPrefix</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">monitoring</span> <span class="o">=</span> <span class="nf">initMonitoring</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="nx">monitoringConfig</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">monitoring</span><span class="p">.</span><span class="nx">defaultAlarmTopic</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">alarmTopic</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">monitoring</span><span class="p">.</span><span class="nx">defaultAlarmNamePrefix</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">alarmPrefix</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> aws awscdk devops typescript Erik Lundevall Zara Mon, 30 May 2022 11:31:18 +0000 https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-7-hed https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-7-hed <p>In this article, we are going to expand on the service in ECS we have already defined in part 6 and make it a load-balanced service that can automatically scale out and scale in, based on load. We are going to use a test-driven design (TDD) approach to figure out what we want to do here.</p> <h2> A recap </h2> <p>First, a quick re-cap what we have done so far:</p> <ul> <li>We are using AWS CDK to define an infrastructure, using Typescript</li> <li>This infrastructure uses an existing VPC (Virtual Private Cloud - network infrastructure) </li> <li>We run a container-based solution using AWS Elastic Container Service (ECS)</li> <li>We have an ECS task definition that defines the container properties to use</li> <li>We have an ECS service definition that uses this task definition, plus a desired state description, so ECS will make sure that our solution matches that desired state. </li> </ul> <p>We can expose the container publicly and connect to the Apache web server (<em>httpd</em>) that we have used so far to test the infrastructure building blocks.</p> <p>So far, we have three code files we have worked with:</p> <ul> <li>bin/my-container-infrastructure.ts - the main program file</li> <li>lib/containers/container-management.ts - where most of our container handling logic lives</li> <li>test/containers/container-management.test.ts - The test code we have for our container management logic</li> </ul> <h2> Note about code availability </h2> <p>This article series uses Typescript as an example language. However, there are repositories with example code for multiple languages. </p> <ul> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-ts" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-ts</a></li> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-python" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-python</a></li> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-go" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-go</a></li> </ul> <p>The repositories will contain all the code examples from the articles series, implemented in different languages with the AWS CDK. You can view the code from specific parts and stages in the series by checking out the code tagged with a specific part and step in that part. See the README file in each repository for more details.</p> <p>The code (in Typescript) to this point is below here:</p> <p><strong>my-container-infrastructure.ts</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">addCluster</span><span class="p">,</span> <span class="nx">addService</span><span class="p">,</span> <span class="nx">addTaskDefinitionWithContainer</span><span class="p">,</span> <span class="nx">ContainerConfig</span><span class="p">,</span> <span class="nx">TaskConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/containers/container-management</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">my-container-infrastructure</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">env</span><span class="p">:</span> <span class="p">{</span> <span class="na">account</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_ACCOUNT</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_REGION</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="nx">Vpc</span><span class="p">.</span><span class="nf">fromLookup</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">isDefault</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">id</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">my-test-cluster</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="mi">512</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="mi">1024</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="dl">'</span><span class="s1">webserver</span><span class="dl">'</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`taskdef-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">);</span> <span class="nf">addService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`service-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="mi">80</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> </code></pre> </div> <p><strong>container-management.ts</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">IVpc</span><span class="p">,</span> <span class="nx">Peer</span><span class="p">,</span> <span class="nx">Port</span><span class="p">,</span> <span class="nx">SecurityGroup</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">ContainerImage</span><span class="p">,</span> <span class="nx">FargateService</span><span class="p">,</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">LogDriver</span><span class="p">,</span> <span class="nx">TaskDefinition</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ecs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">RetentionDays</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-logs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addCluster</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">):</span> <span class="nx">Cluster</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Cluster</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">TaskConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">cpu</span><span class="p">:</span> <span class="mi">256</span> <span class="o">|</span> <span class="mi">512</span> <span class="o">|</span> <span class="mi">1024</span> <span class="o">|</span> <span class="mi">2048</span> <span class="o">|</span> <span class="mi">4096</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">memoryLimitMB</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">family</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ContainerConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">dockerHubImage</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addTaskDefinitionWithContainer</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span><span class="p">):</span> <span class="nx">TaskDefinition</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateTaskDefinition</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">cpu</span><span class="p">,</span> <span class="na">memoryLimitMiB</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">memoryLimitMB</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">image</span> <span class="o">=</span> <span class="nx">ContainerImage</span><span class="p">.</span><span class="nf">fromRegistry</span><span class="p">(</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">logdriver</span> <span class="o">=</span> <span class="nx">LogDriver</span><span class="p">.</span><span class="nf">awsLogs</span><span class="p">({</span> <span class="na">streamPrefix</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="na">logRetention</span><span class="p">:</span> <span class="nx">RetentionDays</span><span class="p">.</span><span class="nx">ONE_DAY</span><span class="p">,</span> <span class="p">});</span> <span class="nx">taskdef</span><span class="p">.</span><span class="nf">addContainer</span><span class="p">(</span><span class="s2">`container-</span><span class="p">${</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="nx">image</span><span class="p">,</span> <span class="na">logging</span><span class="p">:</span> <span class="nx">logdriver</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">taskdef</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addService</span> <span class="o">=</span> <span class="nf">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">:</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">taskDef</span><span class="p">:</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">port</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">assignPublicIp</span><span class="p">?:</span> <span class="nx">boolean</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">?:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">FargateService</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">sg</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SecurityGroup</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="s2">`</span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">-security-group`</span><span class="p">,</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="s2">`Security group for service </span><span class="p">${</span><span class="nx">serviceName</span> <span class="o">??</span> <span class="dl">''</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">vpc</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="nx">sg</span><span class="p">.</span><span class="nf">addIngressRule</span><span class="p">(</span><span class="nx">Peer</span><span class="p">.</span><span class="nf">anyIpv4</span><span class="p">(),</span> <span class="nx">Port</span><span class="p">.</span><span class="nf">tcp</span><span class="p">(</span><span class="nx">port</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateService</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">cluster</span><span class="p">,</span> <span class="na">taskDefinition</span><span class="p">:</span> <span class="nx">taskDef</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">,</span> <span class="na">securityGroups</span><span class="p">:</span> <span class="p">[</span><span class="nx">sg</span><span class="p">],</span> <span class="na">circuitBreaker</span><span class="p">:</span> <span class="p">{</span> <span class="na">rollback</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="nx">assignPublicIp</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">service</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p><strong>container-management.test.ts</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Capture</span><span class="p">,</span> <span class="nx">Match</span><span class="p">,</span> <span class="nx">Template</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/assertions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">addCluster</span><span class="p">,</span> <span class="nx">addService</span><span class="p">,</span> <span class="nx">addTaskDefinitionWithContainer</span><span class="p">,</span> <span class="nx">ContainerConfig</span><span class="p">,</span> <span class="nx">TaskConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../../lib/containers/container-management</span><span class="dl">'</span><span class="p">;</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">ECS cluster is defined with existing vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Cluster</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">cluster</span><span class="p">.</span><span class="nx">vpc</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">vpc</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">ECS Fargate task definition defined</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span> <span class="p">};</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">.</span><span class="nx">isFargateCompatible</span><span class="p">).</span><span class="nf">toBeTruthy</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">stack</span><span class="p">.</span><span class="nx">node</span><span class="p">.</span><span class="nx">children</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">)).</span><span class="nf">toBeTruthy</span><span class="p">();</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">RequiresCompatibilities</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">FARGATE</span><span class="dl">'</span> <span class="p">],</span> <span class="na">Cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">.</span><span class="nf">toString</span><span class="p">(),</span> <span class="na">Memory</span><span class="p">:</span> <span class="nx">memval</span><span class="p">.</span><span class="nf">toString</span><span class="p">(),</span> <span class="na">Family</span><span class="p">:</span> <span class="nx">familyval</span><span class="p">,</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Fargate service created, with provided mandatory properties only</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">80</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">desiredCount</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-service</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="nx">port</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">sgCapture</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Capture</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">cluster</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">cluster</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">taskDefinition</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Service</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Service</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">DesiredCount</span><span class="p">:</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="na">LaunchType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">FARGATE</span><span class="dl">'</span><span class="p">,</span> <span class="na">NetworkConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">AwsvpcConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">AssignPublicIp</span><span class="p">:</span> <span class="dl">'</span><span class="s1">DISABLED</span><span class="dl">'</span><span class="p">,</span> <span class="na">SecurityGroups</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span><span class="nx">sgCapture</span><span class="p">]),</span> <span class="p">}),</span> <span class="p">}),</span> <span class="p">});</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::EC2::SecurityGroup</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::EC2::SecurityGroup</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">SecurityGroupIngress</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">CidrIp</span><span class="p">:</span> <span class="dl">'</span><span class="s1">0.0.0.0/0</span><span class="dl">'</span><span class="p">,</span> <span class="na">FromPort</span><span class="p">:</span> <span class="nx">port</span><span class="p">,</span> <span class="na">IpProtocol</span><span class="p">:</span> <span class="dl">'</span><span class="s1">tcp</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">]),</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Container definition added to task definition</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span> <span class="p">};</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">containerDef</span> <span class="o">=</span> <span class="nx">taskdef</span><span class="p">.</span><span class="nx">defaultContainer</span><span class="p">;</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">.</span><span class="nx">defaultContainer</span><span class="p">).</span><span class="nf">toBeDefined</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">containerDef</span><span class="p">?.</span><span class="nx">imageName</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">imageName</span><span class="p">);</span> <span class="c1">// Works from v2.11 of aws-cdk-lib</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">ContainerDefinitions</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">Image</span><span class="p">:</span> <span class="nx">imageName</span><span class="p">,</span> <span class="p">}),</span> <span class="p">]),</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h2> What we will do now </h2> <p>In the previous part, there were some points about our design that we should address, which include:</p> <ul> <li>Specifying a port number to access the service through <strong>addService</strong> is right now fine for a single container instance only. For multiple containers (desiredCount &gt; 1) there would need to be a load balancer.</li> <li>The design opens for traffic from everywhere, regardless of whether it uses public or private IP addresses</li> </ul> <p>We should also add some mechanisms to scale the solution based on some load characteristics.</p> <p>The points above tie in with each other. If we put the container service behind a load balancer, we want to restrict access so that it <em>only</em> goes via the load balancer. We also want to have a suitable number of containers running, based on the load on the service.</p> <p>So we have a few tasks:</p> <ul> <li>Add a load balancer in front of a service, when we set up a service in ECS</li> <li>Make sure access is restricted to go via load balancer</li> <li>Add scalability configuration for containers behind load balancer</li> </ul> <p>We can break these up in more detailed steps later.</p> <h2> The trouble with default VPCs </h2> <p>Until now, our infrastructure experiments have assumed that there is a VPC in place, and we have also for simplicity used the <em>default VPC</em>, which is something most AWS accounts will have. </p> <p>A problem with the default VPC is that there are only public subnets in that VPC. The reason for that is backward compatibility with the old <em>EC2 Classic</em>, back in those days when you did not need an explicit VPC to run your virtual machines in AWS. This is my guess anyway. </p> <p>Either way, it is a shortcoming of this VPC. To enable us to use a different VPC with both private and public subnets, we will add a small code segment to optionally add a VPC in the stack. You can also point to an existing VPC that has both public and private subnets.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">let</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">vpcName</span> <span class="o">=</span> <span class="nx">app</span><span class="p">.</span><span class="nx">node</span><span class="p">.</span><span class="nf">tryGetContext</span><span class="p">(</span><span class="dl">'</span><span class="s1">vpcname</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">vpcName</span><span class="p">)</span> <span class="p">{</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="nx">Vpc</span><span class="p">.</span><span class="nf">fromLookup</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpcName</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">vpcName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">my-vpc</span><span class="dl">'</span><span class="p">,</span> <span class="na">natGateways</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maxAzs</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>Instead of simply looking up the default VPC, we have two options. Option one is to provide the name of an existing VPC, and in that case, we use that. If not VPC name is provided, we create a new VPC.</p> <p>The created VPC will have both public and private subnets, will use two availability zones and have a shared NAT gateway for outbound traffic from private subnets. This is strictly to keep costs down.</p> <p>If you have an existing VPC to use, you can provide the name of that VPC through a command line option:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>cdk synth <span class="nt">-c</span> <span class="nv">vpcname</span><span class="o">=</span>thenameofmyvpc </code></pre> </div> <p>This approach to sending contextual data to the AWS CDK App can be quite useful. The key takeaway for us here is that we can have <em>a VPC with both private and public subnets</em>.</p> <h2> Starting from the tests - TDD a load-balanced service </h2> <p>Let us start by looking at our tests. We currently have one test for the <strong>addService</strong> function, see below. There is a fair amount of set-up work here.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Fargate service created, with provided mandatory properties only</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">80</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">desiredCount</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-service</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="nx">port</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">sgCapture</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Capture</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">cluster</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">cluster</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">taskDefinition</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Service</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Service</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">DesiredCount</span><span class="p">:</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="na">LaunchType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">FARGATE</span><span class="dl">'</span><span class="p">,</span> <span class="na">NetworkConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">AwsvpcConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">AssignPublicIp</span><span class="p">:</span> <span class="dl">'</span><span class="s1">DISABLED</span><span class="dl">'</span><span class="p">,</span> <span class="na">SecurityGroups</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span><span class="nx">sgCapture</span><span class="p">]),</span> <span class="p">}),</span> <span class="p">}),</span> <span class="p">});</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::EC2::SecurityGroup</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::EC2::SecurityGroup</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">SecurityGroupIngress</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">CidrIp</span><span class="p">:</span> <span class="dl">'</span><span class="s1">0.0.0.0/0</span><span class="dl">'</span><span class="p">,</span> <span class="na">FromPort</span><span class="p">:</span> <span class="nx">port</span><span class="p">,</span> <span class="na">IpProtocol</span><span class="p">:</span> <span class="dl">'</span><span class="s1">tcp</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">]),</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>My suspicion at this point is that we may need multiple tests for the service part. Each test would have will have had the same setup work to do. With that in mind, I think we could refactor the service test into a group of tests that all run the same setup. Later, if we add more service tests, most of the set-up work will be in place already. Luckily, the <strong>Jest</strong> test framework we use with our AWS CDK Typescript code has support for that, using the <strong>beforeEach</strong> function. The refactored code looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nf">describe</span><span class="p">(</span><span class="dl">'</span><span class="s1">Test service creation options</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="na">stack</span><span class="p">:</span> <span class="nx">Stack</span><span class="p">;</span> <span class="kd">let</span> <span class="na">cluster</span><span class="p">:</span> <span class="nx">Cluster</span><span class="p">;</span> <span class="kd">let</span> <span class="na">taskdef</span><span class="p">:</span> <span class="nx">TaskDefinition</span><span class="p">;</span> <span class="nf">beforeEach</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span> <span class="p">};</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Fargate load-balanced service created, with provided mandatory properties only</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">80</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">desiredCount</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-service</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="nx">port</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">sgCapture</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Capture</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">cluster</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">cluster</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">taskDefinition</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Service</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Service</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">DesiredCount</span><span class="p">:</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="na">LaunchType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">FARGATE</span><span class="dl">'</span><span class="p">,</span> <span class="na">NetworkConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">AwsvpcConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">AssignPublicIp</span><span class="p">:</span> <span class="dl">'</span><span class="s1">DISABLED</span><span class="dl">'</span><span class="p">,</span> <span class="na">SecurityGroups</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span><span class="nx">sgCapture</span><span class="p">]),</span> <span class="p">}),</span> <span class="p">}),</span> <span class="p">});</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::EC2::SecurityGroup</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::EC2::SecurityGroup</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">SecurityGroupIngress</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">CidrIp</span><span class="p">:</span> <span class="dl">'</span><span class="s1">0.0.0.0/0</span><span class="dl">'</span><span class="p">,</span> <span class="na">FromPort</span><span class="p">:</span> <span class="nx">port</span><span class="p">,</span> <span class="na">IpProtocol</span><span class="p">:</span> <span class="dl">'</span><span class="s1">tcp</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">]),</span> <span class="p">});</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>When you change the code, run <strong>npm test</strong> to make sure that the tests still work. </p> <p>Next, let us think about what we want to do. We want to add a load balancer in front of our container service, so that we can scale it to a suitable about and set meaningful desired count larger than 1. Maybe the function call <em>should not be called addService</em> then, but <strong>addLoadBalancedService</strong>?</p> <p>We can change the name of the function call, and do the corresponding change in the code itself to fix our now broken test, and test that now works again.</p> <p>Next, since we should have a load balanced service, it would make sense to test that we get a load balancer in place. The underlying CloudFormation would generate a resource called <strong>AWS::ElasticLoadBalancerV2::LoadBalancer</strong>. So we can add a test that there will be such a resource after we have called our <em>addLoadBalancedService</em> function.</p> <p>How do we implement this? We are trying to keep things simple, and fortunately AWS CDK has a construct that fits what we need well, called <strong>ApplicationLoadBalancedFargateService</strong>. This should set up a load balancer and create the service behind it, which is just what we want. We already have a <em>task definition</em> for the container we want to run as a service and this construct can accept that as input, which is just great!</p> <p>Another change we can make to our function besides the name change is the optional parameter <strong>assignPublicIp</strong>. This is not relevant for a load balancer, since we will not have a specific IP address for the load balancer. But the underlying purpose of that parameter is that we should be able to tell if the endpoint we expose should be public (available through the internet) or private (only reachable in our own network). So we can also change the name of this parameter to <em>better reflect our intent, instead of what it should do</em>. So we can rename it to <strong>publicEndpoint</strong> instead, for example. </p> <p>So now we have a new test and some new code to support this, but if we run <strong>npm test</strong> now, we get a failure! Our new construct will create security groups under the hood for us, and there will be security groups for the load balancer itself, as well as for the targets it will redirect traffic to. So our previous test for a single security group is no longer valid. We might not even care exactly how many service groups are created, as long as the functionality they are supposed to handle is in place (only allow specific network traffic to selected resources). We can also reasonably assume that those who have built <strong>ApplicationLoadBalancedFargateService</strong> have tested out that code well enough that <em>we should not test their implementation</em>. So we can skip our test for a single security group we had before.</p> <p>So we adjust the test and we also adjust the underlying implementation of <strong>addLoadBalancedService</strong>, since we do not need to care about managing the security groups ourselves, at this point in time at least. </p> <p>Now if we run <strong>npm test,</strong> we see the test succeed! Is that good enough? Actually, we should also be clear what ports to map, so we should also include some port mapping information. <em>The load balancer port and the container ports may not be the same</em>. This may be suitable to include in the container configuration for the container itself.</p> <p>Finally, let us also make sure we have a test for the <strong>publicEndpoint</strong> parameter. Here, one relatively simple way to check is if the CloudFormation load balancer resource has its scheme set to internal if publicEndpoint is false, and it should be internet-facing if publicEndpoint is true.</p> <p>Now we have a new set of code, see below:</p> <p><strong>container-management.test.ts</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Capture</span><span class="p">,</span> <span class="nx">Match</span><span class="p">,</span> <span class="nx">Template</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/assertions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">addCluster</span><span class="p">,</span> <span class="nx">addLoadBalancedService</span><span class="p">,</span> <span class="nx">addTaskDefinitionWithContainer</span><span class="p">,</span> <span class="nx">ContainerConfig</span><span class="p">,</span> <span class="nx">TaskConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../../lib/containers/container-management</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">TaskDefinition</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ecs</span><span class="dl">'</span><span class="p">;</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">ECS cluster is defined with existing vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Cluster</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">cluster</span><span class="p">.</span><span class="nx">vpc</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">vpc</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">ECS Fargate task definition defined</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span><span class="p">,</span> <span class="na">tcpPorts</span><span class="p">:</span> <span class="p">[</span><span class="mi">80</span><span class="p">]</span> <span class="p">};</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">.</span><span class="nx">isFargateCompatible</span><span class="p">).</span><span class="nf">toBeTruthy</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">stack</span><span class="p">.</span><span class="nx">node</span><span class="p">.</span><span class="nx">children</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">)).</span><span class="nf">toBeTruthy</span><span class="p">();</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">RequiresCompatibilities</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">FARGATE</span><span class="dl">'</span> <span class="p">],</span> <span class="na">Cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">.</span><span class="nf">toString</span><span class="p">(),</span> <span class="na">Memory</span><span class="p">:</span> <span class="nx">memval</span><span class="p">.</span><span class="nf">toString</span><span class="p">(),</span> <span class="na">Family</span><span class="p">:</span> <span class="nx">familyval</span><span class="p">,</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Container definition added to task definitio</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span><span class="p">,</span> <span class="na">tcpPorts</span><span class="p">:</span> <span class="p">[</span><span class="mi">80</span><span class="p">]</span> <span class="p">};</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">containerDef</span> <span class="o">=</span> <span class="nx">taskdef</span><span class="p">.</span><span class="nx">defaultContainer</span><span class="p">;</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">.</span><span class="nx">defaultContainer</span><span class="p">).</span><span class="nf">toBeDefined</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">containerDef</span><span class="p">?.</span><span class="nx">imageName</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">imageName</span><span class="p">);</span> <span class="c1">// Works from v2.11 of aws-cdk-lib</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">ContainerDefinitions</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">Image</span><span class="p">:</span> <span class="nx">imageName</span><span class="p">,</span> <span class="p">}),</span> <span class="p">]),</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">describe</span><span class="p">(</span><span class="dl">'</span><span class="s1">Test service creation options</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="na">stack</span><span class="p">:</span> <span class="nx">Stack</span><span class="p">;</span> <span class="kd">let</span> <span class="na">cluster</span><span class="p">:</span> <span class="nx">Cluster</span><span class="p">;</span> <span class="kd">let</span> <span class="na">taskdef</span><span class="p">:</span> <span class="nx">TaskDefinition</span><span class="p">;</span> <span class="nf">beforeEach</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span><span class="p">,</span> <span class="na">tcpPorts</span><span class="p">:</span> <span class="p">[</span><span class="mi">80</span><span class="p">]</span> <span class="p">};</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Fargate load-balanced service created, with provided mandatory properties only</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">80</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">desiredCount</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addLoadBalancedService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-service</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="nx">port</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">sgCapture</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Capture</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">cluster</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">cluster</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">taskDefinition</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Service</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Service</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">DesiredCount</span><span class="p">:</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="na">LaunchType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">FARGATE</span><span class="dl">'</span><span class="p">,</span> <span class="na">NetworkConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">AwsvpcConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">AssignPublicIp</span><span class="p">:</span> <span class="dl">'</span><span class="s1">DISABLED</span><span class="dl">'</span><span class="p">,</span> <span class="na">SecurityGroups</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span><span class="nx">sgCapture</span><span class="p">]),</span> <span class="p">}),</span> <span class="p">}),</span> <span class="p">});</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ElasticLoadBalancingV2::LoadBalancer</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ElasticLoadBalancingV2::LoadBalancer</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">Type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application</span><span class="dl">'</span><span class="p">,</span> <span class="na">Scheme</span><span class="p">:</span> <span class="dl">'</span><span class="s1">internet-facing</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="c1">//template.resourceCountIs('AWS::EC2::SecurityGroup', 1);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::EC2::SecurityGroup</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">SecurityGroupIngress</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">CidrIp</span><span class="p">:</span> <span class="dl">'</span><span class="s1">0.0.0.0/0</span><span class="dl">'</span><span class="p">,</span> <span class="na">FromPort</span><span class="p">:</span> <span class="nx">port</span><span class="p">,</span> <span class="na">IpProtocol</span><span class="p">:</span> <span class="dl">'</span><span class="s1">tcp</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">]),</span> <span class="p">});</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Fargate load-balanced service created, without public access</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">80</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">desiredCount</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addLoadBalancedService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-service</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="nx">port</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ElasticLoadBalancingV2::LoadBalancer</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ElasticLoadBalancingV2::LoadBalancer</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">Type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application</span><span class="dl">'</span><span class="p">,</span> <span class="na">Scheme</span><span class="p">:</span> <span class="dl">'</span><span class="s1">internal</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p><strong>container-management.ts</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">IVpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">ContainerImage</span><span class="p">,</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">LogDriver</span><span class="p">,</span> <span class="nx">TaskDefinition</span><span class="p">,</span> <span class="nx">Protocol</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ecs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ApplicationLoadBalancedFargateService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ecs-patterns</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">RetentionDays</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-logs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addCluster</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">):</span> <span class="nx">Cluster</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Cluster</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">TaskConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">cpu</span><span class="p">:</span> <span class="mi">256</span> <span class="o">|</span> <span class="mi">512</span> <span class="o">|</span> <span class="mi">1024</span> <span class="o">|</span> <span class="mi">2048</span> <span class="o">|</span> <span class="mi">4096</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">memoryLimitMB</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">family</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ContainerConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">dockerHubImage</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">tcpPorts</span><span class="p">:</span> <span class="kr">number</span><span class="p">[];</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addTaskDefinitionWithContainer</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span><span class="p">):</span> <span class="nx">TaskDefinition</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateTaskDefinition</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">cpu</span><span class="p">,</span> <span class="na">memoryLimitMiB</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">memoryLimitMB</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">image</span> <span class="o">=</span> <span class="nx">ContainerImage</span><span class="p">.</span><span class="nf">fromRegistry</span><span class="p">(</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">logdriver</span> <span class="o">=</span> <span class="nx">LogDriver</span><span class="p">.</span><span class="nf">awsLogs</span><span class="p">({</span> <span class="na">streamPrefix</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="na">logRetention</span><span class="p">:</span> <span class="nx">RetentionDays</span><span class="p">.</span><span class="nx">ONE_DAY</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">containerDef</span> <span class="o">=</span> <span class="nx">taskdef</span><span class="p">.</span><span class="nf">addContainer</span><span class="p">(</span><span class="s2">`container-</span><span class="p">${</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="nx">image</span><span class="p">,</span> <span class="na">logging</span><span class="p">:</span> <span class="nx">logdriver</span> <span class="p">});</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">port</span> <span class="k">of</span> <span class="nx">containerConfig</span><span class="p">.</span><span class="nx">tcpPorts</span><span class="p">)</span> <span class="p">{</span> <span class="nx">containerDef</span><span class="p">.</span><span class="nf">addPortMappings</span><span class="p">({</span> <span class="na">containerPort</span><span class="p">:</span> <span class="nx">port</span><span class="p">,</span> <span class="na">protocol</span><span class="p">:</span> <span class="nx">Protocol</span><span class="p">.</span><span class="nx">TCP</span> <span class="p">});</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">taskdef</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addLoadBalancedService</span> <span class="o">=</span> <span class="nf">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">:</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">taskDef</span><span class="p">:</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">port</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">publicEndpoint</span><span class="p">?:</span> <span class="nx">boolean</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">?:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">ApplicationLoadBalancedFargateService</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ApplicationLoadBalancedFargateService</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">cluster</span><span class="p">,</span> <span class="na">taskDefinition</span><span class="p">:</span> <span class="nx">taskDef</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">,</span> <span class="na">circuitBreaker</span><span class="p">:</span> <span class="p">{</span> <span class="na">rollback</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="na">publicLoadBalancer</span><span class="p">:</span> <span class="nx">publicEndpoint</span><span class="p">,</span> <span class="na">listenerPort</span><span class="p">:</span> <span class="nx">port</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">service</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p><strong>my-container-infrastructure.ts</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">IVpc</span><span class="p">,</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">addCluster</span><span class="p">,</span> <span class="nx">addLoadBalancedService</span><span class="p">,</span> <span class="nx">addTaskDefinitionWithContainer</span><span class="p">,</span> <span class="nx">ContainerConfig</span><span class="p">,</span> <span class="nx">TaskConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/containers/container-management</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">my-container-infrastructure</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">env</span><span class="p">:</span> <span class="p">{</span> <span class="na">account</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_ACCOUNT</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_REGION</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">let</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">vpcName</span> <span class="o">=</span> <span class="nx">app</span><span class="p">.</span><span class="nx">node</span><span class="p">.</span><span class="nf">tryGetContext</span><span class="p">(</span><span class="dl">'</span><span class="s1">vpcname</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">vpcName</span><span class="p">)</span> <span class="p">{</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="nx">Vpc</span><span class="p">.</span><span class="nf">fromLookup</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpcName</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">vpcName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">my-vpc</span><span class="dl">'</span><span class="p">,</span> <span class="na">natGateways</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maxAzs</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">id</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">my-test-cluster</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="mi">512</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="mi">1024</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="dl">'</span><span class="s1">webserver</span><span class="dl">'</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">,</span> <span class="na">tcpPorts</span><span class="p">:</span> <span class="p">[</span><span class="mi">80</span><span class="p">]</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`taskdef-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">);</span> <span class="nf">addLoadBalancedService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`service-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="mi">80</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> </code></pre> </div> <p>Run npm test and make sure all the tests pass. You can also to deploy the solution now, using <strong>cdk deploy</strong>. <em>Expect the deployment to take some time</em>, <em>especially if you deploy everything from scratch and if you have it set up to create a new VPC</em>.</p> <p>You notice that when the deployment is completed, there will be two outputs representing the load balancer endpoint. This results from using <strong>ApplicationLoadBalancedFargateService</strong>, which adds these outputs by default to the stack.</p> <h2> A bit of auto-scaling </h2> <p>If we have a load balancer in front of our service to distribute the load among multiple containers, it <em>would make sense to scale up and down how many containers will handle that load</em>. Fortunately, after some investigation, we can see that the <strong>FargateService</strong> class has a function called <strong>autoScaleTaskCount</strong>, which allows us to set the minimum and maximum number of tasks. It also allows us to specify thresholds for CPU and memory to determine if the service should scale down or up the number of tasks running in the service. </p> <p>There is no corresponding function on <em>ApplicationLoadBalancedFargateService</em> though, but we can access the underlying <em>FargateService</em> using a <strong>service</strong> property on <em>ApplicationLoadBalancedFargateService</em>.</p> <p>Unfortunately, we cannot access all these scaling settings on <em>FargateService</em> once we have set them, so to verify that these settings have been set, we would resort to check CloudFormation resources. In this case, it is resources of the <strong>ApplicationAutoScaling</strong> that is used by CloudFormation. </p> <p>Frankly, I am hesitant about the value of some of these tests, since this may be borderline to test the CDK implementation rather than testing our own logic. I kept them here more to be a learning experience. Even with these tests, we would want to do some actual integration tests to see that the real behaviour once deployed is what we expect. <em>There is some early experimental work in AWS CDK for building integration tests</em>, but that is out of scope for this article.</p> <p>For now, we can at least know that there are some settings in place for the auto-scaling, but more work would be needed to test its actual behaviour.</p> <p><strong>Extract from container-management.test.ts</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Scaling settings of load balancer</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">80</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">desiredCount</span> <span class="o">=</span> <span class="mi">2</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addLoadBalancedService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-service</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="nx">port</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">minCount</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maxCount</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="na">scaleCpuTarget</span><span class="p">:</span> <span class="p">{</span> <span class="na">percent</span><span class="p">:</span> <span class="mi">50</span> <span class="p">},</span> <span class="na">scaleMemoryTarget</span><span class="p">:</span> <span class="p">{</span> <span class="na">percent</span><span class="p">:</span> <span class="mi">50</span> <span class="p">},</span> <span class="p">};</span> <span class="nf">setServiceScaling</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">service</span><span class="p">,</span> <span class="nx">config</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">scaleResource</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Capture</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalableTarget</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalableTarget</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">MaxCapacity</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">maxCount</span><span class="p">,</span> <span class="na">MinCapacity</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">minCount</span><span class="p">,</span> <span class="na">ResourceId</span><span class="p">:</span> <span class="nx">scaleResource</span><span class="p">,</span> <span class="na">ScalableDimension</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ecs:service:DesiredCount</span><span class="dl">'</span><span class="p">,</span> <span class="na">ServiceNamespace</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ecs</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalingPolicy</span><span class="dl">'</span><span class="p">,</span> <span class="mi">2</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalingPolicy</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">PolicyType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">TargetTrackingScaling</span><span class="dl">'</span><span class="p">,</span> <span class="na">TargetTrackingScalingPolicyConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">PredefinedMetricSpecification</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectEquals</span><span class="p">({</span> <span class="na">PredefinedMetricType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ECSServiceAverageCPUUtilization</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="na">TargetValue</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">scaleCpuTarget</span><span class="p">.</span><span class="nx">percent</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ApplicationAutoScaling::ScalingPolicy</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">PolicyType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">TargetTrackingScaling</span><span class="dl">'</span><span class="p">,</span> <span class="na">TargetTrackingScalingPolicyConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">PredefinedMetricSpecification</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectEquals</span><span class="p">({</span> <span class="na">PredefinedMetricType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ECSServiceAverageMemoryUtilization</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="na">TargetValue</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">scaleMemoryTarget</span><span class="p">.</span><span class="nx">percent</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p><strong>Extract from container-management.ts</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ScalingThreshold</span> <span class="p">{</span> <span class="nl">percent</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ServiceScalingConfig</span> <span class="p">{</span> <span class="nl">minCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">maxCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">scaleCpuTarget</span><span class="p">:</span> <span class="nx">ScalingThreshold</span><span class="p">;</span> <span class="nl">scaleMemoryTarget</span><span class="p">:</span> <span class="nx">ScalingThreshold</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">setServiceScaling</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">service</span><span class="p">:</span> <span class="nx">FargateService</span><span class="p">,</span> <span class="nx">config</span><span class="p">:</span> <span class="nx">ServiceScalingConfig</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">scaling</span> <span class="o">=</span> <span class="nx">service</span><span class="p">.</span><span class="nf">autoScaleTaskCount</span><span class="p">({</span> <span class="na">maxCapacity</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">maxCount</span><span class="p">,</span> <span class="na">minCapacity</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">minCount</span><span class="p">,</span> <span class="p">});</span> <span class="nx">scaling</span><span class="p">.</span><span class="nf">scaleOnCpuUtilization</span><span class="p">(</span><span class="dl">'</span><span class="s1">CpuScaling</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">targetUtilizationPercent</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">scaleCpuTarget</span><span class="p">.</span><span class="nx">percent</span><span class="p">,</span> <span class="p">});</span> <span class="nx">scaling</span><span class="p">.</span><span class="nf">scaleOnMemoryUtilization</span><span class="p">(</span><span class="dl">'</span><span class="s1">MemoryScaling</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">targetUtilizationPercent</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nx">scaleMemoryTarget</span><span class="p">.</span><span class="nx">percent</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p><strong>Extract from my-container-infrastructure.ts</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addLoadBalancedService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`service-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="mi">80</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> <span class="nf">setServiceScaling</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">service</span><span class="p">,</span> <span class="p">{</span> <span class="na">minCount</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maxCount</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span> <span class="na">scaleCpuTarget</span><span class="p">:</span> <span class="p">{</span> <span class="na">percent</span><span class="p">:</span> <span class="mi">50</span> <span class="p">},</span> <span class="na">scaleMemoryTarget</span><span class="p">:</span> <span class="p">{</span> <span class="na">percent</span><span class="p">:</span> <span class="mi">70</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <p>You can run <strong>npm test</strong> to make sure all tests pass, and run <strong>cdk deploy</strong> to see that it also deploys ok. We are at enough lines of code now that I would recommend to review the code at <a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-ts" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-ts</a>. </p> <p>This is the end of part 7 of the infrastructure-as-code ninja series. If you enjoyed this material, you can check out the other parts of this series and other articles at <a href="https://tidycloudaws.com" rel="noopener noreferrer">Tidy Cloud AWS</a>. Send comments, questions, and suggestions!</p> aws cdk devops infrastructure Erik Lundevall Zara Thu, 12 May 2022 21:23:40 +0000 https://dev.to/eriklz/infrastructure-as-code-where-is-the-customer-obsession-aws-4nol https://dev.to/eriklz/infrastructure-as-code-where-is-the-customer-obsession-aws-4nol <p>AWS has a problem with its handling of customers’ adoption of infrastructure as code. This applies to CloudFormation, and by extension, to the AWS Cloud Development Kit (AWS CDK). This is part of a bigger problem with AWS, I think.</p> <p>I am a fairly happy user of AWS CDK. It is a very nice tool in the toolbox for infrastructure-as-code. However, it also suffers from some drawbacks coming from CloudFormation, some of which will be mentioned here.</p> <h2> Meeting customers where they are </h2> <p>AWS prides themselves with <strong>customer obsession</strong>, and <em>meeting customers where they are</em>. They have a <strong>Well-Architected Framework</strong> which points to virtues of adaptability and automating things. Yet, for allowing customers to <em>gradually move to a more automated and adaptable approach</em>, there are sometimes too many hurdles in place.</p> <p>It is, most times, fairly easy to use the AWS Console (ClickOps) to set up something with a particular AWS Service. There are also tutorials for using the AWS Console for many tasks.</p> <p>Yet, there is <em>zero support to get a corresponding representation in CloudFormation or AWS CDK from that ClickOps effort, so you can now manage those resources with infrastructure-as-code.</em></p> <p><em>There is seldom any description or example to describe, in an easily digestible way, what you need to do to replicate that ClickOps experience.</em></p> <p>I have yet to meet anyone using AWS that got a near-perfect infrastructure-as-code immutable infrastructure solution in place right away. There are <strong>always pain points and teachings on the way</strong>, and <strong>a process of adaption to new ways of working</strong>. </p> <p>In addition, there is also the reality with <strong>operational incidents that need to be resolved quickly</strong>. This may most times involve some manual and direct updates, if you <strong>have not reached automation and immutable infrastructure nirvana yet</strong>. <em>That is a reality.</em>## Missing pieces in the puzzleYou cannot easily import existing resources into CloudFormation, and for a long time, it was not possible at all. Nowadays, you can import some existing resources into CloudFormation stacks, but it is difficult. <strong>It is also not supported for all CloudFormation resources either</strong>. There is a list in the AWS documentation of what resources are supported.<em>It would have been better to have a list of <strong>what resources are not supported</strong>.</em> This import feature <em>only guarantees that required properties are the same as the actual resource when imported into CloudFormation</em>.</p> <p>The matter becomes even worse with AWS CDK since the import works on the CloudFormation level, which AWS CDK, to a large extent, abstracts away. It is then also potentially more complicated to replicate these resources through AWS CDK code.</p> <p>There are tools, not from AWS, like <a href="https://former2.com" rel="noopener noreferrer">Former 2</a>, which can ease the pain somewhat, but it can only do so much and you get something less nice from a code perspective.If you are happy to replace all the existing resources, then this is less of a problem. But in many cases, this is not a good option if you still have a somewhat long way to go to immutable infrastructure nirvana.</p> <h2> Migration issues </h2> <p>Even migrating from CloudFormation to AWs CDK has its challenges. AWS CDK has some nice support to encapsulate existing CloudFormation in the AWS CDK code, which works pretty nicely. <em>Just getting the AWS CDK command-line tool in the workflow is a nice bonus compared to what tooling is provided by AWS for dealing with CloudFormation directly.</em></p> <p>You can <strong>keep the resources as-is with this approach, without replacing them</strong>. However, it becomes more challenging after that. <strong>You cannot easily break out parts of CloudFormation and replace it with AWS CDK code, without re-creating the infrastructure</strong>.</p> <p>Again, not an issue with immutable infrastructure nirvana, but definitely a problem for many others.</p> <h2> Other solutions to the problem </h2> <p>If you want to find better options for this type of problems, look at the competition. <a href="https://www.terraform.io" rel="noopener noreferrer">Terraform from Hashicorp</a> and <a href="https://www.pulumi.com" rel="noopener noreferrer">Pulumi</a> both do a better job of co-existing, reconciling, migrating, and gradually adapting your infrastructure. In this situation, both Hashicorp and Pulumi are better at meeting customers where they are.## Final words</p> <p>I sometimes wonder why these kinds of pain points with customers are not addressed properly by AWS. Perhaps there is less incentive to let customers keep existing resources, instead of spinning up new ones to replace the old ones, since that provides more money to AWS. I really hope that is not the case. Or AWS persons are too used to immutable infrastructure nirvana in their daily job, that they do not see the pain points for customers here who are in earlier stages of the infrastructure-as-code journey.What do you think? Are these pain points for you?</p> aws cloudformation productivity discuss Erik Lundevall Zara Mon, 04 Apr 2022 10:00:37 +0000 https://dev.to/eriklz/how-to-set-up-ad-hoc-developer-environments-19a1 https://dev.to/eriklz/how-to-set-up-ad-hoc-developer-environments-19a1 <p>Have you had a task to fix a supposedly simple thing in a project, a code or configuration change, only to spend most of the time to set up the environment so you can do the fix in the first place?</p> <p>The setup you just did for this now clutter your setup, and conflicts with other projects? In order to get back to your old working environment, you have to do some re-installs of software packages?</p> <p>One approach is to use containers from Docker images to package and run the specific tools. However, that can sometimes be cumbersome to set up and combine with tools that you already have.</p> <p>The approach here does not use containers, and it can just be a matter of a one-line command to create a new <strong>shell environment</strong>. The extra software needed is in place as long as the shell is active only.</p> <p>First, I will show an example, then look at how to set it up and get started.</p> <p>For a project, we want to install Node.js 14 + Yarn + git + ripgrep, plus cowsay for good measure. First, just check what is on the machine before. After that, install the required tools and verify that they are available in our new shell. When we are done, we exit the shell and get the environment back to its old state.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>bash-4.4# <span class="c"># First let us create a work directory</span> bash-4.4# <span class="nb">mkdir </span>work <span class="o">&amp;&amp;</span> <span class="nb">cd </span>work bash-4.4# <span class="nb">pwd</span> /work bash-4.4# <span class="c"># We want to have Node.js 14.x, yarn, git, ripgrep and cowsay</span> bash-4.4# which node yarn git rg cowsay which: no node <span class="k">in</span> <span class="o">(</span>/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin<span class="o">)</span> which: no yarn <span class="k">in</span> <span class="o">(</span>/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin<span class="o">)</span> /root/.nix-profile/bin/git which: no rg <span class="k">in</span> <span class="o">(</span>/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin<span class="o">)</span> which: no cowsay <span class="k">in</span> <span class="o">(</span>/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin<span class="o">)</span> bash-4.4# bash-4.4# <span class="c"># None of the tools are installed </span> bash-4.4# <span class="c"># Now we will set up the tools in our ad hoc environment</span> bash-4.4# nix-shell <span class="nt">-p</span> nodejs-14_x yarn git ripgrep cowsay these 25 paths will be fetched <span class="o">(</span>71.04 MiB download, 327.01 MiB unpacked<span class="o">)</span>: /nix/store/1l6jgfsgjmsrbrciz8r714dnkyngvpkb-zlib-1.2.11-dev /nix/store/1v0pmb9f8jmn126nvbs2k2varzqfqczq-icu4c-69.1 /nix/store/2dd4n8cca16pa8yic1gh079hxb2x0ji4-yarn-1.22.10 /nix/store/3k69hbxg04sdxlgi1236ddggs346sxf3-stdenv-linux /nix/store/4wf2bnddgwg17m465rg66j67gmcwy83q-bash-interactive-4.4-p23-info /nix/store/4xkhd51k7y6g9vi2h9kfvcxd67k3v3f1-gawk-5.1.0 /nix/store/5ddb4j8z84p6sjphr0kh6cbq5jd12ncs-binutils-2.35.1 /nix/store/5wvf6qy2pjijd93n4dn6vvbn45ij9fdr-linux-headers-5.12 /nix/store/7al99yyrc2ix9c5idq2kf8zgksscaf9z-bash-interactive-4.4-p23-doc /nix/store/88ghxafjpqp5sqpd75r51qqg4q5d95ss-gcc-wrapper-10.3.0 /nix/store/bjyyiipkwxgn8awrpp5aj3yp75l043i9-nodejs-14.17.6 /nix/store/cr23xzsbbvjgxaf1mchn2drhh6yvsq0q-cowsay-3.03+dfsg2 /nix/store/dr5yvz4dv2rq6mqr8pq5ix2g9wn4h5wp-icu4c-69.1-dev /nix/store/k6sslkn2f764mgnd2a6q0wfwlnfwpybi-ripgrep-12.1.1 /nix/store/llywalnma9vv74z0xivwc87kxs6crk9b-binutils-wrapper-2.35.1 /nix/store/mbc7y2k96nhgazi7w7hls8y4pbma1y82-diffutils-3.7 /nix/store/p5lnl4zr45n7mf9kz9w8yz3rqh001b5c-bash-interactive-4.4-p23-dev /nix/store/q141hd8jl7in5223jmf7kmx9h517km4p-glibc-2.32-54-dev /nix/store/sa90ixnafl08k8d9wwmzhr7br2dyjxp2-expand-response-params /nix/store/sf6w5cyyksw7kacvhhw0aw0m1x74r524-ed-1.17 /nix/store/shcm9y3r9xlx6pksg3kkkpi56vm5cgqg-libuv-1.41.0 /nix/store/sjhz1j2d1ssn59f66kqp92xj9mpsww2d-gcc-10.3.0 /nix/store/wfzdk9vxayfnw7fqy05s7mmypg5a8lyr-gnumake-4.3 /nix/store/xfc0ffwz6s87mnz9x2k2qj6ykwxgwjxk-patchelf-0.12 /nix/store/ywkvpy8va67s7z8i1m32mklar9mii8qd-patch-2.7.6 copying path <span class="s1">'/nix/store/7al99yyrc2ix9c5idq2kf8zgksscaf9z-bash-interactive-4.4-p23-doc'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/p5lnl4zr45n7mf9kz9w8yz3rqh001b5c-bash-interactive-4.4-p23-dev'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/4wf2bnddgwg17m465rg66j67gmcwy83q-bash-interactive-4.4-p23-info'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/5ddb4j8z84p6sjphr0kh6cbq5jd12ncs-binutils-2.35.1'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/cr23xzsbbvjgxaf1mchn2drhh6yvsq0q-cowsay-3.03+dfsg2'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/mbc7y2k96nhgazi7w7hls8y4pbma1y82-diffutils-3.7'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/sf6w5cyyksw7kacvhhw0aw0m1x74r524-ed-1.17'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/sa90ixnafl08k8d9wwmzhr7br2dyjxp2-expand-response-params'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/4xkhd51k7y6g9vi2h9kfvcxd67k3v3f1-gawk-5.1.0'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/wfzdk9vxayfnw7fqy05s7mmypg5a8lyr-gnumake-4.3'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/1v0pmb9f8jmn126nvbs2k2varzqfqczq-icu4c-69.1'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/shcm9y3r9xlx6pksg3kkkpi56vm5cgqg-libuv-1.41.0'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/dr5yvz4dv2rq6mqr8pq5ix2g9wn4h5wp-icu4c-69.1-dev'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/5wvf6qy2pjijd93n4dn6vvbn45ij9fdr-linux-headers-5.12'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/ywkvpy8va67s7z8i1m32mklar9mii8qd-patch-2.7.6'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/q141hd8jl7in5223jmf7kmx9h517km4p-glibc-2.32-54-dev'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/xfc0ffwz6s87mnz9x2k2qj6ykwxgwjxk-patchelf-0.12'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/llywalnma9vv74z0xivwc87kxs6crk9b-binutils-wrapper-2.35.1'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/sjhz1j2d1ssn59f66kqp92xj9mpsww2d-gcc-10.3.0'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/k6sslkn2f764mgnd2a6q0wfwlnfwpybi-ripgrep-12.1.1'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/88ghxafjpqp5sqpd75r51qqg4q5d95ss-gcc-wrapper-10.3.0'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/1l6jgfsgjmsrbrciz8r714dnkyngvpkb-zlib-1.2.11-dev'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/3k69hbxg04sdxlgi1236ddggs346sxf3-stdenv-linux'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/bjyyiipkwxgn8awrpp5aj3yp75l043i9-nodejs-14.17.6'</span> from <span class="s1">'https://cache.nixos.org'</span>... copying path <span class="s1">'/nix/store/2dd4n8cca16pa8yic1gh079hxb2x0ji4-yarn-1.22.10'</span> from <span class="s1">'https://cache.nixos.org'</span>... <span class="o">[</span>nix-shell:/work]# <span class="o">[</span>nix-shell:/work]# which node yarn git rg cowsay /nix/store/bjyyiipkwxgn8awrpp5aj3yp75l043i9-nodejs-14.17.6/bin/node /nix/store/2dd4n8cca16pa8yic1gh079hxb2x0ji4-yarn-1.22.10/bin/yarn /nix/store/cpx9hzqcxci468qjwx1yk9k8rwmhlqxl-git-2.31.1/bin/git /nix/store/k6sslkn2f764mgnd2a6q0wfwlnfwpybi-ripgrep-12.1.1/bin/rg /nix/store/cr23xzsbbvjgxaf1mchn2drhh6yvsq0q-cowsay-3.03+dfsg2/bin/cowsay <span class="o">[</span>nix-shell:/work]# git init hint: Using <span class="s1">'master'</span> as the name <span class="k">for </span>the initial branch. This default branch name hint: is subject to change. To configure the initial branch name to use <span class="k">in </span>all hint: of your new repositories, which will suppress this warning, call: hint: hint: git config <span class="nt">--global</span> init.defaultBranch &lt;name&gt; hint: hint: Names commonly chosen instead of <span class="s1">'master'</span> are <span class="s1">'main'</span>, <span class="s1">'trunk'</span> and hint: <span class="s1">'development'</span><span class="nb">.</span> The just-created branch can be renamed via this <span class="nb">command</span>: hint: hint: git branch <span class="nt">-m</span> &lt;name&gt; Initialized empty Git repository <span class="k">in</span> /work/.git/ <span class="o">[</span>nix-shell:/work]# cowsay Now we have the tools <span class="k">for </span>our environment <span class="k">in </span>place _______________________________ / Now we have the tools <span class="k">for </span>our <span class="se">\</span> <span class="se">\ </span>environment <span class="k">in </span>place / <span class="nt">-------------------------------</span> <span class="se">\ </span> ^__^ <span class="se">\ </span> <span class="o">(</span>oo<span class="o">)</span><span class="se">\_</span>______ <span class="o">(</span>__<span class="o">)</span><span class="se">\ </span> <span class="o">)</span><span class="se">\/\</span> <span class="o">||</span><span class="nt">----w</span> | <span class="o">||</span> <span class="o">||</span> <span class="o">[</span>nix-shell:/work]# <span class="nb">exit exit </span>bash-4.4# which node yarn git rg cowsay which: no node <span class="k">in</span> <span class="o">(</span>/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin<span class="o">)</span> which: no yarn <span class="k">in</span> <span class="o">(</span>/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin<span class="o">)</span> /root/.nix-profile/bin/git which: no rg <span class="k">in</span> <span class="o">(</span>/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin<span class="o">)</span> which: no cowsay <span class="k">in</span> <span class="o">(</span>/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin<span class="o">)</span> bash-4.4# bash-4.4# <span class="c"># We have left the shell we created with nix-shell, and the tools are not there anymore </span> bash-4.4# <span class="c"># One more time...</span> bash-4.4# bash-4.4# nix-shell <span class="nt">-p</span> nodejs-14_x yarn git ripgrep cowsay <span class="o">[</span>nix-shell:/work]# cowsay All packages cached locally, so quicker this <span class="nb">time </span>_________________________________________ / All packages cached locally, so quicker <span class="se">\</span> <span class="se">\ </span>this <span class="nb">time</span> / <span class="nt">-----------------------------------------</span> <span class="se">\ </span> ^__^ <span class="se">\ </span> <span class="o">(</span>oo<span class="o">)</span><span class="se">\_</span>______ <span class="o">(</span>__<span class="o">)</span><span class="se">\ </span> <span class="o">)</span><span class="se">\/\</span> <span class="o">||</span><span class="nt">----w</span> | <span class="o">||</span> <span class="o">||</span> <span class="o">[</span>nix-shell:/work]# <span class="nb">exit exit </span>bash-4.4# </code></pre> </div> <p>So what is this <strong>nix-shell</strong>? It is a command-line tool which is part of a group of tools, under the name <strong>Nix</strong>. Nix is a few different things:</p> <ul> <li>A package manager</li> <li>A domain specific language for building, packaging and deploying software</li> <li>A Linux distribution using the Nix package manager, which is called NixOS.</li> </ul> <p>Nix is very much about creating reproducible and declarative deployments and system configurations, with tooling to support these tasks. One outcome of this focus is to have i*mmutable configurations* - you are not destroying any particular resources, just adding to what is already there. </p> <p>You do not have to run NixOS to take advantage of other features of Nix. In fact, the tools work on other Linux distributions, on macOS or in WSL 2 (Windows Subsystem for Linux) on Windows machines. You just install Nix to get a couple of command-line tools.</p> <p>The Nix project has been around for a while, about 19 years. However, a large portion of that time, its usage was quite small. It has only grown more significantly in the last few years.</p> <p>A good starting point is the <a href="https://nixos.org" rel="noopener noreferrer">NixOS website</a>. The site covers Nix and a tool and you do not need to set up NixOS to get started with it. It outlines some of <a href="https://nixos.org/explore.html" rel="noopener noreferrer">the use cases for Nix</a>, of which ad hoc environments are just one of them.</p> <p>You find the <a href="https://nixos.org/download.html#download-nix" rel="noopener noreferrer">installation instructions for Nix here</a>. This also includes running it as a container via Docker, which is a good way to get an idea of what it is all about, before actually installing the software itself. The example above was running in an instance of this docker image, in fact. The recommendation is to do a multi-user installation if you use Linux or macOS, while use a single-user installation under Windows WSL2.</p> <p>It is essentially running a shell command on your local computer to download and run an installation script:</p> <p>For macOS:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>sh &lt;<span class="o">(</span>curl <span class="nt">-L</span> https://nixos.org/nix/install<span class="o">)</span> </code></pre> </div> <p>For Windows (WSL2), single-user installation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>sh &lt;<span class="o">(</span>curl <span class="nt">-L</span> https://nixos.org/nix/install<span class="o">)</span> <span class="nt">--no-daemon</span> </code></pre> </div> <p>For Linux, single user installation is same as above. For multi-user installation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>sh &lt;<span class="o">(</span>curl <span class="nt">-L</span> https://nixos.org/nix/install<span class="o">)</span> <span class="nt">--daemon</span> </code></pre> </div> <p>If you want to run the docker image instead and have Docker desktop installed, you can run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-it</span> nixos/nix </code></pre> </div> <p>or run it to expose a selected directory (workdir) on your local computer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-it</span> <span class="nt">-v</span> <span class="si">$(</span><span class="nb">pwd</span><span class="si">)</span>/workdir:/workdir nixos/nix </code></pre> </div> <p>The first time you run the command it will take a bit of time, because it will download the and setting up the specified packages from <strong>NixPkgs,</strong> <em>which have over 80000 packages at this point in time</em>. If you re-run the command again later, it will be faster, since the packages have been cached locally.</p> <h2> Tweak and persist the package information </h2> <p>For the simplest use cases, just specifying the package labels works fine. However, tweak it a bit more, depending on which packages to install and any additional settings that may be needed. For this purpose, there is also the Nix domain specific language, which is geared towards repeatable and/or reproducible setups.</p> <p>Let us create a directory <strong>work</strong>, and in that directory, create a file <strong>mysetup.nix</strong>. The content will look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nix"><code><span class="kd">let</span> <span class="nv">getpkgs</span> <span class="o">=</span> <span class="kr">import</span> <span class="o">&lt;</span><span class="nv">nixpkgs</span><span class="o">&gt;</span><span class="p">;</span> <span class="nv">pkgs</span> <span class="o">=</span> <span class="nv">getpkgs</span> <span class="p">{};</span> <span class="kn">in</span> <span class="nv">pkgs</span><span class="o">.</span><span class="nv">mkShell</span> <span class="p">{</span> <span class="nv">buildInputs</span> <span class="o">=</span> <span class="p">[</span> <span class="nv">pkgs</span><span class="o">.</span><span class="nv">git</span> <span class="nv">pkgs</span><span class="o">.</span><span class="nv">nodejs-14_x</span> <span class="nv">pkgs</span><span class="o">.</span><span class="nv">yarn</span> <span class="nv">pkgs</span><span class="o">.</span><span class="nv">ripgrep</span> <span class="nv">pkgs</span><span class="o">.</span><span class="nv">cowsay</span> <span class="p">];</span> <span class="nv">shellHook</span> <span class="o">=</span> <span class="s2">''</span><span class="err"> </span><span class="s2"> cowsay "here is your shell environment"</span><span class="err"> </span><span class="s2"> ''</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>What this piece of code will do is to retrieve information about all available packages in the latest update of <strong>NixPkgs</strong>. Using the retrieved data, it will create a shell environment (mkShell), where there packages we want to install/build are inputs. <em>As a bonus here, we also add an execution of cowsay once the environment is ready</em>.</p> <p>Now we can set up the environment using the command<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>nix-shell mysetup.nix </code></pre> </div> <p>In the <strong>work</strong> directory, we should see something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>bash-4.4# nix-shell mysetup.nix ________________________________ &lt; here is your shell environment <span class="o">&gt;</span> <span class="nt">--------------------------------</span> <span class="se">\ </span> ^__^ <span class="se">\ </span> <span class="o">(</span>oo<span class="o">)</span><span class="se">\_</span>______ <span class="o">(</span>__<span class="o">)</span><span class="se">\ </span> <span class="o">)</span><span class="se">\/\</span> <span class="o">||</span><span class="nt">----w</span> | <span class="o">||</span> <span class="o">||</span> <span class="o">[</span>nix-shell:/work]# </code></pre> </div> <p>This makes for a <em>repeatable</em> setup, but is <em>not reproducible</em>. This is because the latest versions of the different packages might be different if the latest versions of these packages are updated. To get the same versions each time, we need to be specific about which release of NixPkgs we are using. Nix has multiple ways to get a specific release of NixPkgs. Since NixPkgs information is available through a repository in GitHub, we can fetch a specific release and git commit from that repository. In that case, we will <em>always get the same releases for the packages, as well as the same dependencies for all these packages</em>. We cannot choose specific versions for each package, since there is an infinite number of combinations with these packages, including their dependencies in that case. <strong>Repeatable and reproducible environments are of higher importance here</strong>. <em>We will get the specific versions of the packages and their dependencies that are in that specific release of NixPkgs</em>.</p> <p>Let us create a new file, this time called <strong>shell.nix</strong>. The content is adjusted slightly, so that we fetch the package data from the NixPkgs repository in GitHub, with a specific tag or branch and commit that is associated with that. One way to get the specific commit is to use the <strong>git ls-remote</strong> command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git ls-remote <span class="nt">--tags</span> https://github.com/nixos/nixpkgs/ 21.11 506445d88e183bce80e47fc612c710eb592045ed refs/tags/21.11 </code></pre> </div> <p>Instead of a general reference to "&lt;nixpkgs&gt;" we make a more specific reference, using the <strong>fetchGit</strong> function. The other parts of the code stay the same.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">let </span>nixpkgs <span class="o">=</span> <span class="o">(</span>fetchGit <span class="o">{</span> name <span class="o">=</span> <span class="s2">"nixos-release-21.11"</span><span class="p">;</span> url <span class="o">=</span> <span class="s2">"https://github.com/nixos/nixpkgs/"</span><span class="p">;</span> ref <span class="o">=</span> <span class="s2">"refs/tags/21.11"</span><span class="p">;</span> rev <span class="o">=</span> <span class="s2">"506445d88e183bce80e47fc612c710eb592045ed"</span><span class="p">;</span> <span class="o">})</span><span class="p">;</span> getpkgs <span class="o">=</span> import nixpkgs<span class="p">;</span> pkgs <span class="o">=</span> getpkgs <span class="o">{}</span><span class="p">;</span> <span class="k">in </span>pkgs.mkShell <span class="o">{</span> buildInputs <span class="o">=</span> <span class="o">[</span> pkgs.git pkgs.nodejs-14_x pkgs.yarn pkgs.ripgrep pkgs.cowsay <span class="o">]</span><span class="p">;</span> shellHook <span class="o">=</span> <span class="s1">''</span> cowsay <span class="s2">"here is your shell environment"</span> <span class="s1">''</span><span class="p">;</span> <span class="o">}</span> </code></pre> </div> <p>Now, because we have named the file <strong>shell.nix</strong>, we do not need to specify the filename when running, we can simply run <strong>nix-shell</strong>. Again, the first time you run the command, it will take some time to fetch the package information (be patient!), but if that is run again, it will be cached and execution is much faster.</p> <h2> Final words </h2> <p>This was a quick introduction to a specific tool within Nix, the nix-shell. It is a nice way to create ad hoc environments in a repeatable and/or reproducible way. It is only scratching the surface of Nix, though, and there is a lot more to explore there. </p> <p>I must stay though that the documentation around Nix and its usage leaves a bit to be desired. It can sometimes be a bit confusing to figure out what you can do and how to do it. Right now I hope to make some examples and descriptions as I learn and explore more of Nix, which I think is very promising, despite some challenges.</p> productivity development nix Erik Lundevall Zara Fri, 04 Mar 2022 16:51:28 +0000 https://dev.to/eriklz/take-a-cue-to-supercharge-your-configurations-32d0 https://dev.to/eriklz/take-a-cue-to-supercharge-your-configurations-32d0 <p>Do you have a love/hate relationship with YAML or JSON for configurations?</p> <p>Are your configurations getting messed up because of simple typos, or problems with white space, or confusion between strings and numbers?</p> <p>Do you try to manage some templating solution on top of YAML?</p> <p>Is it hard to manage complex overrides across multiple configuration files?</p> <p>If any of these questions resonate with you, then this article may interest you!</p> <h2> Configuration complexity </h2> <p>In today's configuration landscape, YAML is pretty much everywhere. It is relatively easy for humans to read and also fairly compact format. It is also easy to mess up with some idiosyncrasies and white-space/indentation dependent structure. JSON is a simpler format in its structure, but more limited and not really intended for human consumption. TOML is another format which tries to strike a balance for readability and maintainability.</p> <p>Neither of them have any built-in capabilities for elaborate validation of data or feature to facilitate organising (complex) configurations. It gets messy, in particular with more complex configurations.</p> <p>Can we do better? Yes, I believe we can. There is one effort in this space that I think is promising, and that is <a href="https://cuelang.org" rel="noopener noreferrer">CUE (Configure Unify Execute)</a>, an open-source configuration language. </p> <p>There is a lot to like about CUE, and I will explore a few bits and pieces of it in this article. It is only scratching the surface of what you can do with CUE though.</p> <p>We are going to focus on a bit of data validation and simple conversions:</p> <ul> <li>Convert a YAML configuration file to CUE</li> <li>Step-by-step define schema and validation rules for that configuration file</li> </ul> <h2> Install CUE </h2> <p>The <a href="https://cuelang.org/docs/install/" rel="noopener noreferrer">CUE website has installation instructions</a> for how to install CUE. There are binary downloads you can download for macOS, Windows, and Linux distributions, or you can install via Homebrew on macOS and Linux.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>brew <span class="nb">install </span>cue-lang/tap/cue </code></pre> </div> <p>If you have the Go language installed, you can also download and build CUE directly easily, since CUE is written in Go.</p> <p>You do not have to install CUE now if you do not want to follow the rest of the article, but if you want to play around yourself, you should do that.</p> <p>You can also have a look at the <a href="https://cuelang.org/play/#cue@export@cue" rel="noopener noreferrer">CUE Playground</a>. This is only for writing CUE and possibly converting it to JSON or YAML, so that is different use case than what we are covering in this article.</p> <h2> Read and convert YAML configuration </h2> <p>We are going to start with a relatively small configuration file in YAML. This configuration describes a network configuration (VPC - Virtual Private Cloud) in Amazon Web Services (AWS). <em>It is not important exactly what it is though; we are only using this for illustration</em>. Our YAML configuration file has the name <strong>network_config.yaml</strong> and looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">account</span><span class="pi">:</span> <span class="s2">"</span><span class="s">123456789012"</span> <span class="na">region</span><span class="pi">:</span> <span class="s">eu-north-1</span> <span class="na">network</span><span class="pi">:</span> <span class="na">vpc_cidr</span><span class="pi">:</span> <span class="s">10.100.0.0/16</span> <span class="na">az_count</span><span class="pi">:</span> <span class="m">2</span> <span class="na">nat_gateway_count</span><span class="pi">:</span> <span class="m">1</span> <span class="na">public_mask</span><span class="pi">:</span> <span class="m">25</span> <span class="na">private_subnets</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">private1</span> <span class="na">mask</span><span class="pi">:</span> <span class="m">21</span> <span class="na">isolated_subnets</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">isolated1</span> <span class="na">mask</span><span class="pi">:</span> <span class="m">21</span> </code></pre> </div> <p>AWS has then notion of organising cloud resources into accounts and regions, so this is something that is relevant for provisioning cloud resources. The rest of the structure has a mix of networking related information, essentially telling us how a network configuration should be set up.</p> <p>The configuration has a mix of single values, some in a hierarchy, some in lists/arrays. There is a mix of strings and numbers. There are restrictions on what may be valid values for several fields. All of that is invisible to us in the YAML file, though.</p> <p>Let us start by converting this YAML into CUE. We can do this with the cue import command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>cue import network_config.yaml </code></pre> </div> <p>This will produce a <strong>network_config.cue</strong> file, with the same content, which looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>account: "123456789012" region: "eu-north-1" network: { vpc_cidr: "10.100.0.0/16" az_count: 2 nat_gateway_count: 1 public_mask: 25 private_subnets: [{ name: "private1" mask: 21 }] isolated_subnets: [{ name: "isolated1" mask: 21 }] } </code></pre> </div> <p>As you can see, it looks fairly similar. CUE is a superset of JSON, any valid JSON is also valid CUE. However, there is a lot more to CUE, and it has a more readable syntax than plain JSON and does not have white-space/indentation formatting of YAML. It does not require commas between key-value pairs either.</p> <p>One thing to note here also is that string values are quoted, always - like JSON and unlike YAML.</p> <p><em>We will use this generated as a starting point to define data validation for our YAML configuration.</em></p> <h2> Define data validation </h2> <p>The CUE language has an unusual property which sets it apart from many other languages and formats - types and values are the same. <em>Not the same as only same type of structure, like JSON and JSON Schema,</em> <strong><em>but actually the same</em>.</strong></p> <p>Our CUE file is just as much a schema definition as it is actual data values. The CUE command-line tool has the command <strong>cue vet</strong> to perform validation. You can provide both CUE and non-CUE files (e.g. JSON or YAML) to validate. So if we want to validate our YAML configuration towards the CUE data, we can run the command.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ cue vet network_config.cue network_config.yaml </code></pre> </div> <p>There is no output, which means it validated ok. You might think, how do I really know it has performed some validation here? Let us just change a value in the CUE file, for example, the "eu-north-1" value to "eu-west-1", then run the cue vet command again.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ cue vet network_config.cue network_config.yaml region: conflicting values <span class="s2">"eu-west-1"</span> and <span class="s2">"eu-north-1"</span>: ./network_config.cue:2:10 ./network_config.yaml:2:10 </code></pre> </div> <p>As you can see, it now reports that there is a conflict, and points out where the data is conflicting in these files. So the validation works.</p> <p>It is meaningless, though, to only have a hard-coded configuration to validate against. So let us generalise this a bit! </p> <ol> <li>For the region parameter, let us decide that we only allow the values "eu-north-1" and "eu-west-1"</li> <li>For other values, let us define general string and integer types. </li> </ol> <p>The updated CUE file looks like below then. We have not added <strong>string</strong> and <strong>int</strong> types, and we have with the "|" character told CUE that either "eu-west-1" or "eu-north-1" are valid values, but nothing else.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>account: string region: "eu-west-1" | "eu-north-1" network: { vpc_cidr: string az_count: int nat_gateway_count: int public_mask: int private_subnets: [{ name: string mask: int }] isolated_subnets: [{ name: string mask: int }] } </code></pre> </div> <p>If we run <strong>cue vet</strong> on this CUE file and the YAML file, we can see that it is still valid. In CUE, we can mix actual values with type definitions, that is all the same. </p> <h2> Reusable definitions and lists </h2> <p>We can see in the structure that we have two lists/array structures under private_subnets and isolated_subnets. The data structures in each of these are the same for both as well. Right now, if we would add another element in either of these lists in the YAML configuration, the validation would fail. So how can we make a reusable definition for the structure in the lists and also allow an arbitrary number of them in each list?</p> <p>In CUE, a reusable description of a structure is called a <strong>Definition</strong>, and it looks like any other structure, only that <em>the name itself is prefixed with "#"</em> (or "_#", but that is out of scope for now). We can in the list use a spread operator "..." to define a variable number of elements in the list. Our new CUE file looks like this now:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>account: string region: "eu-west-1" | "eu-north-1" network: { vpc_cidr: string az_count: int nat_gateway_count: int public_mask: int private_subnets: [...#Subnet] isolated_subnets: [...#Subnet] } #Subnet: { name: string mask: int } </code></pre> </div> <p>You can run <strong>cue vet</strong> to check that it is still valid. In this case, we put the <strong>#Subnet</strong> definition after the rest, we just as well put it first as well. <em>The order does not matter to CUE</em>. This property becomes important when we organise our data in different ways.</p> <h2> Adding constraints </h2> <p>Next step is to add additional constraints on some fields. The integer fields we use cannot have any integer value. We have a few constraints we would like to impose on these fields:</p> <ol> <li>The <strong>az_count</strong> fields refers to the number of <em>Availability Zones</em> that our AWS network setup should include. In most AWS regions, this would be a number between 1 and 3.</li> <li>The <strong>nat_gateway_count</strong> field refers to the number of <em>NAT Gateways</em> provisioned. This is an infrastructure component that may be the same value as the number of availability zones, but could also be fewer. It should not be larger than the number of availability zones.</li> <li>The <strong>mask</strong> and <strong>public_mask</strong> fields can only have integer values between 16 and 28. This is a hard limitation set by AWS.</li> </ol> <p>Besides types and values, we can also add constraints to our fields. The above rules can be described in the example below:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>account: string region: "eu-west-1" | "eu-north-1" network: { vpc_cidr: string az_count: int &amp; &gt;=1 &amp; &lt;=3 nat_gateway_count: int &amp; &gt;=1 &amp; &lt;=az_count public_mask: #Netmask private_subnets: [...#Subnet] isolated_subnets: [...#Subnet] } #Netmask: int &amp; &gt;=16 &amp; &lt;=28 #Subnet: { name: string mask: #Netmask } </code></pre> </div> <p>We added another reusable definition for the mask value, since that is used in two different fields. The constraints can be combined with the type data, or actual values. Multiple types/constraints/values for a field can be combined with the "&amp;" symbol.</p> <p>The syntax is concise, and also easy to read.</p> <p>Now let us look at the strings. There are two fields, <strong>account</strong> and <strong>vpc_cidr</strong>, which we should impose some constraints on. An AWS account is a string value that always comprises 12 digits. The VPC CIDR value is a combination of an IP address, a slash, and a net mask value. One way to approach the constraints here is to use regular expressions to define what is allowed. If you are not familiar with regular expression syntax, this will be a bit like keyboard noise to you. Fear not, you are not alone! It is useful to define restrictions on string patterns, and we use that to define the constraints on <strong>account</strong> and <strong>vpc_cidr</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>account: string &amp; =~"^[0-9]{12}$" region: "eu-west-1" | "eu-north-1" network: { vpc_cidr: #CIDR az_count: int &amp; &gt;=1 &amp; &lt;=3 nat_gateway_count: int &amp; &gt;=1 &amp; &lt;=az_count public_mask: #Netmask private_subnets: [...#Subnet] isolated_subnets: [...#Subnet] } #CIDR: string &amp; =~"^10\\.(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){2}(0|16|32|64|128)(\\/(2[0-8]|1[6-9]))$" #Netmask: int &amp; &gt;=16 &amp; &lt;=28 #Subnet: { name: string mask: #Netmask } </code></pre> </div> <p>You can run <strong>cue vet</strong> and see that it still validates. Try also to change any of the values that we have put constraints on to see what the result will be if we violate the constraints and run <strong>cue vet</strong>.</p> <p>Let us do one more modification here, set a default value. For the <strong>vpc_cidr</strong> field, if no value is specified, with will use the string "10.0.0.0/16" as the default value. We use an asterisk to denote a default value:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>account: string &amp; =~"^[0-9]{12}$" region: "eu-west-1" | "eu-north-1" network: { vpc_cidr: *"10.0.0.0/16" | #CIDR az_count: int &amp; &gt;=1 &amp; &lt;=3 nat_gateway_count: int &amp; &gt;=1 &amp; &lt;=az_count public_mask: #Netmask private_subnets: [...#Subnet] isolated_subnets: [...#Subnet] } #CIDR: string &amp; =~"^10\\.(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){2}(0|16|32|64|128)(\\/(2[0-8]|1[6-9]))$" #Netmask: int &amp; &gt;=16 &amp; &lt;=28 #Subnet: { name: string mask: #Netmask } </code></pre> </div> <p>We have dipped our toes into how to define schemas and constraints with CUE. There is more to explore here, however, these basics can get you a good start. </p> <h2> Enforcing validation </h2> <p>We have validated our YAML configuration, and this has worked fine. However, if we add another dummy entry to our YAML configuration and run cue vet on that, it will still work fine.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">account</span><span class="pi">:</span> <span class="s2">"</span><span class="s">123456789012"</span> <span class="na">region</span><span class="pi">:</span> <span class="s">eu-north-1</span> <span class="na">stuff</span><span class="pi">:</span> <span class="m">333</span> <span class="c1">################### Our extra stuff here ###########</span> <span class="na">network</span><span class="pi">:</span> <span class="na">vpc_cidr</span><span class="pi">:</span> <span class="s">10.100.0.0/16</span> <span class="na">az_count</span><span class="pi">:</span> <span class="m">2</span> <span class="na">nat_gateway_count</span><span class="pi">:</span> <span class="m">1</span> <span class="na">public_mask</span><span class="pi">:</span> <span class="m">25</span> <span class="na">private_subnets</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">private1</span> <span class="na">mask</span><span class="pi">:</span> <span class="m">21</span> <span class="na">isolated_subnets</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">isolated1</span> <span class="na">mask</span><span class="pi">:</span> <span class="m">21</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ cue vet network_config.cue network_config.yaml </code></pre> </div> <p>As long as CUE finds valid and non-conflicting data structures, it is all good. If we want to restrict the validation to only accept specific fields, we need to be explicit about what to validate. Let us just add a layer in our schema definition that includes the three top level fields we have, <strong>account</strong>, <strong>region</strong> and <strong>network</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#Config: { account: string &amp; =~"^[0-9]{12}$" region: "eu-west-1" | "eu-north-1" network: { vpc_cidr: *"10.0.0.0/16" | #CIDR az_count: int &amp; &gt;=1 &amp; &lt;=3 nat_gateway_count: int &amp; &gt;=1 &amp; &lt;=az_count public_mask: #Netmask private_subnets: [...#Subnet] isolated_subnets: [...#Subnet] } } #CIDR: string &amp; =~"^10\\.(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){2}(0|16|32|64|128)(\\/(2[0-8]|1[6-9]))$" #Netmask: int &amp; &gt;=16 &amp; &lt;=28 #Subnet: { name: string mask: #Netmask } </code></pre> </div> <p>By defining reusable definition, we can also be specific in what should be included in the non-CUE data we validate when we run <strong>cue vet</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ cue vet <span class="nt">--schema</span> <span class="s1">'#Config'</span> network_config.cue network_config.yaml field not allowed: stuff: ./network_config.yaml:3:2 ./network_config.cue:1:1 ./network_config.cue:1:10 </code></pre> </div> <p>Now our extra stuff is not accepted. Sometimes, though, we want only partial validation and allow for extra items to be present. If our schema definition work is a work in progress, that may very well be the case. In those cases, we can add "..." to our definition, which makes the structure <strong><em>open</em></strong> <em>to other fields</em>, as opposed to the default <strong>closed</strong> structure definition.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#Config: { account: string &amp; =~"^[0-9]{12}$" region: "eu-west-1" | "eu-north-1" network: { vpc_cidr: *"10.0.0.0/16" | #CIDR az_count: int &amp; &gt;=1 &amp; &lt;=3 nat_gateway_count: int &amp; &gt;=1 &amp; &lt;=az_count public_mask: #Netmask private_subnets: [...#Subnet] isolated_subnets: [...#Subnet] } ... } #CIDR: string &amp; =~"^10\\.(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){2}(0|16|32|64|128)(\\/(2[0-8]|1[6-9]))$" #Netmask: int &amp; &gt;=16 &amp; &lt;=28 #Subnet: { name: string mask: #Netmask } </code></pre> </div> <p>Running <strong>cue vet</strong> with this schema definition will accept our extra stuff.</p> <h2> Final words </h2> <p>This has been an introduction to CUE, a quite versatile configuration language which also can play well with existing tooling. This has only scratched the surface of CUE though, and there is a lot more to it!</p> <p>There are some neat material on CUE and some good presentations, at different levels - a few of these can be found here:</p> <p><a href="https://fosdem.org/2022/schedule/event/cue_pratical_guide/" rel="noopener noreferrer">https://fosdem.org/2022/schedule/event/cue_pratical_guide/</a></p> <p><a href="https://cuelang.org" rel="noopener noreferrer">https://cuelang.org</a></p> <p><a href="https://cuetorials.com" rel="noopener noreferrer">https://cuetorials.com</a></p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/jSRXobu1jHk"> </iframe> </p> productivity cue configuration opensource Erik Lundevall Zara Tue, 15 Feb 2022 12:22:30 +0000 https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-6-3idk https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-6-3idk <p>In this article, we are continuing with building our AWS infrastructure, which is a container-based solution running in AWS Elastic Container Service (AWS ECS). </p> <p>Back in <a href="https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-5-mn1">part 5</a>, we set up an Apache web server-based solution running in a container, in a container cluster using AWS ECS, using Typescript as a language to describe the infrastructure. Building the solution, we divided the solution into two separate files:</p> <ul> <li> <strong>bin/my-container-infrastructure.ts</strong> - this is the main program for describing our infrastructure</li> <li> <strong>lib/containers/container-management.ts</strong> - this contains support functions to describe container-based infrastructure</li> </ul> <p><strong>Before adding new feature to our solution, we are going to take a step back and look at what we can do to organise and test the building blocks in our infrastructure-as-code solution</strong>. In particular, testing is something we want to keep in mind right from the start ideally.</p> <p><strong>We will look at how to incorporate testing into what we already have and then continue to add new infrastructure and testing as we move ahead</strong>.</p> <p><em><strong>Warning!</strong> The built-in testing support libraries in AWS CDK expect you to know AWS CloudFormation. Some familiarity of CloudFormation is recommended if you use these.</em></p> <p><strong>Update:</strong></p> <p>This article series uses Typescript as an example language. However, there are repositories with example code for multiple languages. </p> <ul> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-ts" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-ts</a></li> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-python" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-python</a></li> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-go" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-go</a></li> </ul> <p>The repositories will contain all the code examples from the articles series, implemented in different languages with the AWS CDK. You can view the code from specific parts and stages in the series, by checking out the code tagged with a specific part and step in that part, see the README file in each repository for more details.</p> <h2> Different testing </h2> <p>What do we mean by testing? There are various aspects to consider, which include:</p> <ul> <li><em>That we get the infrastructure we expect to have</em></li> <li><em>That the solution and its infrastructure adhere to any security and compliance policies in place</em></li> <li><em>That the solution itself works as expected when deployed with the infrastructure</em></li> </ul> <p>The testing aspect we will focus on here in this article is the first one, that we get the infrastructure we expect to have. This may include both <em>actual resources that will be provisioned</em>, that t*hese resources have expected properties* and that <em>relations between resources are as expected</em>. Also, that we <em>do not introduce unexpected changes</em>.</p> <p>We will treat these tests as unit tests essentially, so they will run in our (local) development environment, and will run in the order of seconds (or minutes).</p> <h3> Who writes the tests? </h3> <p>It depends a bit on how you have the infrastructure-as-code work organised, but the people that build and maintain (re-usable) infrastructure building blocks should write tests for those building blocks. </p> <p>That may mean every developer, or specific platform developers or other groups of people. For YAML/JSON-based infrastructure using CloudFormation, there is limited support for testing and validation of the infrastructure. Frankly, the need may sometimes be limited, since you in those cases also just declare what you want to have, there may not be that much logic to test. However, when you get enough logic and conditions included with CloudFormation YAML/JSON, it can get quite messy.</p> <p>If you use programming languages and AWS CDK, you get a more imperative layer to generate the declarative model. This can both make it easier to make it clear what is intended, but also make it more complex to understand exactly what infrastructure you will get.</p> <h3> Get started with writing tests </h3> <p>Enough preparation talk now, let us get into practical work! If you have followed along in this article series to set up the project using the <strong>cdk init</strong> command for a Typescript project, you will already have some test tooling in place. AWS CDK includes the <strong>Jest test framework</strong> by default in the installation. </p> <p>You can use whichever testing framework you want, though, with the testing support provided in AWS CDK. The examples we will build here will use <em>Jest</em> though, since that it what is set up by default in an AWS CDK project.</p> <p>If you have set up the AWS CDK project as described in <a href="https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-4-45p8">part 4</a> and <a href="https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-5-mn1">part 5</a> of this series, you will have a directory in your project folder named <strong>test</strong>. This is where will take place or tests to write. <em>Since we have cheated and not practiced</em> <strong>test-driven development (TDD)</strong> right from the start, we will build some test for the existing infrastructure we have defined, before moving further with new infrastructure.</p> <h2> Infrastructure recap </h2> <p>Let us first re-cap what we had built so far in the two source files in our project:</p> <p><strong>bin/my-container-infrastructure.ts</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">addCluster</span><span class="p">,</span> <span class="nx">addService</span><span class="p">,</span> <span class="nx">addTaskDefinitionWithContainer</span><span class="p">,</span> <span class="nx">ContainerConfig</span><span class="p">,</span> <span class="nx">TaskConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/containers/container-management</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">my-container-infrastructure</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">env</span><span class="p">:</span> <span class="p">{</span> <span class="na">account</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_ACCOUNT</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_REGION</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="nx">Vpc</span><span class="p">.</span><span class="nf">fromLookup</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">isDefault</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">id</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">my-test-cluster</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="mi">512</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="mi">1024</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="dl">'</span><span class="s1">webserver</span><span class="dl">'</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`taskdef-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">);</span> <span class="nf">addService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`service-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="mi">80</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> </code></pre> </div> <p><strong>lib/containers/container-management.ts</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">IVpc</span><span class="p">,</span> <span class="nx">Peer</span><span class="p">,</span> <span class="nx">Port</span><span class="p">,</span> <span class="nx">SecurityGroup</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">ContainerImage</span><span class="p">,</span> <span class="nx">FargateService</span><span class="p">,</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">LogDriver</span><span class="p">,</span> <span class="nx">TaskDefinition</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ecs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">RetentionDays</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-logs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addCluster</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">):</span> <span class="nx">Cluster</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Cluster</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">TaskConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">cpu</span><span class="p">:</span> <span class="mi">256</span> <span class="o">|</span> <span class="mi">512</span> <span class="o">|</span> <span class="mi">1024</span> <span class="o">|</span> <span class="mi">2048</span> <span class="o">|</span> <span class="mi">4096</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">memoryLimitMB</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">family</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ContainerConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">dockerHubImage</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addTaskDefinitionWithContainer</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span><span class="p">):</span> <span class="nx">TaskDefinition</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateTaskDefinition</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">cpu</span><span class="p">,</span> <span class="na">memoryLimitMiB</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">memoryLimitMB</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">image</span> <span class="o">=</span> <span class="nx">ContainerImage</span><span class="p">.</span><span class="nf">fromRegistry</span><span class="p">(</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">logdriver</span> <span class="o">=</span> <span class="nx">LogDriver</span><span class="p">.</span><span class="nf">awsLogs</span><span class="p">({</span> <span class="na">streamPrefix</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="na">logRetention</span><span class="p">:</span> <span class="nx">RetentionDays</span><span class="p">.</span><span class="nx">ONE_DAY</span><span class="p">,</span> <span class="p">});</span> <span class="nx">taskdef</span><span class="p">.</span><span class="nf">addContainer</span><span class="p">(</span><span class="s2">`container-</span><span class="p">${</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="nx">image</span><span class="p">,</span> <span class="na">logging</span><span class="p">:</span> <span class="nx">logdriver</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">taskdef</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addService</span> <span class="o">=</span> <span class="nf">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">:</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">taskDef</span><span class="p">:</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">port</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">assignPublicIp</span><span class="p">?:</span> <span class="nx">boolean</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">?:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">FargateService</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">sg</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SecurityGroup</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="s2">`</span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">-security-group`</span><span class="p">,</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="s2">`Security group for service </span><span class="p">${</span><span class="nx">serviceName</span> <span class="o">??</span> <span class="dl">''</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">vpc</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="nx">sg</span><span class="p">.</span><span class="nf">addIngressRule</span><span class="p">(</span><span class="nx">Peer</span><span class="p">.</span><span class="nf">anyIpv4</span><span class="p">(),</span> <span class="nx">Port</span><span class="p">.</span><span class="nf">tcp</span><span class="p">(</span><span class="nx">port</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateService</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">cluster</span><span class="p">,</span> <span class="na">taskDefinition</span><span class="p">:</span> <span class="nx">taskDef</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">,</span> <span class="na">securityGroups</span><span class="p">:</span> <span class="p">[</span><span class="nx">sg</span><span class="p">],</span> <span class="na">circuitBreaker</span><span class="p">:</span> <span class="p">{</span> <span class="na">rollback</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="nx">assignPublicIp</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">service</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>We will start with the functions we have defined in <strong>lib/containers/container-management.ts</strong>, <strong>addCluster</strong>, <strong>addService</strong>, and <strong>addTaskDefinitionWithContainer</strong>. We will use the assertions module provided with AWS CDK for your testing, and use Jest to define the tests.</p> <h2> Let us write the first test </h2> <p>To build our first tests, let us create a new file in the <strong>test</strong> directory, called <strong>/containers/container-management.test.ts</strong> and add our test code there. We will start with a single test for the <em>addCluster</em> function and look at how that is built up:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Template</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/assertions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">addCluster</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../../lib/containers/container-management</span><span class="dl">'</span><span class="p">;</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">ECS cluster is defined with existing vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Cluster</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">cluster</span><span class="p">.</span><span class="nx">vpc</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">vpc</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>We include the <em>assertions sub-module</em> from AWS CDK, which has features to generate CloudFormation templates from different sources, and then perform tests on these templates.</p> <p>To use this, we need to create a stack, so we import that as well. Since our <em>addCluster</em> function requires some kind of construct, an identifier and a reference to a <strong>Vpc</strong> <em>construct</em>, we will create an provide that. The stack is possible to create with no AWS CDK App, or even an identifier, so we will just create an empty stack.</p> <p>The actual test code is to call the addCluster function and pick up the resulting cluster object. What are we expecting the result will be?</p> <p>We expect that an ECS cluster has been added to the stack we supply, and the provided VPC parameter is included with the cluster.</p> <p>So testing this, we check two things:</p> <ul> <li>There is a CloudFormation AWS::ECS::Cluster resource in the stack</li> <li>The returned cluster object contains a reference to the provided Vpc object.</li> </ul> <p><strong><em>Note here that in CloudFormation, the ECS cluster (AWS::ECS::Cluster) does not have a reference to a VPC.</em></strong> This is something we can see if we look in the <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html" rel="noopener noreferrer">AWS CloudFormation documentation for the AWS::ECS::Cluster resource</a>.This is purely something that the AWS CDK itself has added, for use later with other constructs. Besides checking that there is an AWS::ECS::Cluster in the stack, we currently do not care more about any details. So for us it suffices to check that the cluster resource is in the stack, and that we have one of it.</p> <p>The <em>AWS CDK Cluster object</em> should have a reference to a <em>Vpc</em> though and it should be the one we provide to the <em>addCluster</em> function. So we simply test that and use the Jest <strong>expect()</strong> function to test this.</p> <p>We can run the test with the command <strong>npm test</strong> and see what we get:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ npm <span class="nb">test</span> <span class="o">&gt;</span> my-container-infrastructure@0.1.0 <span class="nb">test</span> <span class="o">&gt;</span> jest PASS <span class="nb">test</span>/containers/container-management.test.ts <span class="o">(</span>13.649 s<span class="o">)</span> ✓ ECS cluster is defined with existing vpc <span class="o">(</span>125 ms<span class="o">)</span> Test Suites: 1 passed, 1 total Tests: 1 passed, 1 total Snapshots: 0 total Time: 13.739 s, estimated 15 s Ran all <span class="nb">test </span>suites. </code></pre> </div> <p><em>Success!</em> If this would have been a proper test-driven development cycle, we would go through a different feedback loop here, though. For now, we are mainly catching up a bit, though. </p> <p>Our first test case involves both a check that goes down into the generated CloudFormation, and another test which checks the state of a higher level construct. These are both valid types of tests to do, and to what extent you do explicit CloudFormation tests depends on the use case. If you build your own high-level construct from direct CloudFormation resources, it makes sense to do a lot of lower-level testing. If you are combining higher-level constructs, then there might not be the same need.</p> <h2> Task definition testing </h2> <p>Our next test target is the addTaskDefinitionWithContainer function, which should <strong>create an ECS Fargate task definition and associate a container from DockerHub with it</strong>. From that description, we can think about what we could test.</p> <ul> <li>The function signature says it returns a <em>TaskDefinition</em>. We can look for ways that the returned task definition says it will be used with Fargate in its interface. </li> <li>The task definition should have the family, cpu and memory settings we have provided</li> <li>We can also check the underlying CloudFormation <em>AWS::ECS::TaskDefinition</em> that is has been created and has the expected properties.</li> <li>We also need to check that the container we provide has been added to the task definition. We can check if we can use the TaskDefinition object returned to check that.</li> <li>We can also check the underlying CloudFormation for an appropriate <em>AWS::ECS::ContainerDefinition</em> as well.</li> </ul> <p>We can do testing on the higher level constructs the AWS CDK provides, or we can do more low-level testing on the generated CloudFormation.</p> <p>Initially, when I first saw the assertions support functions provided for the AWS CDK, my mind was very much set on testing a lot of CloudFormation details. But I have changed my mind there. <strong>If I am building higher-level constructs from other high-level constructs in AWS CDK, the need to check explicitly generated CloudFormation is slightly limited</strong>. If you build your own constructs which use resources that map directly to CloudFormation resource, then it is very useful to check the generated CloudFormation. In other cases, that is only partially true. <strong>Look at what to can check from the construct interfaces first, and if that is not sufficient, then go to the CloudFormation-oriented tests.</strong></p> <p><strong>I want to consider CloudFormation an implementation detail of the AWS CDK, and preferably not think about it if I can</strong>. <em>It cannot be avoided currently though, and in practice you will have to deal with it sometimes.</em></p> <h3> Test for Fargate Task Definition </h3> <p>Let us take a first stab at the tests for addTaskDefinitionWithContainer and check that we have a task definition that is Fargate compatible.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">ECS Fargate task definition defined</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span> <span class="p">};</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">.</span><span class="nx">isFargateCompatible</span><span class="p">).</span><span class="nf">toBeTruthy</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">stack</span><span class="p">.</span><span class="nx">node</span><span class="p">.</span><span class="nx">children</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">)).</span><span class="nf">toBeTruthy</span><span class="p">();</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">RequiresCompatibilities</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">FARGATE</span><span class="dl">'</span> <span class="p">],</span> <span class="na">Cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">.</span><span class="nf">toString</span><span class="p">(),</span> <span class="na">Memory</span><span class="p">:</span> <span class="nx">memval</span><span class="p">.</span><span class="nf">toString</span><span class="p">(),</span> <span class="na">Family</span><span class="p">:</span> <span class="nx">familyval</span><span class="p">,</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>Again, in this test, we use both higher-level tests and some low-level CloudFormation tests. We can check directly that the returned task definition is <em>Fargate</em> compatible and we can check that it has been added to the stack without resorting to checking the CloudFormation.</p> <p>We can also as before, check at CloudFormation level that one Task Definition has been added. The TaskDefinition interface does not allow us to check for the cpu, memory limit and family values, though, so in this case we would need to dive into the actual CloudFormation. The <strong>Template.hasResourceProperties()</strong> function is quite useful for that. We can specify the properties we expect to find in the resource, and only the properties we are interested in. The other properties we do not need to care about.</p> <p>So we added a check for the cpu, memory and family settings to verify that those are in place.</p> <p><strong><em>Note</em></strong>: If you look at the test code, you see that the <em>Cpu</em> and <em>Memory</em> values are converted to strings. In the <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#aws-resource-ecs-taskdefinition-return-values" rel="noopener noreferrer">CloudFormation documentation examples, these values are numbers</a>. <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-resource-specification.html" rel="noopener noreferrer">However, according to the CloudFormation specification, the values are strings</a>. The AWS CDK generates the direct CloudFormation resources from the specification. So if there is a discrepancy, the AWS CDK is likely handling it correctly.</p> <h3> Test for container definition </h3> <p>Let us add another test to check that the container definition is added to the task definition. Our function creates a task definition with a single container. The TaskDefinition construct can provide a reference to the default container definition, so it makes sense to check that this is in place - there is at least some container definition in place. </p> <p>However, the container definition provided by the AWS CDK does not allow us (easily) to check what the image reference is. So in this case, we might complement this with a CloudFormation-oriented test. In this case, we will still check the <em>AWS::ECS::TaskDefinition</em>, but we will look at a different part of the structure.</p> <p><em><strong>Update 2022-02-10:</strong> From version 2.11 of aws-cdk-lib, the image name is available from the container definition. A check for this is added in the test, without removing the CloudFormation check, as it illustrates nested matching as well.</em></p> <p>In the previous test case, we could just enter the properties we wanted to match with. Here, we will go deeper into the CloudFormation resource, so we have to be a bit more explicit about the type of matching to do.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Container definition added to task definitio</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span> <span class="p">};</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">containerDef</span> <span class="o">=</span> <span class="nx">taskdef</span><span class="p">.</span><span class="nx">defaultContainer</span><span class="p">;</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">.</span><span class="nx">defaultContainer</span><span class="p">).</span><span class="nf">toBeDefined</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">containerDef</span><span class="p">?.</span><span class="nx">imageName</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">imageName</span><span class="p">);</span> <span class="c1">// Works from v2.11 of aws-cdk-lib</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::TaskDefinition</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">ContainerDefinitions</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">Image</span><span class="p">:</span> <span class="nx">imageName</span><span class="p">,</span> <span class="p">}),</span> <span class="p">]),</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>The functions in the <strong>Match</strong> class provide different features to use. <strong>Match.objectLike()</strong> is the same as we did implicitly at the top level in the previous test. <strong>Match.arrayWith()</strong> allows us to check that there is an element in an array that matches what we are looking for. These functions help us check that there is a container definition inside the task definition, and it refers to the DockerHub image we provided.</p> <h2> Test the service </h2> <p>The last function to test here is <strong>addService()</strong>. This is a function that ties our previously defined resources together and adds something we will spin up in a cluster and actually run. We provide a port that should be available to access our service on, and we provide a desired count for the container to run, plus tie all the pieces together.</p> <p>Based on this information and what we have implemented, we can create a test like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Fargate service created, with provided mandatory properties only</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Test setup</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-cluster</span><span class="dl">'</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cpuval</span> <span class="o">=</span> <span class="mi">512</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">memval</span> <span class="o">=</span> <span class="mi">1024</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">familyval</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">taskCfg</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">cpuval</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="nx">memval</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">familyval</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="na">containerCfg</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="nx">imageName</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-taskdef</span><span class="dl">'</span><span class="p">,</span> <span class="nx">taskCfg</span><span class="p">,</span> <span class="nx">containerCfg</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">80</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">desiredCount</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="c1">// Test code</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="nf">addService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test-service</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="nx">port</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">);</span> <span class="c1">// Check result</span> <span class="kd">const</span> <span class="nx">sgCapture</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Capture</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">template</span> <span class="o">=</span> <span class="nx">Template</span><span class="p">.</span><span class="nf">fromStack</span><span class="p">(</span><span class="nx">stack</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">cluster</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">cluster</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">service</span><span class="p">.</span><span class="nx">taskDefinition</span><span class="p">).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">taskdef</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Service</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::ECS::Service</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">DesiredCount</span><span class="p">:</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="na">LaunchType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">FARGATE</span><span class="dl">'</span><span class="p">,</span> <span class="na">NetworkConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">AwsvpcConfiguration</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">AssignPublicIp</span><span class="p">:</span> <span class="dl">'</span><span class="s1">DISABLED</span><span class="dl">'</span><span class="p">,</span> <span class="na">SecurityGroups</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span><span class="nx">sgCapture</span><span class="p">]),</span> <span class="p">}),</span> <span class="p">}),</span> <span class="p">});</span> <span class="nx">template</span><span class="p">.</span><span class="nf">resourceCountIs</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::EC2::SecurityGroup</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">template</span><span class="p">.</span><span class="nf">hasResourceProperties</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS::EC2::SecurityGroup</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">SecurityGroupIngress</span><span class="p">:</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">arrayWith</span><span class="p">([</span> <span class="nx">Match</span><span class="p">.</span><span class="nf">objectLike</span><span class="p">({</span> <span class="na">CidrIp</span><span class="p">:</span> <span class="dl">'</span><span class="s1">0.0.0.0/0</span><span class="dl">'</span><span class="p">,</span> <span class="na">FromPort</span><span class="p">:</span> <span class="nx">port</span><span class="p">,</span> <span class="na">IpProtocol</span><span class="p">:</span> <span class="dl">'</span><span class="s1">tcp</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">]),</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>A new feature added here is the ability to capture values from the generated CloudFormation. This will literally be whatever is at the location where the capture object has been placed. We will just use that as a placeholder for now.</p> <p>If you look at the test built here, you may spot some concerns and issues with our infrastructure design. While the test passes, there are some design issues here.</p> <h2> Does our design suck? Wrapping up </h2> <p>There are several issues one may spot when testing our infrastructure design, some of which include:</p> <ul> <li>Run things as Fargate is implicit in the interface. Should it be?</li> <li>Specifying a port number to access the service through <strong>addService()</strong> is right now fine for a single container instance only. For multiple containers (desiredCount &gt; 1) there would need to be a load balancer.</li> <li>The design opens for traffic from everywhere, regardless of whether it uses public or private IP addresses</li> <li>Do we have the right abstraction level for this? If our test cases become too complicated, maybe we need to find a different approach.</li> <li>No configuration or tweaking of container setup</li> </ul> <p>We skipped some complexities by setting up a container-based environment in a cluster when we did the initial solution. This was a conscious choice then. It is easy to forget about some of these decisions later. <strong>Adding tests is a way both to validate that we get what we want, but also that our design choices for how we build our infrastructure are sound, for our use cases</strong>.</p> <p>We will work with the tests and also change the design somewhat, based on what our end goals are.</p> <p>If you enjoyed this material, you can check out the other parts of this series and other articles at <a href="https://tidycloudaws.com" rel="noopener noreferrer">Tidy Cloud AWS</a>. Send comments, questions, and suggestions!</p> aws cdk devops infrastructure Erik Lundevall Zara Mon, 07 Feb 2022 10:21:55 +0000 https://dev.to/eriklz/how-to-migrate-from-cloudformation-to-aws-cdk-part-1-4obg https://dev.to/eriklz/how-to-migrate-from-cloudformation-to-aws-cdk-part-1-4obg <p>Have you, at least partially, adopted AWS CloudFormation to have better management of your Cloud Infrastructure?</p> <p>Do you feel that your endeavours with CloudFormation get messy and cumbersome to handle?</p> <p>Do you want to find a better way to handle cloud infrastructure better, without redoing all your work?</p> <p>These articles are for you if you answer yes to most of the questions!</p> <p>---READMORE---</p> <p>In these articles, we will explore how we can improve our management of Cloud Infrastructure in AWS by migrating workflow and tooling from plain AWS CloudFormation and manual steps to using AWS Cloud Development Kit (AWS CDK).</p> <p>AWS CDK is a newer generation of cloud infrastructure tools from AWS, which builds upon AWS CloudFormation. It can be adopted to make your Cloud Infrastructure management more enjoyable and less cumbersome.</p> <p>Read the goals and requirements sections below so that you see what to expect. I hope you will get good value from these articles! </p> <h2> Goals </h2> <p>The aim of this series of articles is to explore how go migrate from AWS CloudFormation to AWS Cloud Development Kit (AWS CDK). This includes workflow and tooling aspects.</p> <p>The focus is on migration, and to preserve existing infrastructure when possible, required and desirable - while still benefit from improvements in AWS CDK tooling. Your infrastructure should be less cumbersome and more enjoyable to maintain and update, and automated as much as possible - possibly more than you may have today.</p> <p>By the end of this series of articles, we have explored:</p> <ul> <li>Take an existing AWS CloudFormation solution, preserved, and adapt it to AWS CDK tooling</li> <li>Handle both simple and nested CloudFormation stack solutions</li> <li>Step-wise reorganisation of CloudFormation stacks to a more CDK-oriented model</li> <li>Step-wise replacement of CloudFormation template resources with AWS CDK Constructs</li> <li>Adapting CloudFormation-oriented tooling usage to AWS CDK, like cfn-lint, cfn-nag, etc.</li> <li>Change and adapt parameterisation of stacks, from CloudFormation model to AWS CDK model</li> </ul> <p>If you want to build green field solutions with AWS CDK, then the series How to become an infrastructure-as-code ninja, using AWS CDK is what you should look at. There will be a bit of overlap between the two series.</p> <p>If you already know why you want to use AWS CDK and what you need, you can skip to the installation part, or jump to the first example. </p> <h2> Requirements </h2> <p>There are a few requirements for you to get the most of this series.</p> <ul> <li><p>You should know how to use AWS CloudFormation. You do not need to be an expert, but you should be familiar about wring, reading and deploying CloudFormation stacks.</p></li> <li><p>You need access to an AWS account where you have administrative privileges, temporary or permanent. </p></li> <li><p>You should be able to install software on the computer you use.</p></li> <li><p>You should be able to write and run some small programs with Typescript or Python.</p></li> <li><p>An installation of your programming language of choice, that you can use with AWS CDK. Use a somewhat recent version of each language, such as recent Python version 3, and Typescript version 4).</p></li> <li><p>You also need some basic knowledge of a few common AWS services, like IAM, EC2. </p></li> </ul> <p>The AWS CDK supports multiple programming languages. There will be sample code using two languages in this article series:</p> <ol> <li> <strong>Typescript</strong> - this is the native language of AWS CDK</li> <li> <strong>Python</strong> - a common choice of language for many scripting tasks, and supported by AWS CDK</li> </ol> <p>There are other languages supported as well, but for now we use these two. </p> <p>Later updates of this article series are planned to include additional language examples.</p> <h2> AWS CloudFormation vs AWS Cloud Development Kit </h2> <p>So why would or should you consider migrating to AWS CDK from AWS CloudFormation?</p> <p>What is the value proposition?</p> <p>There are a few areas which may provide benefits:</p> <ol> <li> <strong>It is easier to buil</strong>d and use interfaces at a suitable level for a use case, rather than being forced into low-level details for pretty much everything with CloudFormation.</li> <li> <strong>Better default tooling</strong>. AWS CDK has a command-line tool which makes it rather easy to deploy, update, check for changes and delete Cloud infrastructure stacks. The default tooling using either AWS CLI or AWS Tools for PowerShell frankly sucks in comparison.</li> <li> <strong>Better language tooling</strong>. There are more and better tools to support writing (complex) things in programming languages, than YAML or JSON.</li> <li> <strong>Better organisational capabilities in AWS CDK</strong>, what to put where and how and when to parameterise the infrastructure.</li> </ol> <p>There are also drawbacks that come with AWS CDK:</p> <ol> <li> <strong>Additional complexity.</strong> While CloudFormation YAML/JSON suck to build abstractions, it has the benefit that it is more clear what infrastructure will be generated at a micro-level. You are a bit more at risk shooting yourself in the foot with bad code in AWS CDK.</li> <li> <strong>Dependency on Node.js, and NPM</strong>. Regardless of which programming language you use, you will need to have a <em>Node.js</em> runtime installed from NPM. This is for the command-line tool. </li> <li> <strong>Leaky abstractions</strong>. AWS CDK uses AWS CloudFormation under the hood, and in some areas that show through. This means you need to understand both AWS CDK and some CloudFormation for some scenarios. </li> </ol> <p>You can essentially use AWS CDK command-line tool to make a better workflow and take advantage of <em>benefits 2 and 4</em> and still write your infrastructure with CloudFormation only, or you can go all-in on programming language code, or somewhere in between. We will explore different options as part of the migration efforts we will look at.</p> <h2> AWS CDK Installation </h2> <p>The first step to get started with using AWS CDK to migrate from AWS CloudFormation is to install AWS CDK command-line tool. The tool itself is written in Typescript, and uses the <strong>Node.js</strong> runtime.</p> <p>If you already have <em>Node.js</em> installed on your computer, then that is a great start! You can go on with the actual CDK installation below. If you do not have Node.js you will need to install its runtime.</p> <p>You can download the Node.js runtime from the <a href="https://nodejs.org/en/" rel="noopener noreferrer">Node.js website</a>. The long-term support (LTS) release is the recommended version to use, but you can use some older versions and newer versions as well. </p> <p>You can also install Node.js via different package managers, depending on the computer environment you are working with. See the <a href="https://nodejs.org/en/download/package-manager/" rel="noopener noreferrer">Node.js package manager page</a> for suggestions. You can also download tools there to manage multiple separate versions of Node.js, if needed.</p> <p>If you have Node.js installed, you can install the AWS CDK command-line tool. For any of the supported programming languages that are not Typescript, you want to do a <em>global install</em> of the command-line tool (not a project-local install), since you would likely not use Node.js in the cloud infrastructure project itself. If you intend to use Typescript as a language, both a global install and a project-local install would be valid options. </p> <p>To install the AWS CDK command-line tool globally, run the following command in a shell:</p> <p><code>npm install -g aws-cdk</code></p> <p>The command <strong>npm</strong> is the <em>Node.js package manager</em>, which installs the package <strong>aws-cdk</strong>. It will install the latest version of AWS CDK, which is 2.10.0 at the time of writing this. It is the major version that I would recommend to use if you are new to AWS CDK and are just starting out. If you have AWS CDK version 1, the code will be slightly different, but will work as well. In this context, the differences are small.</p> <p>After installation of the <strong>aws-cdk</strong> package, you will have the command-line tool <strong>cdk</strong> available. You can test that it is available and with the expected version by running it with the <strong>version</strong> argument:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>❯ cdk version 2.10.0 (build e5b301f) </code></pre> </div> <p>If you have that in place, we are now ready to get started with the actual first migration project sample! Time to get our hands dirty, and our cloud infrastructure more tidy! </p> <h2> First sample migration </h2> <p>Since our goal if to migrate existing CloudFormation infrastructure to AWS CDK, we will of course start with some CloudFormation infrastructure. I will show our steps here with a sample CloudFormation template from AWS. You are also free to pick your own one to use. I have a few suggestions for what to pick at this point in time if you bring your own template:</p> <ul> <li>It should be a template which creates only a single stack, no nested templates and stacks.</li> <li>You can use AWS SAM templates, although I would suggest plain CloudFormation templates initially.</li> <li>It should only have a handful of parameters at most, preferably not over 4-5, but not a strict rule. </li> <li>You should be ok with deploying that CloudFormation stack first prior to starting the AWS CDK work, or already have that deployed in an environment (preferably non-production).</li> <li>You can use either YAML or JSON format for your CloudFormation template, both work fine</li> </ul> <p>If you do not have your own template to work with, we will start by using this sample template from AWS: <a href="https://s3.eu-west-1.amazonaws.com/cloudformation-templates-eu-west-1/EC2InstanceWithSecurityGroupSample.template" rel="noopener noreferrer">https://s3.eu-west-1.amazonaws.com/cloudformation-templates-eu-west-1/EC2InstanceWithSecurityGroupSample.template</a></p> <p>This CloudFormation template will create an EC2 instance with an associated security group. It requires an existing KeyPair name for SSH access, for which there are better alternatives nowadays.</p> <p>Using this template will insure some cost as well, for as long as the EC2 instance is running. This cost should be small, as long as you remember to clean it up afterwards. </p> <p>The exact content of the CloudFormation template is not so important, just that we start with a relatively simple template at first. If you use your own template, you can, of course, decide yourself whether it should be cleaned up.</p> <h2> Initalize the project </h2> <p>Before writing any code for our CloudFormation to AWS CDK migration, we should initialise our AWS CDK project to get started.</p> <p>In a command-line shell, create a directory to contain the project, and go to that directory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>my-cfn-cdk-migration <span class="nb">cd </span>my-cfn-cdk-migration </code></pre> </div> <p>In this directory, we will use the CDK command-line tool to initialise a project for Typescript. We use the init app sub-command with the ---language option set to either <strong>typescript</strong>, <strong>python</strong>, or <strong>go</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ cdk init app <span class="nt">--language</span><span class="o">=</span>typescript </code></pre> </div> <p>Applying project template app for typescript<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ cdk init app <span class="nt">--language</span><span class="o">=</span>python </code></pre> </div> <p>Applying project template app for python</p> <p>Each initialisation will create slightly different files, depending on the language. But before looking at any of these files, let us save the CloudFormation template we choose to use in our project file structure. We can create a directory named <strong>cfn</strong> and store the template in there as <strong>sample.template</strong>. If you use Linux, macOS, or Linux on Windows, you could run the command below to use the sample template mentioned:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ <span class="nb">mkdir </span>cfn ❯ curl <span class="nt">--output</span> cfn/sample.template &lt;https://s3.eu-west-1.amazonaws.com/cloudformation-templates-eu-west-1/EC2InstanceWithSecurityGroupSample.template&gt; </code></pre> </div> <p>For each of the languages chosen, we will initially focus on just a single file to write the AWS CDK code to use our existing CloudFormation template (cfn/sample.template):</p> <ul> <li> <strong>Typescript</strong>: bin/my-cfn-cdk-migration.ts</li> <li> <strong>Python</strong>: app.py</li> </ul> <p>We will just start with the code, and then explain the details step by step, along with testing how that works. You see both Typescript and Python code below, and you will find them reasonably similar. The code comprises essentially five areas:</p> <ul> <li>Import of modules and class/structure definitions</li> <li>Environment setup</li> <li>AWS CDK App and Stack initialisation</li> <li>Inclusion of CloudFormation template</li> <li>Synthesize CloudFormation </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="cp">#!/usr/bin/env node </span><span class="k">import</span> <span class="dl">'</span><span class="s1">source-map-support/register</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">path</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">path</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">Environment</span><span class="p">,</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">CfnInclude</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/cloudformation-include</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">env</span><span class="p">:</span> <span class="nx">Environment</span> <span class="o">=</span> <span class="p">{</span> <span class="na">account</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_ACCOUNT</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_REGION</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">stackName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">mystack</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">wrapper-stack</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">env</span><span class="p">,</span> <span class="nx">stackName</span> <span class="p">});</span> <span class="k">new</span> <span class="nc">CfnInclude</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">included-template</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">templateFile</span><span class="p">:</span> <span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nf">cwd</span><span class="p">(),</span> <span class="dl">'</span><span class="s1">cfn</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">sample.template</span><span class="dl">'</span><span class="p">),</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">synth</span><span class="p">();</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#!/usr/bin/env python3 </span><span class="kn">import</span> <span class="n">os</span> <span class="kn">from</span> <span class="n">aws_cdk</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">App</span><span class="p">,</span> <span class="n">Environment</span><span class="p">,</span> <span class="n">Stack</span> <span class="p">)</span> <span class="kn">from</span> <span class="n">aws_cdk.cloudformation_include</span> <span class="kn">import</span> <span class="n">CfnInclude</span> <span class="n">env</span> <span class="o">=</span> <span class="nc">Environment</span><span class="p">(</span><span class="n">account</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">'</span><span class="s">CDK_DEFAULT_ACCOUNT</span><span class="sh">'</span><span class="p">),</span> <span class="n">region</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">'</span><span class="s">CDK_DEFAULT_REGION</span><span class="sh">'</span><span class="p">))</span> <span class="n">stack_name</span> <span class="o">=</span> <span class="sh">'</span><span class="s">mystack</span><span class="sh">'</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">App</span><span class="p">()</span> <span class="n">stack</span> <span class="o">=</span> <span class="nc">Stack</span><span class="p">(</span><span class="n">app</span><span class="p">,</span> <span class="sh">'</span><span class="s">wrapper-stack</span><span class="sh">'</span><span class="p">,</span> <span class="n">env</span><span class="o">=</span><span class="n">env</span><span class="p">,</span> <span class="n">stack_name</span><span class="o">=</span><span class="n">stack_name</span><span class="p">)</span> <span class="nc">CfnInclude</span><span class="p">(</span><span class="n">stack</span><span class="p">,</span> <span class="sh">'</span><span class="s">included-template</span><span class="sh">'</span><span class="p">,</span> <span class="n">template_file</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">os</span><span class="p">.</span><span class="nf">getcwd</span><span class="p">(),</span> <span class="sh">'</span><span class="s">cfn</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">sample.template</span><span class="sh">'</span><span class="p">))</span> <span class="n">app</span><span class="p">.</span><span class="nf">synth</span><span class="p">()</span> </code></pre> </div> <p>Let us start with the <strong>App</strong> and <strong>Stack</strong> parts. When we use the AWS CDK, all infrastructure we manage as some kind of larger scale unit is grouped into an <em>App</em>. This the top-level container, which contains everything that you can provision in the project or solution you are working with.</p> <p>Each App may comprise one or more <em>stacks</em>. A <strong>Stack</strong> is a collection of AWS resources that you provide and manage as a unit. It could be your whole solution, or it could be just one part of a solution. An AWS CDK stack maps 1-to-1 with a CloudFormation stack.</p> <p>For Stacks, we can in AWS CDK attach <strong>Constructs</strong>, which are a logical grouping of <strong>Resources</strong>, which are the same type of resources that you represent in CloudFormation as well. In the code, we have a <strong>CfnInclude</strong> <em>construct</em>, which performs the inclusion of a CloudFormation template, a <em>Stack</em> and an <em>App</em> in AWS CDK. The only parameter here so far is to point to the CloudFormation template in our project. This is the stuff to include into the AWS CDK App and the related stack.</p> <p>We also have the concept of an <strong>Environment</strong>, which in AWS CDK context is a combination of AWS account and AWS region. A CDK App can target multiple accounts and/or multiple regions within the same app.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz88f0oiv29csnc3sit01.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz88f0oiv29csnc3sit01.png" alt="AWS CDK concepts" width="636" height="481"></a></p> <p>The environment setup in the code is essentially using two environment variables that the AWS CDK has built in, which captures whatever is the current AWS account id and AWS region, based on the currently active AWS credentials that you use. <strong>CDK_DEFAULT_ACCOUNT</strong> and <strong>CDK_DEFAULT_REGION</strong> are the names of these environment variables.</p> <p>So this approach assumes you have done your work to activate an AWS credentials profile, or set environment variables for credentials or equivalent, and then the CDK code will get the account and region info from that. This can be fine for development environments, but in particular with production environments, you would want some additional guardrails. For now, that is not our focus, though.</p> <p>The final area is to <em>synthesize to CloudFormation</em>. This the task of the code <code>app.synth()</code>. It generates the underlying CloudFormation.</p> <p>You can put the code into the program files mentioned above, <strong>app.py</strong> or <strong>bin/my-cfn-cdk-migration.ts</strong>.</p> <p><em>You can see the hierarchy shown in the picture in the code itself</em>. The <strong>App</strong> itself is just created, we have an object for that. The line with the <strong>Stack</strong> creation <em>adds a reference to the App</em>, <em>plus a name which is the name of the stack in this case</em>. After that, there are additional parameters for the environment.</p> <p>The <strong>CfnInclude</strong> <em>creation</em> follows the same pattern. It <em>adds a reference to the Stack, plus a name</em>. After that, there are additional parameters, in this case, a reference to the CloudFormation template file.</p> <p><em>All logical resource groupings in AWS CDK follow the same pattern</em> - <strong>a reference to the parent in a hierarchy and a name</strong>. With a Stack, the <em>name is the same as the name of the CloudFormation stack in AWS</em>. Below the <em>stack</em> level, into construct territory, <em>there is less concern with having a specific name</em>. <em>However, a name will need to be unique under a specific parent in the hierarchy.</em></p> <p><strong><em>Note</em></strong>: If you have not already deployed <em>sample.template</em> CloudFormation to an environment without using the AWS CDK, now is the time to do this. We will assume below that the CloudFormation template already has been deployed, and the work we do will be in the light of changes to do when we have an existing (non-CDK) infrastructure already in place.</p> <p>So deploy it, if you need to. We will wait...</p> <p>... alright, done now? Great!</p> <p>Also, <strong>note down the name of the CloudFormation stack you have deployed</strong>. <em>This is important</em>. If the name is not the same as the name set in the Stack object in the code, <strong>change the name of the stack in the code</strong> <strong>to match the deployed stack</strong>.</p> <p>The AWS CDK initialisation we did before with the <strong>cdk init</strong> command behaved slightly differently depending on the language we choose to use. For <em>Typescript</em>, the cdk init performed the needed package installation. For <em>Python</em>, we have a bit more to do:</p> <p>For Python, <em>activate the virtual environment</em> that <em>cdk init created for you</em>. In Linux och macOS, run</p> <p><code>source ./.venv/bin/activate</code></p> <p>and in Windows</p> <p><code>.venv\Scripts\activate.bat</code></p> <p>To activate the virtual environment that has been set up. Then run the package installation:</p> <p><code>pip3 install -r requirements.txt</code></p> <p>This will install the required AWS CDK packages. We have now:</p> <ul> <li>An initialised AWS CDK project</li> <li>Required AWS CDK packages installed</li> <li>An AWS CDK app wrapper around our existing CloudFormation template</li> </ul> <p>Now it is time to look closer to the code and actually check that this AWS CDK app actually works!</p> <h2> Checking for CloudFormation changes </h2> <p>Since the plan here is to do a migration from an existing CloudFormation infrastructure deployment to use AWS CDK, we want really everything to be the same when we use AWS CDK. No messing around with our existing infrastructure!</p> <p>So what we want first is to <em>check that what we have with AWS CDK matches what we have already deployed before</em>. We can use the AWS CDK command-line tool for this. <em>All commands should be executed in the same directory as the</em> <strong><em>cdk.json</em></strong> <em>file is in</em>, which is the root directory of our project.</p> <p><strong><em>Note</em></strong>: <em>you have to have your AWS credentials in place when you run the AWS CDK commands, since you will work towards the target AWS environment. It does not matter whether you set AWS regular environment variables (e.g. AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID, AWS_DEFAULT_REGION, etc) or use AWS credentials profiles. If you use AWS credentials profiles, add a --profile profile_name to each command line to specify the name of the profile, if the profile name is not default.</em></p> <p>The AWS CDK command-line tool has a sub-command <strong>diff</strong>, which can compare the under-the-hood generated CloudFormation with what is actually deployed. If you run the <strong>cdk diff</strong> command and run it with the sample template we have, and the stack name is correct, and you have set the AWS credentials for your environment, see the following output (expect probably to wait 10-15 seconds):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ cdk diff <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSInstanceType2Arch] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSInstanceType2NATArch] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSRegionArch2AMI] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap Stack mystack Parameters <span class="o">[</span>+] Parameter BootstrapVersion BootstrapVersion: <span class="o">{</span><span class="s2">"Type"</span>:<span class="s2">"AWS::SSM::Parameter::Value&lt;String&gt;"</span>,<span class="s2">"Default"</span>:<span class="s2">"/cdk-bootstrap/hnb659fds/version"</span>,<span class="s2">"Description"</span>:<span class="s2">"Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"</span><span class="o">}</span> Other Changes <span class="o">[</span>+] Unknown Rules: <span class="o">{</span><span class="s2">"CheckBootstrapVersion"</span>:<span class="o">{</span><span class="s2">"Assertions"</span>:[<span class="o">{</span><span class="s2">"Assert"</span>:<span class="o">{</span><span class="s2">"Fn::Not"</span>:[<span class="o">{</span><span class="s2">"Fn::Contains"</span>:[[<span class="s2">"1"</span>,<span class="s2">"2"</span>,<span class="s2">"3"</span>,<span class="s2">"4"</span>,<span class="s2">"5"</span><span class="o">]</span>,<span class="o">{</span><span class="s2">"Ref"</span>:<span class="s2">"BootstrapVersion"</span><span class="o">}]}]}</span>,<span class="s2">"AssertDescription"</span>:<span class="s2">"CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."</span><span class="o">}]}}</span> </code></pre> </div> <p>If you use your own CloudFormation template and stack, the FindInMap warnings will probably not be the same, since these depend on the specific CloudFormation template in use. We can ignore these warnings for now as well. It is only a potential optimisation that could be done.</p> <p>There are two resources that are shown with plus signs, so if we deploy the stack in the AWS CDK App, these would be added to the stack. There are no resources with minus signs in front of them, which means there are no resources removed. The differences are shown at the CloudFormation level, so it is beneficial to know a bit of CloudFormation for this type of operation.</p> <p><em>What are these added entries?</em></p> <p>The first entry is an <em>added CloudFormation template parameter</em>, called <strong>BootstrapVersion</strong>. The value will automatically be retrieved from this parameter in Parameter Store when CloudFormation deploys the stack.</p> <p>The second entry <em>is a CloudFormation rule</em>, <strong>which performs validation</strong> of <strong>BootstrapVersion</strong>. Have a recent enough bootstrap done, otherwise the stack deployment will fail.</p> <p>We will cover the bootstrapping in the next section below. What we can see here, though, is that, except for this bootstrapping part, there are no changes. As long as we can accept this bootstrap parameter and added rule validation, it will be all the same.</p> <p><strong>All AWS CDK stacks will have this type of parameter and rule</strong>. It is part of the baseline you can expect.</p> <p>You can see the generated CloudFormation template from AWS CDK by running the <strong>cdk synth</strong> command. The output should be identical to the original CloudFormation template, with the addition of the parameter and rule for <strong>BootstrapVersion</strong>.</p> <h2> What is bootstrapping? </h2> <p>To actually deploy stacks in an AWS CDK App, <em>you need to bootstrap</em> <strong>the target environment.</strong> The bootstrap process will create an S3 bucket, and at least some IAM roles, and the BootstrapVersion parameter in Parameter Store. </p> <p>The S3 bucket is used to upload things to deploy basically. If you use plain CloudFormation, you know that for many cases you will need to upload CloudFormation template files to some S3 bucket first, before it can be used.</p> <p>The AWS CDK bootstrap creates such a bucket for you and handles the uploads and references to uploaded data under the hood for you, so you do not need to worry about it. This simplifies workflows with AWS CDK.</p> <p><em>The bootstrap process is a onetime task for each target environment (account plus region combination)</em>. You do that once, and then do not have to do that again - only if there were some changes in prerequisites for the environment, you may need to perform an update at some point. For all normal interactions, though, once you have bootstrapped you are good to do not have to think about it again.</p> <p>To bootstrap the current target environment, you simply execute the command <strong>cdk bootstrap</strong>. It will deploy a CloudFormation stack with the resources that belong to the bootstrapping, with a (default) name of the stack as <strong>CDKToolkit</strong>. </p> <p>Please run <strong>cdk bootstrap</strong> in your target environment. It is needed for us to perform any changes/updates on our target stack. If you prefer not to do any updates, just read about the rest. <em>But in order to perform actual changes with AWS CDK, you need to bootstrap first.</em></p> <h2> Deploy update to stack </h2> <p>Once we have bootstrapped our target environment, we can deploy this update to our existing stack. This is also something to think about whether you want to adopt AWS CDK as a wrapper around your existing CloudFormation infrastructure. AWS CDK will add this bootstrap information, as well as additional metadata to the CloudFormation stacks it deploys. </p> <p>You can keep working with your existing CloudFormation templates and edit those. In addition, you also have an AWS CDK wrapper code around your CloudFormation templates, plus use the AWS DK command-line tool. You will get bootstrap and metadata added to the stacks if you choose to use AWS CDK commands for deployment and management. Mixing that with other deployment methods for CloudFormation stacks may not be optimal.</p> <p><strong>So a strong recommendation here is to experiment with AWS CDK command-line tool and see if you think it brings value, compared to what you use today</strong>.</p> <p>That being said, let us look at deploying these changes to the stack. To perform the update to the stack, we can simply run the <strong>cdk deploy</strong> command. Since we only have a single stack in the AWS CDK app, it will simply deploy that stack using the current AWS credentials.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ cdk deploy <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSInstanceType2Arch] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSInstanceType2NATArch] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSRegionArch2AMI] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap ✨ Synthesis <span class="nb">time</span>: 10.36s mystack: deploying... <span class="o">[</span>0%] start: Publishing 4dcb1b0af0f37ffd3820e5c6c660615d743078920ae05497462670220e892d74:current_account-eu-west-1 <span class="o">[</span>100%] success: Published 4dcb1b0af0f37ffd3820e5c6c660615d743078920ae05497462670220e892d74:current_account-eu-west-1 mystack: creating CloudFormation changeset... ✅ mystack ✨ Deployment <span class="nb">time</span>: 25.58s Outputs: mystack.AZ <span class="o">=</span> eu-west-1b mystack.InstanceId <span class="o">=</span> i-08ec677b2ca564471 mystack.PublicDNS <span class="o">=</span> ec2-63-35-162-187.eu-west-1.compute.amazonaws.com mystack.PublicIP <span class="o">=</span> 63.35.162.187 Stack ARN: arn:aws:cloudformation:eu-west-1:123456789012:stack/mystack/ffc6cc30-7e98-11ec-8c08-0244eda65617 ✨ Total <span class="nb">time</span>: 35.94s </code></pre> </div> <p>After executing the deployment of the stack, you can run the <strong>cdk diff</strong> command again. You will see that there are no differences between the generated output from the AWS CDK app and the actual deployed stack.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ cdk diff <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSInstanceType2Arch] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSInstanceType2NATArch] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSRegionArch2AMI] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap Stack mystack There were no differences </code></pre> </div> <p>The stack generated from our AWS CDK app is now the same as what we have deployed. No real changes, just extra information that AWS CDK itself requires. Next step is to do some <strong>real changes</strong>, and also <em>look at handling parameters we send in during stack creation/update</em>.</p> <h2> Updating parameters and stacks </h2> <p>Let us now look at how we can update our stacks using AWS CDK. We start with changing the existing parameters. You noticed that by default, we were not required to re-enter any existing parameters if we updated the existing stack. This is normal behaviour for CloudFormation as well.</p> <p>However, if we want to change an existing parameter when we deploy a stack, we can add that on the command-line, using the <strong>---parameters</strong> option. In our sample template, we have a parameter InstanceType, which specifies what type of EC2 instance we shall deploy. By default, it deploys a t2.small instance. We can change that to a “t2.micro" instance, for example, by changing the parameter on the command-line when we deploy it. We need to specify the name of the stack and the name of the parameter. <em>Remember that an AWS CDK app can contain multiple stacks!</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ cdk deploy <span class="nt">--parameters</span> mystack:InstanceType<span class="o">=</span>t2.micro <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSInstanceType2Arch] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSInstanceType2NATArch] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSRegionArch2AMI] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap ✨ Synthesis <span class="nb">time</span>: 10.65s mystack: deploying... <span class="o">[</span>0%] start: Publishing 4dcb1b0af0f37ffd3820e5c6c660615d743078920ae05497462670220e892d74:current_account-eu-west-1 <span class="o">[</span>100%] success: Published 4dcb1b0af0f37ffd3820e5c6c660615d743078920ae05497462670220e892d74:current_account-eu-west-1 mystack: creating CloudFormation changeset... ✅ mystack ✨ Deployment <span class="nb">time</span>: 114.52s Outputs: mystack.AZ <span class="o">=</span> eu-west-1b mystack.InstanceId <span class="o">=</span> i-08ec677b2ca564471 mystack.PublicDNS <span class="o">=</span> ec2-34-245-79-51.eu-west-1.compute.amazonaws.com mystack.PublicIP <span class="o">=</span> 34.245.79.51 Stack ARN: arn:aws:cloudformation:eu-west-1:123456789012:stack/mystack/ffc6cc30-7e98-11ec-8c08-0244eda65617 ✨ Total <span class="nb">time</span>: 125.17s </code></pre> </div> <p>If we try to run <strong>cdk diff</strong> using <strong>---parameters</strong> option, that will not work through. The <strong>cdk diff</strong> command does not support <strong>---parameters</strong>, at least not at the time of writing this. Is there a way to overcome this issue?</p> <p>AWS CDK only provides support for CloudFormation parameters to be <em>compatible with CloudFormation</em>. You can resolve values <strong>when you run the code, and when you deploy the generated stacks, through different means</strong>.</p> <p>We can include the parameters directly in the <strong>CfnInclude</strong> construct creation. How we get these parameters are up to us - from command-line, from some other file, hard-coded, a database or anything else we can do with some code. In our example here, I have simply added a variable in the code with the desired value.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="cp">#!/usr/bin/env node </span><span class="k">import</span> <span class="dl">'</span><span class="s1">source-map-support/register</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">path</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">path</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">Environment</span><span class="p">,</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">CfnInclude</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/cloudformation-include</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">env</span><span class="p">:</span> <span class="nx">Environment</span> <span class="o">=</span> <span class="p">{</span> <span class="na">account</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_ACCOUNT</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_REGION</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">stackName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">mystack</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">wrapper-stack</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">env</span><span class="p">,</span> <span class="nx">stackName</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">instanceType</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">t2.small</span><span class="dl">'</span><span class="p">;</span> <span class="k">new</span> <span class="nc">CfnInclude</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">included-template</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">templateFile</span><span class="p">:</span> <span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nf">cwd</span><span class="p">(),</span> <span class="dl">'</span><span class="s1">cfn</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">sample.template</span><span class="dl">'</span><span class="p">),</span> <span class="na">parameters</span><span class="p">:</span> <span class="p">{</span> <span class="na">InstanceType</span><span class="p">:</span> <span class="nx">instanceType</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">synth</span><span class="p">();</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#!/usr/bin/env python3 </span><span class="kn">import</span> <span class="n">os</span> <span class="kn">from</span> <span class="n">aws_cdk</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">App</span><span class="p">,</span> <span class="n">Environment</span><span class="p">,</span> <span class="n">Stack</span> <span class="p">)</span> <span class="kn">from</span> <span class="n">aws_cdk.cloudformation_include</span> <span class="kn">import</span> <span class="n">CfnInclude</span> <span class="n">env</span> <span class="o">=</span> <span class="nc">Environment</span><span class="p">(</span><span class="n">account</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">'</span><span class="s">CDK_DEFAULT_ACCOUNT</span><span class="sh">'</span><span class="p">),</span> <span class="n">region</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">'</span><span class="s">CDK_DEFAULT_REGION</span><span class="sh">'</span><span class="p">))</span> <span class="n">stack_name</span> <span class="o">=</span> <span class="sh">'</span><span class="s">mystack</span><span class="sh">'</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">App</span><span class="p">()</span> <span class="n">stack</span> <span class="o">=</span> <span class="nc">Stack</span><span class="p">(</span><span class="n">app</span><span class="p">,</span> <span class="sh">'</span><span class="s">wrapper-stack</span><span class="sh">'</span><span class="p">,</span> <span class="n">env</span><span class="o">=</span><span class="n">env</span><span class="p">,</span> <span class="n">stack_name</span><span class="o">=</span><span class="n">stack_name</span><span class="p">)</span> <span class="n">instance_type</span> <span class="o">=</span> <span class="sh">'</span><span class="s">t2.small</span><span class="sh">'</span> <span class="nc">CfnInclude</span><span class="p">(</span><span class="n">stack</span><span class="p">,</span> <span class="sh">'</span><span class="s">included-template</span><span class="sh">'</span><span class="p">,</span> <span class="n">template_file</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">os</span><span class="p">.</span><span class="nf">getcwd</span><span class="p">(),</span> <span class="sh">'</span><span class="s">cfn</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">sample.template</span><span class="sh">'</span><span class="p">),</span> <span class="n">parameters</span><span class="o">=</span><span class="p">{</span> <span class="sh">'</span><span class="s">InstanceType</span><span class="sh">'</span> <span class="p">:</span> <span class="n">instance_type</span><span class="p">,</span> <span class="p">})</span> <span class="n">app</span><span class="p">.</span><span class="nf">synth</span><span class="p">()</span> </code></pre> </div> <p>If you run <strong>cdk diff</strong> after these code changes, you will notice something interesting! The parameter itself is removed completely from the generated CloudFormation, and the actual instance type value is included directly instead!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ cdk diff <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSInstanceType2Arch] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSInstanceType2NATArch] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSRegionArch2AMI] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap Stack mystack Parameters <span class="o">[</span>-] Parameter InstanceType: <span class="o">{</span><span class="s2">"Type"</span>:<span class="s2">"String"</span>,<span class="s2">"Default"</span>:<span class="s2">"t2.small"</span>,<span class="s2">"AllowedValues"</span>:[<span class="s2">"t1.micro"</span>,<span class="s2">"t2.nano"</span>,<span class="s2">"t2.micro"</span>,<span class="s2">"t2.small"</span>,<span class="s2">"t2.medium"</span>,<span class="s2">"t2.large"</span>,<span class="s2">"m1.small"</span>,<span class="s2">"m1.medium"</span>,<span class="s2">"m1.large"</span>,<span class="s2">"m1.xlarge"</span>,<span class="s2">"m2.xlarge"</span>,<span class="s2">"m2.2xlarge"</span>,<span class="s2">"m2.4xlarge"</span>,<span class="s2">"m3.medium"</span>,<span class="s2">"m3.large"</span>,<span class="s2">"m3.xlarge"</span>,<span class="s2">"m3.2xlarge"</span>,<span class="s2">"m4.large"</span>,<span class="s2">"m4.xlarge"</span>,<span class="s2">"m4.2xlarge"</span>,<span class="s2">"m4.4xlarge"</span>,<span class="s2">"m4.10xlarge"</span>,<span class="s2">"c1.medium"</span>,<span class="s2">"c1.xlarge"</span>,<span class="s2">"c3.large"</span>,<span class="s2">"c3.xlarge"</span>,<span class="s2">"c3.2xlarge"</span>,<span class="s2">"c3.4xlarge"</span>,<span class="s2">"c3.8xlarge"</span>,<span class="s2">"c4.large"</span>,<span class="s2">"c4.xlarge"</span>,<span class="s2">"c4.2xlarge"</span>,<span class="s2">"c4.4xlarge"</span>,<span class="s2">"c4.8xlarge"</span>,<span class="s2">"g2.2xlarge"</span>,<span class="s2">"g2.8xlarge"</span>,<span class="s2">"r3.large"</span>,<span class="s2">"r3.xlarge"</span>,<span class="s2">"r3.2xlarge"</span>,<span class="s2">"r3.4xlarge"</span>,<span class="s2">"r3.8xlarge"</span>,<span class="s2">"i2.xlarge"</span>,<span class="s2">"i2.2xlarge"</span>,<span class="s2">"i2.4xlarge"</span>,<span class="s2">"i2.8xlarge"</span>,<span class="s2">"d2.xlarge"</span>,<span class="s2">"d2.2xlarge"</span>,<span class="s2">"d2.4xlarge"</span>,<span class="s2">"d2.8xlarge"</span>,<span class="s2">"hi1.4xlarge"</span>,<span class="s2">"hs1.8xlarge"</span>,<span class="s2">"cr1.8xlarge"</span>,<span class="s2">"cc2.8xlarge"</span>,<span class="s2">"cg1.4xlarge"</span><span class="o">]</span>,<span class="s2">"ConstraintDescription"</span>:<span class="s2">"must be a valid EC2 instance type."</span>,<span class="s2">"Description"</span>:<span class="s2">"WebServer EC2 instance type"</span><span class="o">}</span> Resources <span class="o">[</span>~] AWS::EC2::Instance included-template/EC2Instance EC2Instance replace ├─ <span class="o">[</span>~] ImageId <span class="o">(</span>requires replacement<span class="o">)</span> │ └─ <span class="o">[</span>~] .Fn::FindInMap: │ └─ @@ <span class="nt">-6</span>,9 +6,7 @@ │ <span class="o">[</span> <span class="o">]</span> <span class="o">{</span> │ <span class="o">[</span> <span class="o">]</span> <span class="s2">"Fn::FindInMap"</span>: <span class="o">[</span> │ <span class="o">[</span> <span class="o">]</span> <span class="s2">"AWSInstanceType2Arch"</span>, │ <span class="o">[</span>-] <span class="o">{</span> │ <span class="o">[</span>-] <span class="s2">"Ref"</span>: <span class="s2">"InstanceType"</span> │ <span class="o">[</span>-] <span class="o">}</span>, │ <span class="o">[</span>+] <span class="s2">"t2.small"</span>, │ <span class="o">[</span> <span class="o">]</span> <span class="s2">"Arch"</span> │ <span class="o">[</span> <span class="o">]</span> <span class="o">]</span> │ <span class="o">[</span> <span class="o">]</span> <span class="o">}</span> └─ <span class="o">[</span>~] InstanceType <span class="o">(</span>may cause replacement<span class="o">)</span> └─ @@ <span class="nt">-1</span>,3 +1,1 @@ <span class="o">[</span>-] <span class="o">{</span> <span class="o">[</span>-] <span class="s2">"Ref"</span>: <span class="s2">"InstanceType"</span> <span class="o">[</span>-] <span class="o">}</span> <span class="o">[</span>+] <span class="s2">"t2.small"</span> </code></pre> </div> <p>The reason for this is that AWS CDK can determine the value to set for <em>InstanceType</em> already at the time you run the code. There is no need to have a parameter at all, so the parameter from the original CloudFormation template is eliminated. Run <strong>cdk synth</strong> and look at the generated CloudFormation output where there is no <em>InstanceType</em> parameter anymore.</p> <p>This is a different mental model compared to using CloudFormation. AWS CDK resolves everything it can when running the code, and the other things it does later. This happens under the hood to some extent. <strong>An AWS CDK app may contain all stacks for all environments. The differences are expressed in the code</strong>.</p> <p>It is, of course, possible to not follow that model. AWS CDK tries to facilitate to use this approach, but does not enforce it. You can keep your existing way of working with parameters if you want to keep using AWS CloudFormation templates as your primary source for infrastructure and only use AWS CDK command-line tool to make the workflow a bit more convenient. <strong>If you want to adopt using AWS CDK for the infrastructure, then you should also adapt your approach to handling parameterisation</strong>. </p> <p>You can now run <strong>cdk deploy</strong> to deploy these changes. AWS CDK will perform the update, which will take a few minutes to complete, since it will replace the EC2 instance with a new one. </p> <h2> Another parameter update - security changes </h2> <p>In the same way that we updated <em>InstanceType</em> in our sample template, we can also update the <strong>SSHLocation</strong> parameter. We simply add that in the same way in the code and set the default value <em>0.0.0.0/0</em> in the code.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="cp">#!/usr/bin/env node </span><span class="k">import</span> <span class="dl">'</span><span class="s1">source-map-support/register</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">path</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">path</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">Environment</span><span class="p">,</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">CfnInclude</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/cloudformation-include</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">env</span><span class="p">:</span> <span class="nx">Environment</span> <span class="o">=</span> <span class="p">{</span> <span class="na">account</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_ACCOUNT</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_REGION</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">stackName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">mystack</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">wrapper-stack</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">env</span><span class="p">,</span> <span class="nx">stackName</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">instanceType</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">t2.small</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">sshLocation</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">0.0.0.0/0</span><span class="dl">'</span><span class="p">;</span> <span class="k">new</span> <span class="nc">CfnInclude</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">included-template</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">templateFile</span><span class="p">:</span> <span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nf">cwd</span><span class="p">(),</span> <span class="dl">'</span><span class="s1">cfn</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">sample.template</span><span class="dl">'</span><span class="p">),</span> <span class="na">parameters</span><span class="p">:</span> <span class="p">{</span> <span class="na">InstanceType</span><span class="p">:</span> <span class="nx">instanceType</span><span class="p">,</span> <span class="na">SSHLocation</span><span class="p">:</span> <span class="nx">sshLocation</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">synth</span><span class="p">();</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#!/usr/bin/env python3 </span><span class="kn">import</span> <span class="n">os</span> <span class="kn">from</span> <span class="n">aws_cdk</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">App</span><span class="p">,</span> <span class="n">Environment</span><span class="p">,</span> <span class="n">Stack</span> <span class="p">)</span> <span class="kn">from</span> <span class="n">aws_cdk.cloudformation_include</span> <span class="kn">import</span> <span class="n">CfnInclude</span> <span class="n">env</span> <span class="o">=</span> <span class="nc">Environment</span><span class="p">(</span><span class="n">account</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">'</span><span class="s">CDK_DEFAULT_ACCOUNT</span><span class="sh">'</span><span class="p">),</span> <span class="n">region</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">'</span><span class="s">CDK_DEFAULT_REGION</span><span class="sh">'</span><span class="p">))</span> <span class="n">stack_name</span> <span class="o">=</span> <span class="sh">'</span><span class="s">mystack</span><span class="sh">'</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">App</span><span class="p">()</span> <span class="n">stack</span> <span class="o">=</span> <span class="nc">Stack</span><span class="p">(</span><span class="n">app</span><span class="p">,</span> <span class="sh">'</span><span class="s">wrapper-stack</span><span class="sh">'</span><span class="p">,</span> <span class="n">env</span><span class="o">=</span><span class="n">env</span><span class="p">,</span> <span class="n">stack_name</span><span class="o">=</span><span class="n">stack_name</span><span class="p">)</span> <span class="n">instance_type</span> <span class="o">=</span> <span class="sh">'</span><span class="s">t2.small</span><span class="sh">'</span> <span class="n">ssh_location</span> <span class="o">=</span> <span class="sh">'</span><span class="s">0.0.0.0/0</span><span class="sh">'</span> <span class="nc">CfnInclude</span><span class="p">(</span><span class="n">stack</span><span class="p">,</span> <span class="sh">'</span><span class="s">included-template</span><span class="sh">'</span><span class="p">,</span> <span class="n">template_file</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">os</span><span class="p">.</span><span class="nf">getcwd</span><span class="p">(),</span> <span class="sh">'</span><span class="s">cfn</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">sample.template</span><span class="sh">'</span><span class="p">),</span> <span class="n">parameters</span><span class="o">=</span><span class="p">{</span> <span class="sh">'</span><span class="s">InstanceType</span><span class="sh">'</span> <span class="p">:</span> <span class="n">instance_type</span><span class="p">,</span> <span class="sh">'</span><span class="s">SSHLocation</span><span class="sh">'</span> <span class="p">:</span> <span class="n">ssh_location</span> <span class="p">})</span> <span class="n">app</span><span class="p">.</span><span class="nf">synth</span><span class="p">()</span> </code></pre> </div> <p>If you run a cdk diff on the code, and you use the sample template, you will see an output like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ cdk diff <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSInstanceType2Arch] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSInstanceType2NATArch] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSRegionArch2AMI] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap Stack mystack Security Group Changes ┌───┬────────────────────────────────────────────────────┬─────┬──────────┬─────────────────┐ │ │ Group │ Dir │ Protocol │ Peer │ ├───┼────────────────────────────────────────────────────┼─────┼──────────┼─────────────────┤ │ - │ <span class="k">${</span><span class="nv">included</span><span class="p">-template/InstanceSecurityGroup.GroupId</span><span class="k">}</span> │ In │ TCP 22 │ <span class="k">${</span><span class="nv">SSHLocation</span><span class="k">}</span> │ ├───┼────────────────────────────────────────────────────┼─────┼──────────┼─────────────────┤ │ + │ <span class="k">${</span><span class="nv">included</span><span class="p">-template/InstanceSecurityGroup.GroupId</span><span class="k">}</span> │ In │ TCP 22 │ Everyone <span class="o">(</span>IPv4<span class="o">)</span> │ └───┴────────────────────────────────────────────────────┴─────┴──────────┴─────────────────┘ <span class="o">(</span>NOTE: There may be security-related changes not <span class="k">in </span>this list. See https://github.com/aws/aws-cdk/issues/1299<span class="o">)</span> Parameters <span class="o">[</span>-] Parameter SSHLocation: <span class="o">{</span><span class="s2">"Type"</span>:<span class="s2">"String"</span>,<span class="s2">"Default"</span>:<span class="s2">"0.0.0.0/0"</span>,<span class="s2">"AllowedPattern"</span>:<span class="s2">"(</span><span class="se">\\</span><span class="s2">d{1,3})</span><span class="se">\\</span><span class="s2">.(</span><span class="se">\\</span><span class="s2">d{1,3})</span><span class="se">\\</span><span class="s2">.(</span><span class="se">\\</span><span class="s2">d{1,3})</span><span class="se">\\</span><span class="s2">.(</span><span class="se">\\</span><span class="s2">d{1,3})/(</span><span class="se">\\</span><span class="s2">d{1,2})"</span>,<span class="s2">"ConstraintDescription"</span>:<span class="s2">"must be a valid IP CIDR range of the form x.x.x.x/x."</span>,<span class="s2">"Description"</span>:<span class="s2">"The IP address range that can be used to SSH to the EC2 instances"</span>,<span class="s2">"MaxLength"</span>:<span class="s2">"18"</span>,<span class="s2">"MinLength"</span>:<span class="s2">"9"</span><span class="o">}</span> Resources <span class="o">[</span>~] AWS::EC2::SecurityGroup included-template/InstanceSecurityGroup InstanceSecurityGroup └─ <span class="o">[</span>~] SecurityGroupIngress └─ @@ <span class="nt">-1</span>,8 +1,6 @@ <span class="o">[</span> <span class="o">]</span> <span class="o">[</span> <span class="o">[</span> <span class="o">]</span> <span class="o">{</span> <span class="o">[</span>-] <span class="s2">"CidrIp"</span>: <span class="o">{</span> <span class="o">[</span>-] <span class="s2">"Ref"</span>: <span class="s2">"SSHLocation"</span> <span class="o">[</span>-] <span class="o">}</span>, <span class="o">[</span>+] <span class="s2">"CidrIp"</span>: <span class="s2">"0.0.0.0/0"</span>, <span class="o">[</span> <span class="o">]</span> <span class="s2">"FromPort"</span>: 22, <span class="o">[</span> <span class="o">]</span> <span class="s2">"IpProtocol"</span>: <span class="s2">"tcp"</span>, <span class="o">[</span> <span class="o">]</span> <span class="s2">"ToPort"</span>: 22 </code></pre> </div> <p>A security group rule has the source value changed from a variable to an explicit value 0.0.0.0/0. It is the same value provided via the parameter before, but now it is set already when the code runs. </p> <p>To <strong>have the actual value in the template is better, since you can check the value with security tooling before it is deployed</strong>. So this is an advantage of the AWS CDK model with trying to resolve parameterisation as early as possible.</p> <p>If you run <strong>cdk deploy</strong> to deploy these changes, you will also see a change in the deployment workflow. You will get a prompt asking about security group changes, <em>so that you can do an approval that these changes will be performed</em>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ cdk deploy <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSInstanceType2Arch] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSInstanceType2NATArch] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap <span class="o">[</span>Info at /mystack/included-template/<span class="nv">$Mappings</span>/AWSRegionArch2AMI] Consider making this CfnMapping a lazy mapping by providing <span class="sb">`</span>lazy: <span class="nb">true</span><span class="sb">`</span>: either no findInMap was called or every findInMap could be immediately resolved without using Fn::FindInMap ✨ Synthesis <span class="nb">time</span>: 10.72s This deployment will make potentially sensitive changes according to your current security approval level <span class="o">(</span><span class="nt">--require-approval</span> broadening<span class="o">)</span><span class="nb">.</span> Please confirm you intend to make the following modifications: Security Group Changes ┌───┬────────────────────────────────────────────────────┬─────┬──────────┬─────────────────┐ │ │ Group │ Dir │ Protocol │ Peer │ ├───┼────────────────────────────────────────────────────┼─────┼──────────┼─────────────────┤ │ - │ <span class="k">${</span><span class="nv">included</span><span class="p">-template/InstanceSecurityGroup.GroupId</span><span class="k">}</span> │ In │ TCP 22 │ <span class="k">${</span><span class="nv">SSHLocation</span><span class="k">}</span> │ ├───┼────────────────────────────────────────────────────┼─────┼──────────┼─────────────────┤ │ + │ <span class="k">${</span><span class="nv">included</span><span class="p">-template/InstanceSecurityGroup.GroupId</span><span class="k">}</span> │ In │ TCP 22 │ Everyone <span class="o">(</span>IPv4<span class="o">)</span> │ └───┴────────────────────────────────────────────────────┴─────┴──────────┴─────────────────┘ <span class="o">(</span>NOTE: There may be security-related changes not <span class="k">in </span>this list. See https://github.com/aws/aws-cdk/issues/1299<span class="o">)</span> Do you wish to deploy these changes <span class="o">(</span>y/n<span class="o">)</span>? y mystack: deploying... <span class="o">[</span>0%] start: Publishing 573ae98f43ba74567ae46ffe8df6d11132f8ef444d61e22ee031b763e4562c2b:069901141591-eu-west-1 <span class="o">[</span>100%] success: Published 573ae98f43ba74567ae46ffe8df6d11132f8ef444d61e22ee031b763e4562c2b:069901141591-eu-west-1 mystack: creating CloudFormation changeset... ✅ mystack <span class="o">(</span>no changes<span class="o">)</span> ✨ Deployment <span class="nb">time</span>: 9.83s Outputs: mystack.AZ <span class="o">=</span> eu-west-1b mystack.InstanceId <span class="o">=</span> i-08ec677b2ca564471 mystack.PublicDNS <span class="o">=</span> ec2-34-247-191-237.eu-west-1.compute.amazonaws.com mystack.PublicIP <span class="o">=</span> 34.247.191.237 Stack ARN: arn:aws:cloudformation:eu-west-1:123456789012:stack/mystack/ffc6cc30-7e98-11ec-8c08-0244eda65617 ✨ Total <span class="nb">time</span>: 20.55s </code></pre> </div> <p><strong>The default check is to prompt you for confirmation</strong> if it needs additional access or permissions from before. You can set this behaviour with the <strong>---require-approval</strong> option. It can be set to either <em>never</em>, <em>any-change</em>, or to <em>broadening</em>. The default is broadening.</p> <p>This is a feature that I think is valuable and a minimum sanity check. This is something that adds value if you don't have similar tools before.</p> <h2> Wrapping up </h2> <p>We have the following goals in this series of articles:</p> <ul> <li><strong>Take an existing AWS CloudFormation solution, preserved, and adapt it to AWS CDK tooling</strong></li> <li> <strong>Handle</strong> both <strong>simple</strong> and nested <strong>CloudFormation stack solutions</strong> </li> <li>Step-wise reorganisation of CloudFormation stacks to a more CDK-oriented model</li> <li>Step-wise replacement of CloudFormation template resources with AWS CDK Constructs</li> <li>Adapting CloudFormation-oriented tooling usage to AWS CDK, like cfn-lint, cfn-nag, etc.</li> <li><em>Change and adapt parameterisation of stacks, from CloudFormation model to AWS CDK model</em></li> </ul> <p>We have started with the first point in this list of goals and have partially done point two as well. Finally, we have also started with the sixth point to change and adapt the parameterisation of stacks.</p> <p>This is as far as we will go in this article, and in the next article we will dig further into the template and stack handling with nested CloudFormation templates and stacks.</p> <p>Before signing off in this article, I highly recommend that if you have created new infrastructure with the sample template provided, you clean it up and remove it. This is pretty straightforward with the AWS CDK command-line tool, you simply run the <strong>cdk destroy</strong> command. It will prompt you to confirm that you want to delete the stack, and then delete it, if you answer <em><strong>y</strong>es.</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ cdk destroy Are you sure you want to delete: mystack <span class="o">(</span>y/n<span class="o">)</span>? y mystack: destroying... ✅ mystack: destroyed </code></pre> </div> <p><strong>Do not forget that!</strong></p> <p>I hope you have found this article useful. Comments, questions and suggestions are welcome! You can also send feedback via <a href="https://tidycloudaws.com" rel="noopener noreferrer">Tidy Cloud AWS</a>, or check out other posts there.</p> aws cloudformation productivity cdk Erik Lundevall Zara Mon, 20 Dec 2021 23:48:48 +0000 https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-5-mn1 https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-5-mn1 <p>Now it is time to build a service, running in Elastic Container Service (ECS)!</p> <p>In <a href="https://tidycloudaws.com/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-4/" rel="noopener noreferrer">part 4</a> of our series, we set up an ECS cluster to run our containers using Fargate, so that we do not need to bother with underlying server infrastructure for the containers. We also added a <strong>Task Definition</strong>, so that we could manually start the container and get the Apache web server running.</p> <p>We had a list of goals, which we could cover partially:</p> <ul> <li> <strong>Expose an endpoint for a web server for HTTP traffic from internet.</strong> </li> <li><strong>Web server shall run in a container.</strong></li> <li>The container itself shall not be directly reachable from internet.</li> <li>We should be able to have a service set up so that containers will automatically start when needed.</li> <li>We should be able to build our custom solution for this web server.</li> <li><strong>We should be able to get container images from DockerHub.</strong></li> <li> <strong>We do not care about managing the underlying server infrastructure that runs the containers. I.e., we will use</strong> <strong><em>Fargate</em>.</strong> </li> </ul> <p>Let us now address more points in the goal list, one by one. Since we got the Apache web server running, but had to start it manually. Let us remove that manual step. We can accomplish this by setting up an <strong>ECS Service</strong> for the web server.</p> <p><strong>Update:</strong></p> <p>This article series uses Typescript as an example language. However, there are repositories with example code for multiple languages. </p> <ul> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-ts" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-ts</a></li> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-python" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-python</a></li> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-go" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-go</a></li> </ul> <p>The repositories will contain all the code examples from the articles series, implemented in different languages with the AWS CDK. You can view the code from specific parts and stages in the series, by checking out the code tagged with a specific part and step in that part, see the README file in each repository for more details.</p> <h2> Setting up an ECS Service </h2> <p>An <em>ECS Service</em> will allow us to have a container running, and if the container fails, ECS will start up a new instance of a container automatically. Looking at the <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.FargateService.html" rel="noopener noreferrer">AWS CDK documentation</a>, we can see that we have a <strong>FargateService</strong> class we can use. Let us think a bit about what we need to provide:</p> <ol> <li>The cluster the service should run in</li> <li>The task definition to run as a service</li> <li>The desired number of task instances we should run</li> <li>Any port openings to allow traffic to the container</li> <li>Optionally, a name for the service</li> </ol> <p>To allow traffic to the service, we need a security group. In <a href="https://tidycloudaws.com/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-4/" rel="noopener noreferrer">part 4</a>, when we started a <em>Fargate</em> task, the AWS Console created a security group for us, with an opening for port 80 to the entire world. As a starting point, we aim at re-creating that experience. </p> <p>So we have 5 pieces of information to include. On top of these, we also should provide a logical id for the service, and we add the scope which the service is added to. Let us create a function skeleton for this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">addService</span> <span class="o">=</span> <span class="nf">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">:</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">taskDef</span><span class="p">:</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">port</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">?:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">FargateService</span> <span class="p">{</span> <span class="p">}</span> </code></pre> </div> <p>In the function body, we add code to create a security group, and add an ingress rule for the port we provide.</p> <p>We will then also create the service using <strong>FargateService</strong>, passing in our parameters. Finally, we will return to the service construct. The result looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">addService</span> <span class="o">=</span> <span class="nf">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">:</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">taskDef</span><span class="p">:</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">port</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">?:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">FargateService</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">sg</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SecurityGroup</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="s2">`</span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">-security-group`</span><span class="p">,</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="s2">`Security group for service </span><span class="p">${</span><span class="nx">serviceName</span> <span class="o">??</span> <span class="dl">''</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">vpc</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="nx">sg</span><span class="p">.</span><span class="nf">addIngressRule</span><span class="p">(</span><span class="nx">Peer</span><span class="p">.</span><span class="nf">anyIpv4</span><span class="p">(),</span> <span class="nx">Port</span><span class="p">.</span><span class="nf">tcp</span><span class="p">(</span><span class="nx">port</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateService</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">cluster</span><span class="p">,</span> <span class="na">taskDefinition</span><span class="p">:</span> <span class="nx">taskDef</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">,</span> <span class="na">securityGroups</span><span class="p">:</span> <span class="p">[</span><span class="nx">sg</span><span class="p">],</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">service</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>The function code uses the id provided for the service construct to generate an id for the security group in the function. We make a call to add an ingress rule (incoming traffic) from anywhere using the specified TCP port. This is like what the AWS Console experience generated for us. We essentially replicate this for now, but this is not what we want to have in the end.</p> <p>Now we need to add a call to our new function in our main program, to add the service to our existing code (since part 4) with the ECS cluster and task definition. The call itself a single line in what we have already written before. Notice here that I picked the family name from the task configuration to generate an id value for the service. The desired count for the service is a single task instance.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nf">addService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`service-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="mi">80</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> </code></pre> </div> <p>Now let us put this into its context and look at the code for the whole main program again. We retrieve data for the existing default VPC, which we use when we set up an ECS cluster. We define an ECS task definition using the standard <strong>httpd</strong> web service image, and we use this information to define an ECS service that should run with a single instance of that task.</p> <p>The main program of our code now looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">addCluster</span><span class="p">,</span> <span class="nx">addService</span><span class="p">,</span> <span class="nx">addTaskDefinitionWithContainer</span><span class="p">,</span> <span class="nx">ContainerConfig</span><span class="p">,</span> <span class="nx">TaskConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/containers/container-management</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">my-container-infrastructure</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">env</span><span class="p">:</span> <span class="p">{</span> <span class="na">account</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_ACCOUNT</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_REGION</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="nx">Vpc</span><span class="p">.</span><span class="nf">fromLookup</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">isDefault</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">id</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">my-test-cluster</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="mi">512</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="mi">1024</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="dl">'</span><span class="s1">webserver</span><span class="dl">'</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`taskdef-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">);</span> <span class="nf">addService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`service-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="mi">80</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> </code></pre> </div> <p>We can also look at our container management module and see the functions and data structures we currently have in place there:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">IVpc</span><span class="p">,</span> <span class="nx">Peer</span><span class="p">,</span> <span class="nx">Port</span><span class="p">,</span> <span class="nx">SecurityGroup</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">ContainerImage</span><span class="p">,</span> <span class="nx">FargateService</span><span class="p">,</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">TaskDefinition</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ecs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addCluster</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">):</span> <span class="nx">Cluster</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Cluster</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">TaskConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">cpu</span><span class="p">:</span> <span class="mi">256</span> <span class="o">|</span> <span class="mi">512</span> <span class="o">|</span> <span class="mi">1024</span> <span class="o">|</span> <span class="mi">2048</span> <span class="o">|</span> <span class="mi">4096</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">memoryLimitMB</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">family</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ContainerConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">dockerHubImage</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addTaskDefinitionWithContainer</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span><span class="p">):</span> <span class="nx">TaskDefinition</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateTaskDefinition</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">cpu</span><span class="p">,</span> <span class="na">memoryLimitMiB</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">memoryLimitMB</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">image</span> <span class="o">=</span> <span class="nx">ContainerImage</span><span class="p">.</span><span class="nf">fromRegistry</span><span class="p">(</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">);</span> <span class="nx">taskdef</span><span class="p">.</span><span class="nf">addContainer</span><span class="p">(</span><span class="s2">`container-</span><span class="p">${</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="nx">image</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">taskdef</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addService</span> <span class="o">=</span> <span class="nf">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">:</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">taskDef</span><span class="p">:</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">port</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">?:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">FargateService</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">sg</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SecurityGroup</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="s2">`</span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">-security-group`</span><span class="p">,</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="s2">`Security group for service </span><span class="p">${</span><span class="nx">serviceName</span> <span class="o">??</span> <span class="dl">''</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">vpc</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="nx">sg</span><span class="p">.</span><span class="nf">addIngressRule</span><span class="p">(</span><span class="nx">Peer</span><span class="p">.</span><span class="nf">anyIpv4</span><span class="p">(),</span> <span class="nx">Port</span><span class="p">.</span><span class="nf">tcp</span><span class="p">(</span><span class="nx">port</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateService</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">cluster</span><span class="p">,</span> <span class="na">taskDefinition</span><span class="p">:</span> <span class="nx">taskDef</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">,</span> <span class="na">securityGroups</span><span class="p">:</span> <span class="p">[</span><span class="nx">sg</span><span class="p">],</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">service</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>Before we try to deploy this solution, we should have a few things in mind:</p> <ul> <li>If you deploy an ECS Service with a desired count &gt; 0, it will try to start the task during the deployment</li> <li>Deployment is only considered successful if the desired count has been reached and considered being in a healthy state</li> <li>By default, deployment to ECS can get stuck if the service does not work.</li> </ul> <p>1) reduce potential waiting times if we get any trouble, there are two things we want to do here. First, let us <em>set the desired count for the service to 0</em>. This means that AWS CDK (and ECS) will provision the service, but will not try to start it. We can then first try to start the service manually. Second, we can tell ECS to use a <em>circuit breaker pattern</em> for the deployment. What this means is that it will try a few times to run the service, and if that does not work, it will roll back the deployment. Let us update the code to include both.<br> 2) set the desired count to 0, we simply change the count parameter to the <strong>addService()</strong> call:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nf">addService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`service-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="mi">80</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span> </code></pre> </div> <p>3) apply the circuit breaker pattern, we have a property <strong>circuitBreaker</strong> on <em>FargateService</em> for this. When we specify this, we can also say that it should roll back the deployment in case there is an error. In this way, we can get back to the previous state of the service if the updated deployment fails. The updated addService() code now looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">addService</span> <span class="o">=</span> <span class="nf">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">:</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">taskDef</span><span class="p">:</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">port</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="o">!</span><span class="p">[</span><span class="nx">Image</span> <span class="nx">description</span><span class="p">](</span><span class="nx">file</span><span class="p">:</span><span class="c1">////Users/erikl/Documents/Publii/sites/tidy-cloud-aws/input/media/posts/27/Deployed_service_1.png =1982x858)</span> <span class="nx">serviceName</span><span class="p">?:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">FargateService</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">sg</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SecurityGroup</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="s2">`</span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">-security-group`</span><span class="p">,</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="s2">`Security group for service </span><span class="p">${</span><span class="nx">serviceName</span> <span class="o">??</span> <span class="dl">''</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">vpc</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="nx">sg</span><span class="p">.</span><span class="nf">addIngressRule</span><span class="p">(</span><span class="nx">Peer</span><span class="p">.</span><span class="nf">anyIpv4</span><span class="p">(),</span> <span class="nx">Port</span><span class="p">.</span><span class="nf">tcp</span><span class="p">(</span><span class="nx">port</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateService</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">cluster</span><span class="p">,</span> <span class="na">taskDefinition</span><span class="p">:</span> <span class="nx">taskDef</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">,</span> <span class="na">securityGroups</span><span class="p">:</span> <span class="p">[</span><span class="nx">sg</span><span class="p">],</span> <span class="na">circuitBreaker</span><span class="p">:</span> <span class="p">{</span> <span class="na">rollback</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">service</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>Let us now try to deploy this again, and see how this works out! As before, you can run the <strong>cdk deploy</strong> command to perform the deployment (do not forget to provide your AWS credentials). If you already have the solution from <a href="https://tidycloudaws.com/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-4/" rel="noopener noreferrer">part 4</a> deployed, you can run the <strong>cdk diff</strong> command to see what the updates will be. You can also run <strong>cdk diff</strong> if nothing is deployed to see a list of the CloudFormation resources that will be deployed.</p> <p><em><strong>Note</strong>: At the time of this writing, the AWS Console provides an old and a new ECS Console experience. I have found that the new experience currently does not have all the features of the old experience, and hence I have used the old one here for screenshots. This may have changed by the time you read this. If you are using the new experience and find that you cannot do a particular task, try to switch to the old experience.</em></p> <p>When the deployment is complete, we should see the service resource in our ECS cluster. </p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fftnrtwaqfszjzy1rh2p6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fftnrtwaqfszjzy1rh2p6.png" alt="Deployed service" width="800" height="346"></a></p> <p>We can see that the desired count is 0, as well as the number of running tasks. This is what we expect with the deployment configuration we specified. <em>So far, so good!</em></p> <p>If we select the service and click on the Update button, we can change the service configuration to set another value for desired count. There are many entries, but we concern ourselves only with the desired count entry. Scroll down the page until you find the entry <strong>number of tasks</strong> and change the value to 1.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flcqu5xecuomt814ugt2h.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flcqu5xecuomt814ugt2h.png" alt="Service config" width="800" height="798"></a></p> <p>Click through the rest of the pages with the <strong>Next Step</strong> buttons with no additional changes, until you get to the <strong>Update Service</strong> button, and then click on that one. Now it will update the desired count and ECS will try to start the service. At first, the display should show <strong>PROVISIONING</strong>, then to state <strong>PENDING</strong>. We want it to reach status <strong>RUNNING</strong> and then we can test that we can reach the web server, just as we did in part 4. </p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkzocsk95qpom3itei94e.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkzocsk95qpom3itei94e.png" alt="Service tasks" width="800" height="243"></a></p> <p>However, you may notice that we do not actually reach state <em>RUNNING</em>. It seems to be stuck in <em>PENDING</em> state, and eventually ECS will stop trying and remove the task. Something has gone wrong. <strong>How do we fix this?</strong></p> <h2> Troubleshooting our deployment </h2> <p>First, let us check if we have any useful logs. We can click around in the <em>ECS Console</em>, and we can look in <em>CloudWatch console</em> under <strong>Logs</strong>, and we find nothing. <strong>This is not so good...</strong></p> <p>It seems <em>we do not get any useful logs by default, so we need to fix this</em>. Before updating our deployment, let us look further to see if we find anything else that can be useful.</p> <p>In the <strong>Details</strong> tab for our service, there is a <em>Network Access</em> section:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ymargosdg2pb4i2zov0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ymargosdg2pb4i2zov0.png" alt="Service details - network access" width="800" height="420"></a></p> <p>We have a default VPC, and all subnets in the default VPC have public internet access, so the subnet list should probably be ok. We can also check the security group listed and check that this is ok. The fourth entry here says <strong>Auto-assign public IP DISABLED</strong>. When we started a task manually in <a href="https://tidycloudaws.com/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-4/" rel="noopener noreferrer">part 4</a>, we got a public IP address for our task, so this is different. Let us just check the security group also though:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6ps7l95boh0oj1y298bm.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6ps7l95boh0oj1y298bm.png" alt="Security group config" width="800" height="387"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0cf7x08bu4oc1jks82wh.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0cf7x08bu4oc1jks82wh.png" alt="Security group config" width="800" height="188"></a></p> <p>The security group looks as expected, port 80 open for everyone. So now we have two things to update:</p> <ul> <li>Add logging to our deployment</li> <li>Change so that a public IP address is assigned to the container.</li> </ul> <p>Remember, this is not the ultimate solution, but we take it in small steps and first we want to have it working at all! So let us see what we should change now.</p> <h2> Changing the service deployment </h2> <p>If we look at the <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.FargateService.html" rel="noopener noreferrer"><strong>FargateService</strong> documentation</a> again, there is actually an entry there that says <strong>assignPublicIp</strong>. It is optional, and the default value is <em>false</em>. So let us add a parameter to <strong>addService()</strong> function that allows us to set this property.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">addService</span> <span class="o">=</span> <span class="nf">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">:</span> <span class="nx">Cluster</span><span class="p">,</span> <span class="nx">taskDef</span><span class="p">:</span> <span class="nx">FargateTaskDefinition</span><span class="p">,</span> <span class="nx">port</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">assignPublicIp</span><span class="p">?:</span> <span class="nx">boolean</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">?:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">FargateService</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">sg</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SecurityGroup</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="s2">`</span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">-security-group`</span><span class="p">,</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="s2">`Security group for service </span><span class="p">${</span><span class="nx">serviceName</span> <span class="o">??</span> <span class="dl">''</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">vpc</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="nx">sg</span><span class="p">.</span><span class="nf">addIngressRule</span><span class="p">(</span><span class="nx">Peer</span><span class="p">.</span><span class="nf">anyIpv4</span><span class="p">(),</span> <span class="nx">Port</span><span class="p">.</span><span class="nf">tcp</span><span class="p">(</span><span class="nx">port</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateService</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">cluster</span><span class="p">,</span> <span class="na">taskDefinition</span><span class="p">:</span> <span class="nx">taskDef</span><span class="p">,</span> <span class="nx">desiredCount</span><span class="p">,</span> <span class="nx">serviceName</span><span class="p">,</span> <span class="na">securityGroups</span><span class="p">:</span> <span class="p">[</span><span class="nx">sg</span><span class="p">],</span> <span class="na">circuitBreaker</span><span class="p">:</span> <span class="p">{</span> <span class="na">rollback</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="nx">assignPublicIp</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">service</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>To add logging to our container, it not as obvious. There isn't anything obvious on FargateService, and there isn't anything on the FargateTaskDefinition either. It turns out that there is a <strong>logging</strong> property we can set <em>when we add the container definition</em>. This property requires a LogDriver object, and we can get an object that handles logging to CloudWatch by using the <strong>LogDriver.awsLogs()</strong> function. There is one mandatory parameter here, and that is <strong>streamPrefix</strong>. This will set the first part of the name of the CloudWatch log stream. </p> <p>For now, let us pick the <em>family</em> name in the task configuration. By default, the logs will be around forever, which perhaps a bit too long. So we can also set the desired retention time for the logs. This is a quite temporary lab experiment, so let us keep the retention time short, just a day.</p> <p>This means that the <strong>addTaskDefinitionWithContainer()</strong> function gets an update:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">addTaskDefinitionWithContainer</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span><span class="p">):</span> <span class="nx">TaskDefinition</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateTaskDefinition</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">cpu</span><span class="p">,</span> <span class="na">memoryLimitMiB</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">memoryLimitMB</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">image</span> <span class="o">=</span> <span class="nx">ContainerImage</span><span class="p">.</span><span class="nf">fromRegistry</span><span class="p">(</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">logdriver</span> <span class="o">=</span> <span class="nx">LogDriver</span><span class="p">.</span><span class="nf">awsLogs</span><span class="p">({</span> <span class="na">streamPrefix</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="na">logRetention</span><span class="p">:</span> <span class="nx">RetentionDays</span><span class="p">.</span><span class="nx">ONE_DAY</span><span class="p">,</span> <span class="p">});</span> <span class="nx">taskdef</span><span class="p">.</span><span class="nf">addContainer</span><span class="p">(</span><span class="s2">`container-</span><span class="p">${</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="nx">image</span><span class="p">,</span> <span class="na">logging</span><span class="p">:</span> <span class="nx">logdriver</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">taskdef</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>We also need to update the code in our main program file to enable public IP assignment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nf">addService</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`service-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">cluster</span><span class="p">,</span> <span class="nx">taskdef</span><span class="p">,</span> <span class="mi">80</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> </code></pre> </div> <p>Now we should hopefully be ready! When you have done the changes, run <strong>cdk diff</strong> to see that you get changes that reflect the logging updates and the public IP assignment. If that looks ok, then try <strong>cdk deploy</strong> and deploy the updates.</p> <p>Once the deployment is done, let us check how we did. The service is deployed, and we can see that our manual modification of <em>desired count</em> is gone, it is set to 0 again. This is what we want.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fri13zm9yx5u3fluml1l5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fri13zm9yx5u3fluml1l5.png" alt="Service config" width="800" height="355"></a></p> <p>In the Details tab of the service, we look at the Network Access section and see that the value of public IP assignment now is set to enabled:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fupz4oe8rrr4ew4rxeblt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fupz4oe8rrr4ew4rxeblt.png" alt="Service details" width="800" height="444"></a></p> <p>We can then also analyze the task definition for the web server, and look at the specific container configuration, where we will find the log configuration:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwv27gj3srkcxtny2q4b3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwv27gj3srkcxtny2q4b3.png" alt="Container log configuration" width="800" height="551"></a></p> <p>So now we are ready to test our update! Perform the same steps as before to update the number of tasks (i.e. desired count) to 1 for the service and check the status for the task started. It will go from <em>PROVISIONING</em> to <em>PENDING</em>, and in this case finally to <strong>RUNNING</strong>! <strong>Success!</strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpdjeioe9cptp9360k74b.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpdjeioe9cptp9360k74b.png" alt="Service tasks" width="800" height="230"></a></p> <p>Let us also double-check if we get any logs. In the CloudWatch Console, if we select the Logs section, we can actually see a log group in place:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3gfq70wt1kkalsyhe8tz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3gfq70wt1kkalsyhe8tz.png" alt="Log group" width="800" height="257"></a></p> <p>In the log group, we can find a log stream. Opening up the stream itself, we can see a couple of log records:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffy5mi3938wysmxdhbmud.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffy5mi3938wysmxdhbmud.png" alt="Log records" width="800" height="342"></a></p> <p>This is good! The service is running, and we have logs from it!</p> <p>We have successfully deployed and started the service. You can confirm this by using the public IP address. We got to see that we get the default response from the Apache web server.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkhb5qcb9adwymelna4wk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkhb5qcb9adwymelna4wk.png" alt="Public IP" width="760" height="494"></a></p> <p>Next, you can set the desired count in the <strong>addService()</strong> function call, set a value 1, and verify that the service starts up and is accessible, with no manual steps needed.</p> <p>You can also try to stop the task that is running then. After clicking the Stop button, it will stop within seconds. ECS will start a new task to replace the old one. It will not get the same IP address as the old task though, so even though it is accessible, it is not accessible from the same address. This is something we need to improve on.</p> <h2> Final words </h2> <p>In this part, we added the ability to provision a service and get that started automatically. We have some shortcomings in this, in that we do not maintain a fixed address to reach our web server. This is something we need to address later. We also learned that we do not get any logs by default and need to add a configuration entry for this as well.</p> <p>In addition, we learned that ECS performs some health checks on the tasks in the service. In this case, we had to make it reachable from the internet for the health check to work.</p> <p>So from our goal list we have a kind of ticked off another entry:</p> <ul> <li> <strong>Expose an endpoint for a web server for HTTP traffic from internet.</strong> </li> <li><strong>Web server shall run in a container.</strong></li> <li>The container itself shall not be directly reachable from internet.</li> <li><strong>We should be able to have a service set up so that containers will automatically be started if needed.</strong></li> <li>We should be able to build our custom solution for this web server.</li> <li><strong>We should be able to get container images from DockerHub.</strong></li> <li> <strong>We do not care about managing the underlying server infrastructure that runs the containers. I.e., we will use</strong> <strong><em>Fargate</em>.</strong> </li> </ul> <p>In the upcoming parts, we will address the remaining points in the goal list. We will also take a step back and think more about monitoring and structure, and how we can test that we get what we expect before we deploy. This will become more important once our solutions grow larger and more complex.</p> <p>As always, you can also check out <a href="https://tidycloudaws.com" rel="noopener noreferrer">Tidy Cloud AWS </a>for more content that may be of interest if you work with infrastructure-as-code with AWS.</p> <p>Don't forget to use <strong>cdk destroy</strong> to remove the infrastructure you deployed! AWS does not bill you for what you use, as much as what you forget to shut down.</p> aws cloud infrastructure devops Erik Lundevall Zara Mon, 06 Dec 2021 10:30:24 +0000 https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-4-45p8 https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-4-45p8 <p>It is now time to create an infrastructure in AWS to run container-based solutions!</p> <p>We will use the Amazon Web Services (AWS) service Elastic Container Service (ECS) to run an application packaged as a container. We will also put a load balancer in front of it, so that we can run multiple copies of that containerised application and distribute the load among those copies.</p> <p>This is part 4 in a series of articles about building cloud infrastructure solutions with AWS Cloud Development Kit (AWS CDK). If you have not already read them, I recommend checking out part 1, 2, and 3 as well, which are all here at <strong>dev.to</strong>, or on the <a href="https://tidycloudaws.com" rel="noopener noreferrer">Tidy Cloud AWS</a> website.</p> <p><strong>Update:</strong></p> <p>This article series uses Typescript as an example language. However, there are repositories with example code for multiple languages. </p> <ul> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-ts" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-ts</a></li> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-python" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-python</a></li> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-go" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-go</a></li> </ul> <p>The repositories will contain all the code examples from the articles series, implemented in different languages with the AWS CDK. You can view the code from specific parts and stages in the series, by checking out the code tagged with a specific part and step in that part, see the README file in each repository for more details.</p> <h2> What are containerised applications? </h2> <p>Containers in computer infrastructure and software terms are a way to package applications or software solutions with its dependencies in a way that is portable and (relatively) easy to manage. It has become a popular way to deploy and manage various types of applications.</p> <p>We will not dive into details about creating, building, and using containers. There are many other resources that cover that extensively. Here are a few links to check out for information about containers (and Docker, which popularised the concept):</p> <ul> <li><a href="https://techgenix.com/getting-started-with-containers/" rel="noopener noreferrer">https://techgenix.com/getting-started-with-containers/</a></li> <li><a href="https://www.docker.com/get-started" rel="noopener noreferrer">https://www.docker.com/get-started</a></li> <li><a href="https://www.youtube.com/watch?v=fqMOX6JJhGo" rel="noopener noreferrer">https://www.youtube.com/watch?v=fqMOX6JJhGo</a></li> <li><a href="https://www.youtube.com/watch?v=pTFZFxd4hOI" rel="noopener noreferrer">https://www.youtube.com/watch?v=pTFZFxd4hOI</a></li> </ul> <h2> Containers in AWS </h2> <p>There are actually <a href="https://www.lastweekinaws.com/blog/the-17-ways-to-run-containers-on-aws/" rel="noopener noreferrer">many ways to run containers in AWS</a>. Some may argue that <a href="https://www.lastweekinaws.com/blog/17-more-ways-to-run-containers-on-aws/" rel="noopener noreferrer">there are way too many</a>, which adds to confusion about what to choose.</p> <p>The Elastic Container Service (ECS) is one of the core services in AWS to run containers, and it is not too hard to get started with, so that is what we will pick here.</p> <p>It also helps that AWS CDK has substantial support for ECS.</p> <p>We will also use the flavour of ECS, that is called <strong>ECS Fargate</strong>. When we use <em>Fargate</em>, we will not need to concern ourselves with the underlying servers that the containers run on. These details are something that Fargate handles for us.</p> <p><strong>Note</strong>: <em>ECS is not a free tier service in AWS</em>. If you spin up containers in ECS, you will pay for the privilege. It will not cost much (probably &lt; $1) unless you forget to shut it down afterwards you are done with this article.</p> <p>A few pieces of terminology that may be of use here:</p> <ul> <li> <strong>A cluster</strong>. This is a collection of computational resources (also known as servers) that the containers run on, and the resources needed to manage these computational resources. With <em>ECS Fargate</em>, we do not need to care about the servers in the cluster, but we will still need a cluster to let AWS manage it for us.</li> <li> <strong>A container image</strong>. A reference to a specific solution/application packaging that we will use. This is where we have packaged the software components we want to run.</li> <li> <strong>An ECS Task</strong>. A collection of one or more container images with associated configuration we want to run as a unit in ECS. The specification of what those images are and their configuration is a <strong>TaskDefinition</strong>.</li> <li> <strong>An ECS Service</strong>. When we want to run an ECS task continuously in one or more copies and make sure it stays up, then we configure an <em>ECS Service</em>. ECS will do the heavy lifting for us to make sure it keeps running. If the task(s) itself dies or fails, ECS will auto-start up new ones.</li> </ul> <p>Unfortunately, the terminology that different platforms to run containers use can differ, so this can become a bit confusing if you look at Kubernetes, or Docker Swarm. They are like ECS, but use partially different terminology.</p> <h2> Goals </h2> <p>Before we begin, let us define what we should accomplish. We will keep it relatively simple, but still not too simple. After that, we will refine our solution to make it better in various ways. Along the way, we should pick up some good practices and feature of the AWS CDK!</p> <ul> <li>Expose an endpoint for a web server for HTTP traffic from internet. </li> <li>Web server shall run in a container.</li> <li>The container itself shall not be directly reachable from internet.</li> <li>We should be able to have a service set up so that containers will automatically be started if needed.</li> <li>We should be able to build our custom solution for this web server.</li> <li>We should be able to get container images from DockerHub.</li> <li>We do not care about managing the underlying server infrastructure that runs the containers. I.e., we will use <em>Fargate</em>.</li> </ul> <p>We will not fix all these points in one go, but iterate on these points. By listing a few points for our goals, we have something to focus on. Once we are done with these, we can refine even further.</p> <p>The application solution is initially going to be an <em>Apache web server</em>. This is a straightforward solution for us to test that we have something working, as there are pre-built container images to use.</p> <h2> Initialize our project </h2> <p>Similar to what we did in part 2 of this series of articles, we create a new project and use the AWS CDK command-line tool to initialise it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>my-container-infrastructure <span class="nb">cd </span>my-container-infrastructure cdk init <span class="nt">--language</span><span class="o">=</span>typescript </code></pre> </div> <p>Contrary to the previous project we did, we will <em>not</em> keep everything in a single source code file. We will though remove all sample content that <strong>cdk init</strong> generated and write our own code from scratch.</p> <p>So let us start from the top, in our main program file, <code>bin/my-container-infrastructure.ts</code>. Our starting point will be quite similar to our previous project, with an <strong>App</strong> and a <strong>Stack</strong>. We will also fetch the default VPC.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">my-container-infrastructure</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">env</span><span class="p">:</span> <span class="p">{</span> <span class="na">account</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_ACCOUNT</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_REGION</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="nx">Vpc</span><span class="p">.</span><span class="nf">fromLookup</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">isDefault</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>If you run this code via <strong>cdk synth</strong>, get an empty CloudFormation template, which is fine, since we have added no actual resources yet. You will get an error if you have specified no AWS credentials, because it does not know which account and region to look up the VPC from. So make sure you use valid and relevant credentials.</p> <p>Now we will start with the actual container infrastructure!</p> <h2> Setting up an ECS cluster </h2> <p>The first piece of infrastructure we need to set up to run is an <strong>ECS cluster</strong>. We could just add a few lines of code in our main files to create the cluster, but we will prepare a bit for future more complex set-up. So instead we will package this in its own module.</p> <p>In the lib directory, let us create a subdirectory with name containers and in that directory create a file with name <code>container-management.ts</code>. This means the path to the file from the root of the project is <code>lib/containers/container-management.ts</code>. </p> <p>In this file, we make a function to add a cluster, since we want to add this to our stack to deploy it later. In AWS CDK there is an <strong>aws-cdk-lib/aws-ecs</strong> sub-module for ECS, in which there is a <em>construct</em> with name <strong>Cluster</strong>. This is the one we are going to use when we create the cluster. In t<a href="https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ecs.Cluster.html" rel="noopener noreferrer">he documentation for Cluster</a>, we can see that all properties are optional. However, if we want to use our existing VPC, we need to provide that. Otherwise, AWS CDK will create a new VPC for us, which may not be what we want. So with that in mind, our first naïve function signature may look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">addCluster</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Stack</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">):</span> <span class="nx">Cluster</span> <span class="p">{</span> <span class="p">}</span> </code></pre> </div> <p>The function will add the cluster we create to the stack we provide and then return a reference to the cluster itself that was created. We pass in the VPC as a parameter, where we use the type <strong>IVpc</strong>. This is returned by <code>Vpc.fromLookup()</code>. Any type that begins with an “I" is an interface type, which provides a subset of the functionality of a full-blown construct - which is typically the case when the resource is a reference to something that already exists and you not have created yourself.</p> <p>The implementation is short, like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">addCluster</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Stack</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">):</span> <span class="nx">Cluster</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Cluster</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="dl">'</span><span class="s1">cluster</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>We create a <em>Cluster</em> object, passing in the VPC as a property. The <em>Cluster</em> object we create also gets a name (not the same as a cluster name!), which we have set to <em>cluster</em>. </p> <p>However, in case we want to reuse the function, this might be troublesome with a hard-coded name for our Cluster object. In AWS CDK, every resource or construct gets an identifying name. It does not have to be globally unique, but at the same level in the resource hierarchy, it has to be unique. So we will need to change that, if we want to be sure to reuse the function without a problem. Thus, we can add a parameter to give the Cluster construct a name as well.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">addCluster</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Stack</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">):</span> <span class="nx">Cluster</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Cluster</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>If we look closer to the parameters that <em>Cluster</em> expects in the AWS CDK documentation when we create an object, we can see in its signature that the first parameter is a <strong>Construct</strong>, not a <strong>Stack</strong>. A Stack is a kind of Construct, so it is perfectly fine to pass in a Stack. The reason for the first parameter to be a Construct is that we can compose multiple resources to build our own constructs, which is exactly how the AWS CDK itself has built the higher-level building blocks from the CloudFormation-based primitives.</p> <p>So allowing ourselves to reuse this not only directly in a Stack, but in constructs we create ourself, let us change the type of the first parameter to <strong>Construct</strong> instead:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">addCluster</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">):</span> <span class="nx">Cluster</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Cluster</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>Except for the type change, the code is identical. We also need to export the code from our module, so we can use it in our main program. The complete code, including export and import statements, looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">IVpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Cluster</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ecs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addCluster</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">:</span> <span class="nx">IVpc</span><span class="p">):</span> <span class="nx">Cluster</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Cluster</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>In our main program in <code>bin/my-container-infrastructure.ts</code>, we import the function and add a cluster to the stack we created previously. The code would look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">addCluster</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/containers/container-management</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">my-container-infrastructure</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">env</span><span class="p">:</span> <span class="p">{</span> <span class="na">account</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_ACCOUNT</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_REGION</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="nx">Vpc</span><span class="p">.</span><span class="nf">fromLookup</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">isDefault</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">id</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">my-test-cluster</span><span class="dl">'</span><span class="p">;</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> </code></pre> </div> <p>You can run <code>cdk synth</code> (or <code>cdk synth ---quiet</code>) to check that AWS CDK thinks your code is ok. You can also run a <code>cdk deploy</code> to deploy the ECS cluster. AWS does not charge you for empty ECS clusters, it is only when you actually add containers to run in it you get charged. If you deploy it and look in the view of ECS in AWS Console, it should look like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjf325hb2dq3gv508m632.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjf325hb2dq3gv508m632.png" alt="ECS Cluster" width="800" height="399"></a></p> <p>Great work! Now it is time to add an actual task to run into the cluster.</p> <h2> Create an initial task definition </h2> <p>As we mentioned earlier in this article, we set up something to run by using the <em>Apache httpd web server</em>, for which there are container images already which we can download. To create a <strong>Task</strong>, we need a <strong>TaskDefinition</strong>. It needs to contain at least one container image definition. Let us assume we need to configure things at the task level and at the container level. </p> <p>Let us just add some placeholders for task and container configuration, and for now only handle the case with a single container in a task. So a first stab at a function for this could be:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">TaskConfig</span> <span class="p">{</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ContainerConfig</span> <span class="p">{</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addTaskDefinitionWithContainer</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span><span class="p">):</span> <span class="nx">TaskDefinition</span> <span class="p">{</span> <span class="p">};</span> </code></pre> </div> <p>In our goals, we stated we do not care about managing the underlying server infrastructure that the containers run in; we let AWS handle that for us. This means that we will use a <strong>FargateTaskDefinition</strong> to define our task. Such a definition requires at least to specify the amount of CPU to allocate and the memory limit for the container. So we should add that to our TaskConfig. Another nice-to-have parameter is the <strong>family</strong>, which is a name to group multiple versions of a task definition. Our updated <em>TaskConfig</em> then looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">TaskConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">cpu</span><span class="p">:</span> <span class="mi">256</span> <span class="o">|</span> <span class="mi">512</span> <span class="o">|</span> <span class="mi">1024</span> <span class="o">|</span> <span class="mi">2048</span> <span class="o">|</span> <span class="mi">4096</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">memoryLimitMB</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="k">readonly</span> <span class="nx">family</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>There are only a few fixed values that we can set for CPU, where 1024 represents 1 vCPU (virtual CPU). So we define the cpu property to only include these values. There are also some restrictions on the memory based on the CPU setting, but it is a bit too complex for a simple type definition. So we just expect a number for the memory limit.</p> <p>Now we can add a task definition in our function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addTaskDefinitionWithContainer</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span><span class="p">):</span> <span class="nx">TaskDefinition</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateTaskDefinition</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">cpu</span><span class="p">,</span> <span class="na">memoryLimitMiB</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">memoryLimitMB</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">taskdef</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>Since a task definition can have one or more containers, adding container(s) is a separate operation. Thus we will add a method call for this on the task definition, <strong>addContainer()</strong>. The minimum we have to add is a reference to a container image. If we for now assume we will just use a container image from DockerHub, then we can define ContainerConfig as this for now:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ContainerConfig</span> <span class="p">{</span> <span class="k">readonly</span> <span class="nx">dockerHubImage</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Using this input to our <code>addTaskDefinitionWithContainer()</code> function, we can now add a minimal container configuration. The <code>ContainerImage.fromRegistry()</code> function retrieves image information from DockerHub or other public image registries. Will this be enough for us to get it running? Let us find out!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addTaskDefinitionWithContainer</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span><span class="p">):</span> <span class="nx">TaskDefinition</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">taskdef</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FargateTaskDefinition</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">cpu</span><span class="p">,</span> <span class="na">memoryLimitMiB</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">memoryLimitMB</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">image</span> <span class="o">=</span> <span class="nx">ContainerImage</span><span class="p">.</span><span class="nf">fromRegistry</span><span class="p">(</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">);</span> <span class="nx">taskdef</span><span class="p">.</span><span class="nf">addContainer</span><span class="p">(</span><span class="s2">`container-</span><span class="p">${</span><span class="nx">containerConfig</span><span class="p">.</span><span class="nx">dockerHubImage</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="nx">image</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">taskdef</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>We need to add a call to our new function in our main program, so that we can add the task definition to our stack.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="mi">512</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="mi">1024</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="dl">'</span><span class="s1">webserver</span><span class="dl">'</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span> <span class="p">};</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`taskdef-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">);</span> </code></pre> </div> <p>We add this to the end of our main program. Now we add an ECS cluster to our stack, as well as an ECS Task Definition - at least from the point of view of our AWS CDK code. What about IAM permissions, security groups? AWS CDK will create a few things under the hood for us. We can get an idea of what will actually be created by running the command <strong>cdk diff</strong> with our updated stack. But first, this is how our main program file looks like now:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Vpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">addCluster</span><span class="p">,</span> <span class="nx">addTaskDefinitionWithContainer</span><span class="p">,</span> <span class="nx">ContainerConfig</span><span class="p">,</span> <span class="nx">TaskConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/containers/container-management</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">my-container-infrastructure</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">env</span><span class="p">:</span> <span class="p">{</span> <span class="na">account</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_ACCOUNT</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_DEFAULT_REGION</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="nx">Vpc</span><span class="p">.</span><span class="nf">fromLookup</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">isDefault</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">id</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">my-test-cluster</span><span class="dl">'</span><span class="p">;</span> <span class="nf">addCluster</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">taskConfig</span><span class="p">:</span> <span class="nx">TaskConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cpu</span><span class="p">:</span> <span class="mi">512</span><span class="p">,</span> <span class="na">memoryLimitMB</span><span class="p">:</span> <span class="mi">1024</span><span class="p">,</span> <span class="na">family</span><span class="p">:</span> <span class="dl">'</span><span class="s1">webserver</span><span class="dl">'</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">containerConfig</span><span class="p">:</span> <span class="nx">ContainerConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerHubImage</span><span class="p">:</span> <span class="dl">'</span><span class="s1">httpd</span><span class="dl">'</span> <span class="p">};</span> <span class="nf">addTaskDefinitionWithContainer</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="s2">`taskdef-</span><span class="p">${</span><span class="nx">taskConfig</span><span class="p">.</span><span class="nx">family</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">taskConfig</span><span class="p">,</span> <span class="nx">containerConfig</span><span class="p">);</span> </code></pre> </div> <p>With this program, if we run <strong>cdk diff</strong>, and we already deployed the empty ECS cluster before, the changes may look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> ❯ cdk diff Stack my-container-infrastructure IAM Statement Changes ┌───┬───────────────────────────────────┬────────┬────────────────┬─────────────────────────────────┬───────────┐ │ │ Resource │ Effect │ Action │ Principal │ Condition │ ├───┼───────────────────────────────────┼────────┼────────────────┼─────────────────────────────────┼───────────┤ │ + │ <span class="k">${</span><span class="nv">taskdef</span><span class="p">-webserver/TaskRole.Arn</span><span class="k">}</span> │ Allow │ sts:AssumeRole │ Service:ecs-tasks.amazonaws.com │ │ └───┴───────────────────────────────────┴────────┴────────────────┴─────────────────────────────────┴───────────┘ <span class="o">(</span>NOTE: There may be security-related changes not <span class="k">in </span>this list. See https://github.com/aws/aws-cdk/issues/1299<span class="o">)</span> Resources <span class="o">[</span>+] AWS::IAM::Role taskdef-webserver/TaskRole taskdefwebserverTaskRole18D47E42 <span class="o">[</span>+] AWS::ECS::TaskDefinition taskdef-webserver taskdefwebserver2E748BDD </code></pre> </div> <p>We can see there is an IAM Role with permissions that seems to be related to ECS Task execution. We also see that there is the ECS TaskDefinition. When we use the <strong>cdk diff</strong> command, we can see what changes a deployment of our AWS CDK code would make to our stack. However, this information is presented in terms of <em>CloudFormation resources</em>. While you do not need to be an expert in CloudFormation, it is certainly beneficial to read and understand CloudFormation resource descriptions. This is also true when we write unit tests for our infrastructure, which we will see in a later article.</p> <p>If you run <strong>cdk deploy</strong> to deploy this added infrastructure, we can log in to the AWS Console and see the result. In the ECS Service view in AWS Console, see an ECS task appearing now:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjmjrzq28vinyb08iv7i6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjmjrzq28vinyb08iv7i6.png" alt="ECS Task Definition" width="800" height="305"></a></p> <p>You can drill further into the task definition to see the settings in place there. What we should focus on now, though, is to get it running. At this stage, we will run the task manually from AWS Console. Later, we automate that as well. Select the Cluster view under ECS and click on the cluster name there. Select the <strong>Task</strong> tab in the new view. Click on the <strong>Run new Task</strong> button.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fswjjpzr1nec02rgjeq2k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fswjjpzr1nec02rgjeq2k.png" alt="Run new task in cluster" width="800" height="490"></a></p> <p>In the Run Task view, select launch type <em>Fargate</em>, and operating system family <em>Linux</em>. There is only one task definition in place, and only one version.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvk9c3vpymh4c269kyrbk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvk9c3vpymh4c269kyrbk.png" alt="Run task config" width="800" height="497"></a></p> <p>Next under VPC and security groups you select the VPC id of the default VPC, and pick one or more of the subnets presented in the list. In the security group setting, you can notice a security group name. This is a security group that the AWS Console has generated for you - not something we have created. It is set up by default to allow incoming traffic on port 80 from anywhere.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ku73937hd288uiddpy2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ku73937hd288uiddpy2.png" alt="Run task config" width="800" height="497"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv61yhmvphwvc2to1i4ii.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv61yhmvphwvc2to1i4ii.png" alt="Run task config" width="800" height="647"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzv3d223n5xh0cpczne7y.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzv3d223n5xh0cpczne7y.png" alt="Run task config" width="800" height="460"></a></p> <p>Scroll down to the end of the page and click on Run Task. The task should not be set up, first in stage <em>PROVISIONING</em>, then in state <em>RUNNING</em>. It should only take a couple of seconds, but you may need to refresh the view to see the status changes.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmbf043b0vaicne2uj4hr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmbf043b0vaicne2uj4hr.png" alt="Provisioning task" width="800" height="353"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb7mprxabtjsewwxql0vl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb7mprxabtjsewwxql0vl.png" alt="Running task" width="800" height="353"></a></p> <p>If you click on the link under the headline Task in the task status view above, see a detailed view about the task itself. This view includes the private and public IP addresses of the task. Since we used the default VPC and it has only public subnets, the default here is to allocate a public IP address to the task. This is not what we want in the long run, but it is useful for us right now to see that the task with Apache web server is running properly.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjwvpbvtf04e41r80b0sg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjwvpbvtf04e41r80b0sg.png" alt="Running task details" width="800" height="1006"></a></p> <p>Note the public IP address you got in your view, and enter that in a web browser. It should try to access that IP address via HTTP by default and we should see the default response from Apache web server if we try that (the text <strong>It works!</strong>).</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj6xy4ad4qoi45zlwe07i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj6xy4ad4qoi45zlwe07i.png" alt="Web server response - it works!" width="800" height="361"></a></p> <p>Great work! We have now been able to create a cluster and run a container-based task in that cluster!</p> <h2> Rounding up and final notes </h2> <p>You should probably destroy the provisioned infrastructure before you forget it, so remember to run <strong>cdk destroy</strong> before you forget what you did here!</p> <p>Looking at our goal list, we got some points we covered here, and a few that remain:</p> <ul> <li> <strong>Expose an endpoint for a web server for HTTP traffic from internet.</strong> </li> <li><strong>Web server shall run in a container.</strong></li> <li>The container itself shall not be directly reachable from internet.</li> <li>We should be able to have a service set up so that containers will automatically be started if needed.</li> <li>We should be able to build our custom solution for this web server.</li> <li><strong>We should be able to get container images from DockerHub.</strong></li> <li> <strong>We do not care about managing the underlying server infrastructure that runs the containers. I.e., we will use</strong> <strong><em>Fargate</em>.</strong> </li> </ul> <p>So out of the 7 goals, we have covered 4 of them. We will continue with the remaining points <a href="https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-5-mn1">in the next article (part 5)</a>, so check out that one! If you are interested in similar materials, you can also visit the <a href="https://tidycloudaws.com" rel="noopener noreferrer">Tidy Cloud AWS</a> website to look for more content.</p> aws cloud cdk infrastructure Erik Lundevall Zara Thu, 25 Nov 2021 11:41:09 +0000 https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-3-1kp2 https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-3-1kp2 <h2> Refine the EC2 deployment </h2> <p>In the previous article, we performed a basic set pf an EC2 virtual machine, using AWS CDK. Our goals were these:</p> <ul> <li><strong>An EC2 instance</strong></li> <li><strong>The instance should run Linux, we will pick Amazon Linux for simplicity</strong></li> <li><strong>The instance should not be reachable from the internet</strong></li> <li>We should be able to login and access the machine from a command-line prompt in the AWS Console.</li> <li><strong>We should use an existing VPC and its subnets.</strong></li> <li><strong>We do not care about which availability zone the machine ends up in.</strong></li> </ul> <p>If you have not read the previous article, I recommend you <a href="https://dev.to/eriklz/how-to-become-an-infrastructure-as-code-ninja-using-aws-cdk-part-2-1haf">to start with that article first</a>. When you are done there, jump back in here!</p> <p>The goals in bold were the ones we managed to do in the previous article, so now we have one items on the list left to do - be able to login to the machine via the AWS Console, and still keep the machine private and not reachable from the internet.</p> <p><strong>Update:</strong></p> <p>This article series uses Typescript as an example language. However, there are repositories with example code for multiple languages. </p> <ul> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-ts" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-ts</a></li> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-python" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-python</a></li> <li><a href="https://github.com/cloudgnosis/iac-ninja-aws-cdk-go" rel="noopener noreferrer">https://github.com/cloudgnosis/iac-ninja-aws-cdk-go</a></li> </ul> <p>The repositories will contain all the code examples from the articles series, implemented in different languages with the AWS CDK. You can view the code from specific parts and stages in the series, by checking out the code tagged with a specific part and step in that part, see the README file in each repository for more details.</p> <h3> The road to login - a history lesson </h3> <p>In the old days of EC2, you would generally always create or re-use a key pair in order to login to an EC2 virtual machine. The key data associated with that key pair was something you downloaded, and sometimes may have shared with other colleagues that also needed access to the same machine.</p> <p>This was a troublesome and cumbersome approach for many reasons, but for a long time pretty much the only approach available. Other public cloud vendors provided better solutions, and in the end so did also AWS.</p> <p>The approach we are going to use with our virtual machine is to take advantage of a feature in the <em>AWS Systems Manager</em> service, with the name <strong>Session Manager</strong>. This service allows us to tunnel traffic to an EC2 instance without opening up the security groups for any traffic.</p> <p>Instead, AWS System Manager has an agent that connect to the AWS Systems Manager service from the EC2 virtual machine. The user who wants to login communicates with the AWS System Manager service, which then can forward traffic via the connection that the Systems Manager agent established to Systems Manager itself.</p> <p>Luckily for us, we are using Amazon Linux latest version, which already has the System Manager agent installed on the EC2 virtual machine. What we will need to do is to add Identity &amp; Access Management (IAM) permissions to the EC2 virtual machine, so that it (actually the Systems Manger agent) can call Systems Manager and perform the required steps.</p> <h3> EC2 instance profiles </h3> <p>AWS has something that is called <em>instance profiles</em>. It is essentially a configuration that associates a set of IAM permissions in the form of an <strong>IAM Role</strong> to an EC2 instance. This allows any software that is running on that EC2 instance to use any services that the IAM Role has permissions for.. No need for any access keys or secret information to be stored on the instance itself. </p> <p>So by using this feature, we can allow the Systems Manager agent on our virtual to perform the necessary operations to allow us to login to the machine, without any port openings or secret keys exposed. We just need the necessary permissions to allow the connection via the AWS Console. If you have full administrative permissions, then you have those permissions. </p> <p>More detailed permissions to allow such access via AWS Console is out of the scope of this article, that is for a more in-depth article on this particular feature.</p> <h3> The anatomy of the IAM Role </h3> <p>There are two things we need to include in the IAM Role:</p> <ul> <li>Who can assume the role</li> <li>What permissions are needed to perform the tasks for using Systems Manager Session Manager</li> </ul> <p>Since we are using an EC2 instance to communicate with Systems Manager, it is the EC2 service itself that must be able to assume the role. There are a number of permissions needed for Session Manager to work, but luckily we can simply use a predefined policy that AWS provides for this. This policy has the name <strong>AmazonSSMManagedInstanceCore</strong>. With this information, we can create the required IAM Role in our AWS CDK code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">role</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Role</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">ec2-role</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">assumedBy</span><span class="p">:</span> <span class="k">new</span> <span class="nc">ServicePrincipal</span><span class="p">(</span><span class="dl">'</span><span class="s1">ec2.amazonaws.com</span><span class="dl">'</span><span class="p">),</span> <span class="na">managedPolicies</span><span class="p">:</span> <span class="p">[</span> <span class="nx">ManagedPolicy</span><span class="p">.</span><span class="nf">fromAwsManagedPolicyName</span><span class="p">(</span><span class="dl">'</span><span class="s1">AmazonSSMManagedInstanceCore</span><span class="dl">'</span><span class="p">)</span> <span class="p">],</span> <span class="p">});</span> </code></pre> </div> <p>We then need to attach this role to the EC2 instance we create.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">instance</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Instance</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">my-ec2</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">instanceType</span><span class="p">:</span> <span class="nb">InstanceType</span><span class="p">.</span><span class="k">of</span><span class="p">(</span><span class="nx">InstanceClass</span><span class="p">.</span><span class="nx">T2</span><span class="p">,</span> <span class="nx">InstanceSize</span><span class="p">.</span><span class="nx">MICRO</span><span class="p">),</span> <span class="na">machineImage</span><span class="p">:</span> <span class="nx">MachineImage</span><span class="p">.</span><span class="nf">latestAmazonLinux</span><span class="p">(),</span> <span class="nx">role</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>This means that our complete code now looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span><span class="nx">App</span><span class="p">,</span> <span class="nx">Stack</span><span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span><span class="nx">Instance</span><span class="p">,</span> <span class="nx">InstanceClass</span><span class="p">,</span> <span class="nx">InstanceSize</span><span class="p">,</span> <span class="nb">InstanceType</span><span class="p">,</span> <span class="nx">MachineImage</span><span class="p">,</span> <span class="nx">Vpc</span><span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span><span class="nx">ManagedPolicy</span><span class="p">,</span> <span class="nx">Role</span><span class="p">,</span> <span class="nx">ServicePrincipal</span><span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-iam</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">stack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">my-stack</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">env</span><span class="p">:</span> <span class="p">{</span> <span class="na">account</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK</span><span class="err">\</span><span class="nx">_DEFAULT</span><span class="err">\</span><span class="nx">_ACCOUNT</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK</span><span class="err">\</span><span class="nx">_DEFAULT</span><span class="err">\</span><span class="nx">_REGION</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">role</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Role</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">ec2-role</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">assumedBy</span><span class="p">:</span> <span class="k">new</span> <span class="nc">ServicePrincipal</span><span class="p">(</span><span class="dl">'</span><span class="s1">ec2.amazonaws.com</span><span class="dl">'</span><span class="p">),</span> <span class="na">managedPolicies</span><span class="p">:</span> <span class="p">[</span> <span class="nx">ManagedPolicy</span><span class="p">.</span><span class="nf">fromAwsManagedPolicyName</span><span class="p">(</span><span class="dl">'</span><span class="s1">AmazonSSMManagedInstanceCore</span><span class="dl">'</span><span class="p">)</span> <span class="p">],</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="nx">Vpc</span><span class="p">.</span><span class="nf">fromLookup</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">my-vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">isDefault</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">instance</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Instance</span><span class="p">(</span><span class="nx">stack</span><span class="p">,</span> <span class="dl">'</span><span class="s1">my-ec2</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">instanceType</span><span class="p">:</span> <span class="nb">InstanceType</span><span class="p">.</span><span class="k">of</span><span class="p">(</span><span class="nx">InstanceClass</span><span class="p">.</span><span class="nx">T2</span><span class="p">,</span> <span class="nx">InstanceSize</span><span class="p">.</span><span class="nx">MICRO</span><span class="p">),</span> <span class="na">machineImage</span><span class="p">:</span> <span class="nx">MachineImage</span><span class="p">.</span><span class="nf">latestAmazonLinux</span><span class="p">(),</span> <span class="nx">role</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>Now with this refinement of our code we can run <strong>cdk deploy</strong> to deploy our EC2 instance again. After a few minutes, the EC2 instance has been deployed and is running. Now, if you login to the AWS Console and go to the EC2 dashboard with the running instance, you will see a view similar to this below. Select the instance in the checkbox on the left side and click on the <strong>Connect</strong> button.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh65xpfy7m9qy7w3xzghp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh65xpfy7m9qy7w3xzghp.png" width="800" height="275"></a></p> <p>You will get a different page with a few options to connect to the virtual machine instance. In this case, you should select the <strong>Session Manager</strong> tab. If the setup worked as expected, the Connect button at the bottom right should have clear colours and not be greyed out.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F731ilo4880g8miqh9f45.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F731ilo4880g8miqh9f45.png" alt="Image description" width="800" height="419"></a></p> <p>Click on this Connect button and a new page/tab should open up, and you should get a command line prompt that you can use. You have now connected to the virtual machine instance! </p> <p>Feel free to play around and look around on the machine itself, then just terminate the session, run exit command door anything else to end the command-line session.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0llqarpzjhjmlid34q7i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0llqarpzjhjmlid34q7i.png" alt="Image description" width="654" height="274"></a></p> <h3> Final remarks </h3> <p>The last addition we did here allowed us to complete all the goals we had for this initial infrastructure-as-code task using the AWS CDK. Well done!</p> <ul> <li><strong>An EC2 instance</strong></li> <li><strong>The instance should run Linux, we will pick Amazon Linux for simplicity</strong></li> <li><strong>The instance should not be reachable from the internet</strong></li> <li><strong>We should be able to login and access the machine from a command-line prompt in the AWS Console.</strong></li> <li><strong>We should use an existing VPC and its subnets.</strong></li> <li><strong>We do not care about which availability zone the machine ends up in.</strong></li> </ul> <p>Feel free to use <strong>cdk destroy</strong> command to remove the virtual machine instance. There are a few valuable lessons that we have covered so far in this series:</p> <ul> <li>A few key commands with the <strong>cdk</strong> command-line tool, including <em>init</em>, <em>bootstrap</em>, <em>synth</em>, <em>deploy</em>, <em>destroy</em>.</li> <li>How to import existing VPC information.</li> <li>How to create a new EC2 virtual machine</li> <li>How to create and attach IAM Role with permissions so that software on the machine can use AWS services</li> <li>How to set AWS account and region for a stack.</li> </ul> <p>It is quite a few things to start with, and you should be proud of yourself to have done all of this!</p> <p>In the next article, we are going to jump into the world of containers.</p> aws cdk cloud infrastructure