README
Table of Contents
Introduction
This is a collection of internally maintained CDK constructs used by various projects.
Buildkite pipeline: a-cloud-guru/infra-cdk-constructs
Quick Start
-
Using a construct:
-
Add this package to your projects
package.json
:yarn add @a-cloud-guru/cdk-constructs
-
Inside your CDK application you can now import constructs
import { RdsCluster, Engine } from '@a-cloud-guru/cdk-constructs';
-
-
Adding a new construct:
- Create a file for the construct in
./lib/
with the naming convention<ConstructName>.ts
. This will house the construct itself. - Create tests for the construct in
./test/
with the naming convention<ConstructName>.test.ts
. This will house jest tests for the construct. - Update
./lib/index.ts
to ensure that the new construct is being exported - Update the package's
version
number in./package.json
- Create a file for the construct in
-
Building a new package:
-
Update
./package.json
to ensure a newversion
is being published -
Run available tests
yarn test
and fix any breakages -
Use
npm
to create a release candidate:npm run build
-
Use
npm
to publish the package (requires anNPM_TOKEN
env var):npm publish
# Build package npm run build # Publish release NPM_TOKEN=<x>
-
Listener Priority Reservations
Each use of the ContainerizedApp
pattern requires a unique listener priority
to use in the shared Application Load Balancer listener rule. Because of this
requiremet a list of the currently reserved priorities is being tracked within
confluence.
List of Application Listener Priority Reservations
When using this pattern in staging or production ensure to use/update this list.
Repo Layout
These are some of the major landmarks inside this repo:
./lib -- Contains each of the constructs being made available
./lib/index.ts -- Main entrypoint, only meant to export availble constructs
./test -- Contains jest tests for IaC constructs
./examples -- Contains usage examples of available constructs
./package.json -- Dependency management and versioning
Testing
This project is currently being tested using the jest framework as described by the CDK's getting started guide on testing.
All tests can be found in the ./test/
directory and must end with a prefix of .test.js
. Ideally each construct has an accompanied test suite with the same name as the construct in ./lib/
To run all available IaC tests use the following:
yarn test
Default Opinions
Almost all of the opinions expressed below can be overriden at synth time
-
ALB:
- Deletion protection enabled for "production" stage.
- internetFacing: true
-
ECR:
-
ContainerizedApp:
- Services are deployed to Fargate clusters
- When
desiredServiceCount
is unspecified a default of3
is used._ - Container Image can be pinned to a specific commit using the
COMMIT_HASH
environment variable - LoadBalancer attached to services is publicly exposed
- When
registrationTimeout
is unspecified a default of300
is used - When
circuitBreakerRollback
is unspecified rollbacks are set totrue
- When
containerInsights
is unspecified containerInsights default totrue
.
-
RdsCluster:
- When no
databaseEngine
is specifiedPostgreSQL
is the default - Storage is encrypted with a
kms_key
, if nokms_key_arn
is provided one is created. - When no
backupRetention
period is specified the default is35
days (cdk enforcesRetention period must be between 1 and 35.
) - When no
backupWindow
is specified a default of08:00-09:00
is used (this is UTC and must be at least 30 minutes long). - Due to limited support (Only Legacy Aurora MySQL) no support for
backtrackWindow
is provided. - All parameter groups, by default, have
max_connections
set to16000
- When
enablePerformanceInsights
is unspecified it defaults totrue
- When
deletionProtection
is unspecified it defaults totrue
- Serverless:
-
backupWindow
has no effect on Serverless clusters - Serverless does not support
backtrackWindow
. - Serverless does not support
enablePerformanceInsights
-
- Legacy MySQL:
- Performance insights requires a InstanceClass higher than t3, we default to
r3.large
.
- Performance insights requires a InstanceClass higher than t3, we default to
- Legacy PostgreSQL
- Aurora PostgreSQL does not support a
backtrackWindow
.
- Aurora PostgreSQL does not support a
- When no
-
RedisCluster:
- One Redis cluster per application
- When
cacheNodeType
is unspecified a size ofcache.t2.small
is used - When
numCacheNodes
is unspecified a size of1
is used
-
Security Groups:
- Default security groups whitelist the following
- Internal: 0.0.0.0/0:0 => 0.0.0.0/0:(3306|5432) (RDS)
- Internal: 0.0.0.0/0:0 => 0.0.0.0/0:6379 (Redis)
- Public: 0.0.0.0/0:0 => 0.0.0.0/0:(80) (Expose ALB to internet traffic)
- Default security groups whitelist the following
Useful commands
-
npm run build
compile typescript to js -
npm run watch
watch for changes and compile -
npm run test
perform the jest unit tests