Pipeline for user software deployment
<\/li><\/ul><\/li><\/ul>\n\n\n\nInfrastructure repository<\/h2>\n\n\n\nInfrastructural pipeline<\/h3>\n\n\n\n
The infrastructure pipeline will perform the following steps:<\/p>\n\n\n\n
AMI creation with Packer<\/h3>\n\n\n\n
The paker-customer-environment.pkr.hcl file is generated by the CDK deployment using data retrieved from the commit. It is validated and executed<\/p>\n\n\n\n
source .\/configFile.sh\nAMI_DESCRIPTION=\\\"commit id: $COMMIT_ID\\\\n time stamp: $COMMIT_TIME\\\\n commit by: $COMMIT_AUTHOR_NAME\\\\n message: $COMMIT_MESSAGE\\\"\nsed -i s\/PLACE_CODEBUILD_BUILD_ID\/$CODEBUILD_BUILD_NUMBER\/g packer-CUSTOMER-$ENVIRONMENT.pkr.hcl\npacker validate packer-$CUSTOMER-$ENVIRONMENT.pkr.hcl\npacker build packer-$CUSTOMER-$ENVIRONMENT.pkr.hcl\nexport AMI_ID=$(cat manifest-$CUSTOMER-$ENVIRONMENT.json | grep artifact_id | cut -d \":\" -f3 | cut -d '\\\"' -f1)\nexport AMI_NAME=ami-$CUSTOMER-$ENVIRONMENT-$CODEBUILD_BUILD_NUMBER\nexport INSTANCE_NAME=$CUSTOMER-$ENVIRONMENT-$CODEBUILD_BUILD_NUMBER<\/code><\/pre>\n\n\n\nManual approval<\/h3>\n\n\n\n
For the production environment only, we have chosen to add a stage that prevents unwanted changes from being released by mistake:<\/p>\n\n\n\n
myPipeline.addStage({\nstageName: 'approve',\nplacement: {\njustAfter: myPipeline.stages[1],\n}\n}).addAction( new aws_codepipeline_actions.ManualApprovalAction({\nactionName: `${process.env.CUSTOMER}-approve`,\nnotificationTopic: new Topic(this, `${process.env.CUSTOMER}-${process.env.ENVIRONMENT}-software-sh-pipeline`),\nnotifyEmails: configFile.approvalEmails,\nadditionalInformation: `${process.env.CUSTOMER} deploy to ${process.env.ENVIRONMENT}`\n})\n)\n}<\/code><\/pre>\n\n\n\nWhen the pipeline reaches this step, an email is sent to the previously indicated addresses (in the example above they are indicated in the approvalEmails configuration). The person who will be responsible for verifying the required update will be able to allow the execution of the pipeline to continue or block it to fix any errors.<\/p>\n\n\n\n
Deploy repository software pipeline<\/h3>\n\n\n\n
The stage configures the git credentials and clones the repository; it then makes a call to the shared ALB to calculate the priority of the rule to be applied to the listener. If it is an update to an existing rule, the priority will not be changed.<\/p>\n\n\n\n
Software pipeline repository<\/h2>\n\n\n\nApplication load balancer<\/h3>\n\n\n\n
In the case of a custom domain and production environment, a nominal Application Load Balancer will be deployed with two listeners (port 80 HTTP and port 443 HTTPS)<\/p>\n\n\n\n
myCustomAppLoadBalancer.addListener(`App-80-Listener`, {\nport: 80,\ndefaultAction: elbv2.ListenerAction.redirect({\npermanent: true,\nport: '443',\nprotocol: 'HTTPS',\n})\n})\nconst myCustom443ApplicationListener =\n myCustomAppLoadBalancer.addListener(`App-443-Listener`, {\nport: 443,\ndefaultAction: elbv2.ListenerAction.fixedResponse(503, {\ncontentType: `text\/plain`,\nmessageBody: 'host not found',\n})\n})<\/code><\/pre>\n\n\n\nand the user’s certificate will be applied<\/p>\n\n\n\n
const wildcardListenerCertificate = elbv2.ListenerCertificate.fromArn(`${configFile.customer.certificate.arn}`)\nmyCustom443ApplicationListener.addCertificates(`Wildcard-${localUpperCustomer}-Cert`, [wildcardListenerCertificate])<\/code><\/pre>\n\n\n\nRDS Database <\/h2>\n\n\n\n
An RDS database is created, the settings are defined within a configuration file. Among these parameters we find:<\/p>\n\n\n\n
- Master username<\/li>
- Cluster name<\/li>
- List of security groups to be assigned<\/li>
- DB Engine to use<\/li>
- Backup configurations<\/li><\/ul>\n\n\n\n
Autoscaling Group<\/h2>\n\n\n\n
Thanks to the AWS Autoscaling service, we can configure thresholds that, once exceeded, will trigger the creation of a new instance that will be able to manage part of the traffic. <\/p>\n\n\n\n
In order to configure an Autoscaling group, it is necessary to provide a Launch Template (preferred by AWS) or a Launch Configuration (which is falling into disuse). For some reason, the AutoScaling construct provided by AWS CDK uses the Launch Configuration by default, but we expect the use of the Launch Template to be implemented in future versions of the class!<\/p>\n\n\n\n
Target group<\/h2>\n\n\n\n
The target group is created using the configurations provided by the user (from the config file) to manage the health checks with which to verify the integrity of the target resources. This target group will then be associated with the Application Load Balancer.<\/p>\n\n\n\n
Software Pipeline<\/h2>\n\n\n\n
The final destination …<\/p>\n\n\n\n
This pipeline deploys the customer’s software within the group of dedicated EC2 instances and is divided into the following stages.<\/p>\n\n\n\n
Build<\/h2>\n\n\n\n
It carries out tests on the code and, to do so, uses the functionality made available by CodeBuild through the use of the buildSpec.yaml file and a custom image on which to do the tests downloaded directly from the ECR service. The buildSpec file is a YAML file that contains the necessary configurations for the CodeBuild project:<\/p>\n\n\n\n
version: 0.2\nphases:\n install:\n commands:\n - echo Entered the install phase...\n finally:\n - echo This always runs even if the update or install command fails\n pre_build:\n commands:\n - echo Entered the pre_build phase...\n finally:\n - echo This always runs even if the login command fails\n build:\n commands:\n - echo Entered the build phase...\n finally:\n - echo This always runs even if the install command fails\n post_build:\n commands:\n - echo Entered the post_build phase...\n - echo Build completed on `date`\nartifacts:\n files:\n - location\n - location\n name: artifact-name<\/code><\/pre>\n\n\n\nIt allows you to give the customer full autonomy on the commands to be executed by the build job divided into sections.<\/p>\n\n\n\n
Manual approval<\/h2>\n\n\n\n
As with the infrastructure pipeline, we want to protect ourselves from unwanted updates that could cause downtime in the application. For this reason, every production release must be confirmed by a human.<\/p>\n\n\n\n
Deployment <\/h2>\n\n\n\n
Using the CodeDeploy service we can automate the updating of our virtual machines and the deployment of the newly approved code.<\/p>\n\n\n\n
new codedeploy.ServerDeploymentGroup(this, `Deployment-Group-${localUpperCustomer}-${localUpperEnvironment}`, {\ndeploymentGroupName: `${process.env.CUSTOMER}-${process.env.ENVIRONMENT}-deploy-group`,\nloadBalancer: codedeploy.LoadBalancer.application(props.targetGroup),\nautoScalingGroups: [props.asg],\nrole: softwarePipelineRole,\napplication: deployApp,\ndeploymentConfig: codedeploy.ServerDeploymentConfig.ONE_AT_A_TIME,\ninstallAgent: true,\nautoRollback: {\nfailedDeployment: true,\nstoppedDeployment: true\n}\n})<\/code><\/pre>\n\n\n\nAlso for this service the command management functionality from file comes to our aid. The file to put in the root of the software repository is called appspec.yaml.<\/p>\n\n\n\n
version: 0.0\nos: linux\nfiles:\n - source: \/\n destination: \/var\/www\/html\nhooks:\n BeforeInstall: # You can use this deployment lifecycle event for preinstall tasks, such as decrypting files and creating a backup of the current version\n - location: deployScript\/beforeInstall.sh\n timeout: 300\n runas: root\n\n# INSTALL \u2013 During this deployment lifecycle event, the CodeDeploy agent copies the revision files from the temporary location to the final destination folder. This event is reserved for the CodeDeploy agent and cannot be used to run scripts.\n\n AfterInstall: # You can use this deployment lifecycle event for tasks such as configuring your application or changing file permissions\n - location: deployScript\/afterInstall.sh\n timeout: 300\n runas: root\n\n ApplicationStart: # You typically use this deployment lifecycle event to restart services that were stopped during ApplicationStop\n - location: deployScript\/applicationStart.sh\n timeout: 300\n runas: root\n\n ValidateService: # This is the last deployment lifecycle event. It is used to verify the deployment was completed successfully.\n - location: deployScript\/validateService.sh\n timeout: 300\n runas: root<\/code><\/pre>\n\n\n\nTo conclude<\/h2>\n\n\n\n
When we see the iconic Succeeded<\/strong> label with the green flag next to the software pipeline, the entire process will be completed, and will be in possession of the machinery with our software installed and ready to be used.<\/p>\n\n\n\nWhen a customer asks us for a fleet of machines, we can easily create the dedicated configuration file and launch the deployment of the infrastructure stacks (the first repository analyzed in this article), and the “magic” of the IAC will do the rest allowing you to concentrate the efforts of the end user only on the development and maintenance of their own software.<\/p>\n\n\n\n
We hope you enjoyed the journey! Much more could be said about this topic, but this is a good way to get your hands dirty.<\/p>\n\n\n\n
What’s your experience with this topic? Did you build some kind of PaaS Virtual Host Vending Machine? Let us know in the comments!<\/p>\n\n\n\n
See you in 14 days for a new article on Proud2beCloud<\/strong><\/p>\n\n\n\n
\n\n\n\nAbout Proud2beCloud<\/h4>\n\n\n\n
Proud2beCloud is a blog by beSharp<\/a>, an Italian APN Premier Consulting Partner expert in designing, implementing, and managing complex Cloud infrastructures and advanced services on AWS. Before being writers, we are Cloud Experts working daily with AWS services since 2007. We are hungry readers, innovative builders, and gem-seekers. On Proud2beCloud, we regularly share our best AWS pro tips, configuration insights, in-depth news, tips&tricks, how-tos, and many other resources. Take part in the discussion!<\/p>\n","protected":false},"excerpt":{"rendered":"Welcome to the last chapter of our 3-article series about building PaaS on AWS. We started with a deep dive […]<\/p>\n","protected":false},"author":24,"featured_media":5157,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[242],"tags":[316,365,254,601,603],"yoast_head":"\n
PaaS on AWS: how to build it the perfect way \u2013 Part III - Proud2beCloud Blog<\/title>\n<meta name=\"description\" content=\"Automating configuration files creation and the deployment of the infrastructure stacks with IaC to provide ready-to-use machines fleets\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.besharp.it\/paas-on-aws-how-to-build-it-the-perfect-way-part-iii\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PaaS on AWS: how to build it the perfect way \u2013 Part III\" \/>\n<meta property=\"og:description\" content=\"Automating configuration files creation and the deployment of the infrastructure stacks with IaC to provide ready-to-use machines fleets\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.besharp.it\/paas-on-aws-how-to-build-it-the-perfect-way-part-iii\/\" \/>\n<meta property=\"og:site_name\" content=\"Proud2beCloud Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-11T06:14:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-11T06:14:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2022\/11\/Copertina-blog-11-11-22-_11-11-22-social-eng.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Antonio Callegari\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"PaaS on AWS: how to build it the perfect way \u2013 Part III\" \/>\n<meta name=\"twitter:description\" content=\"Automating configuration files creation and the deployment of the infrastructure stacks with IaC to provide ready-to-use machines fleets\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2022\/11\/Copertina-blog-11-11-22-_11-11-22-social-eng.png\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Antonio Callegari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.besharp.it\/paas-on-aws-how-to-build-it-the-perfect-way-part-iii\/\",\"url\":\"https:\/\/blog.besharp.it\/paas-on-aws-how-to-build-it-the-perfect-way-part-iii\/\",\"name\":\"PaaS on AWS: how to build it the perfect way \u2013 Part III - Proud2beCloud Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.besharp.it\/#website\"},\"datePublished\":\"2022-11-11T06:14:46+00:00\",\"dateModified\":\"2022-11-11T06:14:48+00:00\",\"author\":{\"@id\":\"https:\/\/blog.besharp.it\/#\/schema\/person\/980d9719e11f1d62bfb85ae2c78bba28\"},\"description\":\"Automating configuration files creation and the deployment of the infrastructure stacks with IaC to provide ready-to-use machines fleets\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.besharp.it\/paas-on-aws-how-to-build-it-the-perfect-way-part-iii\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.besharp.it\/paas-on-aws-how-to-build-it-the-perfect-way-part-iii\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.besharp.it\/paas-on-aws-how-to-build-it-the-perfect-way-part-iii\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.besharp.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PaaS on AWS: how to build it the perfect way \u2013 Part III\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.besharp.it\/#website\",\"url\":\"https:\/\/blog.besharp.it\/\",\"name\":\"Proud2beCloud Blog\",\"description\":\"il blog di beSharp\",\"alternateName\":\"Proud2beCloud Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.besharp.it\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.besharp.it\/#\/schema\/person\/980d9719e11f1d62bfb85ae2c78bba28\",\"name\":\"Antonio Callegari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.besharp.it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8e56339cc88d9062c917820606727f83?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8e56339cc88d9062c917820606727f83?s=96&d=mm&r=g\",\"caption\":\"Antonio Callegari\"},\"description\":\"DevOps Engineer @ beSharp. Born as a hardware-addicted, \u201cclassic\u201d system engineer, I also like jumping to the dark side: the Cloud! And you know the effect that this mix can make :) Hand-making is my first choice, but a bit of high-quality automation is welcome in my projects. My free time is split between my family and the music, both as a player, and sound engineer.\",\"url\":\"https:\/\/blog.besharp.it\/author\/antonio-callegari\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PaaS on AWS: how to build it the perfect way \u2013 Part III - Proud2beCloud Blog","description":"Automating configuration files creation and the deployment of the infrastructure stacks with IaC to provide ready-to-use machines fleets","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.besharp.it\/paas-on-aws-how-to-build-it-the-perfect-way-part-iii\/","og_locale":"en_US","og_type":"article","og_title":"PaaS on AWS: how to build it the perfect way \u2013 Part III","og_description":"Automating configuration files creation and the deployment of the infrastructure stacks with IaC to provide ready-to-use machines fleets","og_url":"https:\/\/blog.besharp.it\/paas-on-aws-how-to-build-it-the-perfect-way-part-iii\/","og_site_name":"Proud2beCloud Blog","article_published_time":"2022-11-11T06:14:46+00:00","article_modified_time":"2022-11-11T06:14:48+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/blog.besharp.it\/wp-content\/uploads\/2022\/11\/Copertina-blog-11-11-22-_11-11-22-social-eng.png","type":"image\/png"}],"author":"Antonio Callegari","twitter_card":"summary_large_image","twitter_title":"PaaS on AWS: how to build it the perfect way \u2013 Part III","twitter_description":"Automating configuration files creation and the deployment of the infrastructure stacks with IaC to provide ready-to-use machines fleets","twitter_image":"https:\/\/blog.besharp.it\/wp-content\/uploads\/2022\/11\/Copertina-blog-11-11-22-_11-11-22-social-eng.png","twitter_misc":{"Written by":"Antonio Callegari","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.besharp.it\/paas-on-aws-how-to-build-it-the-perfect-way-part-iii\/","url":"https:\/\/blog.besharp.it\/paas-on-aws-how-to-build-it-the-perfect-way-part-iii\/","name":"PaaS on AWS: how to build it the perfect way \u2013 Part III - Proud2beCloud Blog","isPartOf":{"@id":"https:\/\/blog.besharp.it\/#website"},"datePublished":"2022-11-11T06:14:46+00:00","dateModified":"2022-11-11T06:14:48+00:00","author":{"@id":"https:\/\/blog.besharp.it\/#\/schema\/person\/980d9719e11f1d62bfb85ae2c78bba28"},"description":"Automating configuration files creation and the deployment of the infrastructure stacks with IaC to provide ready-to-use machines fleets","breadcrumb":{"@id":"https:\/\/blog.besharp.it\/paas-on-aws-how-to-build-it-the-perfect-way-part-iii\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.besharp.it\/paas-on-aws-how-to-build-it-the-perfect-way-part-iii\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.besharp.it\/paas-on-aws-how-to-build-it-the-perfect-way-part-iii\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.besharp.it\/"},{"@type":"ListItem","position":2,"name":"PaaS on AWS: how to build it the perfect way \u2013 Part III"}]},{"@type":"WebSite","@id":"https:\/\/blog.besharp.it\/#website","url":"https:\/\/blog.besharp.it\/","name":"Proud2beCloud Blog","description":"il blog di beSharp","alternateName":"Proud2beCloud Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.besharp.it\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.besharp.it\/#\/schema\/person\/980d9719e11f1d62bfb85ae2c78bba28","name":"Antonio Callegari","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.besharp.it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8e56339cc88d9062c917820606727f83?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8e56339cc88d9062c917820606727f83?s=96&d=mm&r=g","caption":"Antonio Callegari"},"description":"DevOps Engineer @ beSharp. Born as a hardware-addicted, \u201cclassic\u201d system engineer, I also like jumping to the dark side: the Cloud! And you know the effect that this mix can make :) Hand-making is my first choice, but a bit of high-quality automation is welcome in my projects. My free time is split between my family and the music, both as a player, and sound engineer.","url":"https:\/\/blog.besharp.it\/author\/antonio-callegari\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/posts\/5141"}],"collection":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/comments?post=5141"}],"version-history":[{"count":0,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/posts\/5141\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/media\/5157"}],"wp:attachment":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/media?parent=5141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/categories?post=5141"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/tags?post=5141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}