feat: Introduce GuCDK to AMIgo #598
Conversation
akash1810
force-pushed
the
aa-cdk
branch
5 times, most recently
from
f205fbb to
5a4d653
Compare
akash1810
force-pushed
the
aa-cdk
branch
3 times, most recently
from
2c51645 to
656fb08
Compare
akash1810
changed the title
akash1810
changed the title
| @@ -0,0 +1,10 @@ | |||
| # editorconfig.org | |||
There was a problem hiding this comment.
Boring config file, can be ignored.
| @@ -0,0 +1,4 @@ | |||
| node_modules | |||
There was a problem hiding this comment.
Boring config file, can be ignored.
| @@ -0,0 +1,20 @@ | |||
| module.exports = { | |||
There was a problem hiding this comment.
Boring config file, can be ignored.
| @@ -0,0 +1,11 @@ | |||
| *.js | |||
There was a problem hiding this comment.
Boring config file, can be ignored.
| @@ -0,0 +1 @@ | |||
| v14.17.1 | |||
There was a problem hiding this comment.
Boring config file, can be ignored.
| @@ -0,0 +1,7 @@ | |||
| module.exports = { | |||
There was a problem hiding this comment.
Boring config file, can be ignored.
| @@ -0,0 +1 @@ | |||
| jest.mock("@guardian/cdk/lib/constants/tracking-tag"); | |||
There was a problem hiding this comment.
Boring config file, can be ignored.
| @@ -0,0 +1,41 @@ | |||
| { | |||
There was a problem hiding this comment.
Boring config file, can be ignored.
| @@ -0,0 +1,5 @@ | |||
| { | |||
There was a problem hiding this comment.
Boring config file, can be ignored.
| @@ -0,0 +1,37 @@ | |||
| { | |||
There was a problem hiding this comment.
Boring config file, can be ignored.
Including the YAML template in the CDK stack should allow us to successfully use the CDK definition in CI/CD.
What does this change?
In this change we begin the migration from defining the AWS infrastructure in Cloudformation YAML into CDK using the GuCDK library.
This change does the bare minimum to get us into a place where CD is using a CDK defined stack:
CfnIncludeto bring the YAML file into the stackThis is stage one of our migration process and is inspired by AWS's recommendations.
This change does yield a Cloudformation change (see change set from CODE below), however it is only tag based and doesn't replace any resources. GuCDK adds two additional tags to all resources:
gu:cdk:versionto track which version of the library is being usedgu:repoto help identify which repository a stack is defined inThe change will also slightly change the
Stageparameter of the stack, moving to aGuCDKparameter which sets theallowedValuesproperty to["CODE", "PROD"].That is, merging this and having RiffRaff update the stack as part of CD is safe 👍.
Indeed, this branch has been deployed to CODE already w/out issue 🎉.
Cloudformation change set JSON from CODE stack
[ { "resourceChange": { "logicalResourceId": "AmigoDataBucket", "action": "Modify", "physicalResourceId": "amigo-data-code", "resourceType": "AWS::S3::Bucket", "replacement": "False", "moduleInfo": null, "details": [ { "target": { "name": null, "requiresRecreation": "Never", "attribute": "Tags" }, "causingEntity": null, "evaluation": "Static", "changeSource": "DirectModification" } ], "changeSetId": null, "scope": [ "Tags" ] }, "hookInvocationCount": null, "type": "Resource" }, { "resourceChange": { "logicalResourceId": "ApplicationSecurityGroup", "action": "Modify", "physicalResourceId": "sg-3e9aa845", "resourceType": "AWS::EC2::SecurityGroup", "replacement": "False", "moduleInfo": null, "details": [ { "target": { "name": null, "requiresRecreation": "Never", "attribute": "Tags" }, "causingEntity": null, "evaluation": "Static", "changeSource": "DirectModification" } ], "changeSetId": null, "scope": [ "Tags" ] }, "hookInvocationCount": null, "type": "Resource" }, { "resourceChange": { "logicalResourceId": "AutoscalingGroup", "action": "Modify", "physicalResourceId": "amigo-CODE-AutoscalingGroup-NH1WPW6904Q1", "resourceType": "AWS::AutoScaling::AutoScalingGroup", "replacement": "False", "moduleInfo": null, "details": [ { "target": { "name": null, "requiresRecreation": "Never", "attribute": "Tags" }, "causingEntity": null, "evaluation": "Static", "changeSource": "DirectModification" } ], "changeSetId": null, "scope": [ "Tags" ] }, "hookInvocationCount": null, "type": "Resource" }, { "resourceChange": { "logicalResourceId": "LoadBalancerSecurityGroup", "action": "Modify", "physicalResourceId": "sg-ca94a6b1", "resourceType": "AWS::EC2::SecurityGroup", "replacement": "False", "moduleInfo": null, "details": [ { "target": { "name": null, "requiresRecreation": "Never", "attribute": "Tags" }, "causingEntity": null, "evaluation": "Static", "changeSource": "DirectModification" } ], "changeSetId": null, "scope": [ "Tags" ] }, "hookInvocationCount": null, "type": "Resource" }, { "resourceChange": { "logicalResourceId": "LoadBalancer", "action": "Modify", "physicalResourceId": "amigo-COD-LoadBala-5RPZEVQWROFM", "resourceType": "AWS::ElasticLoadBalancing::LoadBalancer", "replacement": "False", "moduleInfo": null, "details": [ { "target": { "name": null, "requiresRecreation": "Never", "attribute": "Tags" }, "causingEntity": null, "evaluation": "Static", "changeSource": "DirectModification" } ], "changeSetId": null, "scope": [ "Tags" ] }, "hookInvocationCount": null, "type": "Resource" }, { "resourceChange": { "logicalResourceId": "PackerSecurityGroup", "action": "Modify", "physicalResourceId": "sg-0838981165e601949", "resourceType": "AWS::EC2::SecurityGroup", "replacement": "False", "moduleInfo": null, "details": [ { "target": { "name": null, "requiresRecreation": "Never", "attribute": "Tags" }, "causingEntity": null, "evaluation": "Static", "changeSource": "DirectModification" } ], "changeSetId": null, "scope": [ "Tags" ] }, "hookInvocationCount": null, "type": "Resource" }, { "resourceChange": { "logicalResourceId": "RootRole", "action": "Modify", "physicalResourceId": "amigo-CODE-RootRole-8KESEWJR46LO", "resourceType": "AWS::IAM::Role", "replacement": "False", "moduleInfo": null, "details": [ { "target": { "name": null, "requiresRecreation": "Never", "attribute": "Tags" }, "causingEntity": null, "evaluation": "Static", "changeSource": "DirectModification" } ], "changeSetId": null, "scope": [ "Tags" ] }, "hookInvocationCount": null, "type": "Resource" } ]How to test
CI has been updated to run linting and unit tests on the CDK project, so a green build is one test. Another test would be to deploy this change to CODE and witness it succeed.
How can we measure success?
We're making the first step of migrating to CDK to define the AWS Cloudformation stack and have CI/CD wired up too.
This unlocks the next step which is to start defining resources of the stack in CDK. We should be able to do this on an individual resource basis now too.
Have we considered potential risks?
This change places us in a strange hybrid world of CFN YAML and CDK. This might get confusing if we have to make out of band changes for some reason. However, as the YAML template is in the same location, it shouldn't cause too many issues (I think only issue is snapshot tests would fail in CI and would need to be updated). We're not planning on staying in this state for too long though and the next few changes will be targeted at improving this hybrid world.