Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auto-scaling for AWS deployment. #299

Merged
merged 3 commits into from
Feb 13, 2025
Merged

Auto-scaling for AWS deployment. #299

merged 3 commits into from
Feb 13, 2025

Conversation

setrofim
Copy link
Collaborator

This re-writes the AWS depoyment to use auto-scaling groups behind load balancers rather than fixed instances. This also improves the security of the deployment by moving EC2 and RDS instances into private subnets. Finally, the service is now publically accessible via a fixed domain name.

@setrofim
fix(github): update upload-artifacts action to v4
ae2b338 
v3 has been deprecated, causing integration-tests run to fail.

Signed-off-by: Sergei Trofimov <[email protected]>
@setrofim
fix(aws): add missing psycopg2 dependency
d8916d3 
Add the missing psycopg2 (Postres client lib) to requirements.txt for
the aws deployment Python enviroment.

Signed-off-by: Sergei Trofimov <[email protected]>
yogeshbdeshpande
yogeshbdeshpande reviewed Feb 10, 2025
View reviewed changes
Copy link
Collaborator

@yogeshbdeshpande yogeshbdeshpande left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for these changes, will continue reviewing the same -today/tomorrow!

@setrofim setrofim force-pushed the aws branch 2 times, most recently from 32049ab to 218d795 Compare February 11, 2025 09:00
thomas-fossati
thomas-fossati reviewed Feb 12, 2025
View reviewed changes
Copy link
Contributor

@thomas-fossati thomas-fossati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An impressive amount of work, thanks!

I have a few easy questions inline.

deployments/aws/README.md Outdated Show resolved Hide resolved
deployments/aws/env/env.bash Outdated Show resolved Hide resolved
deployments/aws/templates/services-config.yaml.template
protocol: https
cert: /opt/veraison/certs/provisioning.crt
cert-key: /opt/veraison/certs/provisioning.key
protocol: http
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just so that I understand: we do HTTP here because TLS termination is on the load balancers?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that is correct.

deployments/aws/templates/stack-services.yaml Outdated Show resolved Hide resolved
deployments/aws/templates/stack-services.yaml Outdated Show resolved Hide resolved
@setrofim setrofim force-pushed the aws branch 3 times, most recently from 3e3a3ee to 729c6df Compare February 12, 2025 14:34
yogeshbdeshpande
yogeshbdeshpande approved these changes Feb 13, 2025
View reviewed changes
Copy link
Collaborator

@yogeshbdeshpande yogeshbdeshpande left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Put some minor questions and .nits but in general LGTM! You can submit, addressing the minor points!

deployments/aws/README.md Show resolved Hide resolved
deployments/aws/env/env.bash Outdated Show resolved Hide resolved
deployments/aws/env/env.zsh Outdated Show resolved Hide resolved
@setrofim
feat(aws): auto-scaled AWS deployment
02c2cdd 
Restructure AWS deployment to use load balancers and auto-scaled service
instances.

- This deployment requires a domain to be registered in Route53.
- TLS is relegated to the load balancers. This requires for a
  certificate associate with the registered domain to be created
  inside ACM.
- RDS and EC2 instances now run inside private subnets and are not
  directly accessible by the outside world. A sentinel instance exists
  to provide indirect access, e.g. when setting up the databases.

Signed-off-by: Sergei Trofimov <[email protected]>
@setrofim setrofim merged commit 733d0ba into main Feb 13, 2025
9 checks passed
@setrofim setrofim deleted the aws branch February 13, 2025 11:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yogeshbdeshpande yogeshbdeshpande yogeshbdeshpande approved these changes

@thomas-fossati thomas-fossati thomas-fossati approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@setrofim @thomas-fossati @yogeshbdeshpande