This will deploy a simple website (html+typescript) & api (python), to view deployed ec2 instances Authentication is handled by Cognito Deployment is handled by cloudformation (for more details see make file) Integration testing is handled by behave & selenium
- Deploy the cloudformation without Certificates
make init DOMAIN=example.com
- Update DNS Nameservers for the domain to point to the created hostedzone (outputs Nameservers)
- Execute the change set against the stack
Updates can be run with make all DOMAIN=example.com
or via CI
CI/CD is automatically configured using OIDC, to enable it commit back the changes in the .github
directory
that are generated by all
, init
or configure-ci
The DeploymentRole
role cannot deploy IAM changes by design,
these must be deployed using a Pull Requests and an admin/authorized user executing the change set.
- Browse to chosen domain, click login and sign-up via cognito
- Login to the Cognito dashboard and confirm the user
- Browse to chosen domain and click login
To allow login with Google & Facebook:
- Create a client on the provider (Google, Facebook)
- Run
make configure-idp DOMAIN=example.com PROVIDER=(Google|Facebook) ID=1234 SECRET=Hunter1
The website is built using typescript and webpack, webpack needs 2 environment variables to be present
DOMAIN
CLIENT_ID
It's very basic and rolled by hand without a framework.
Pros: Code is simple and can audited Cons: It's probably grown to the point where it would be easier to just use react/similar
The api is built as a single file using python3
Very basic
Doesn't handle NextToken to avoid state/gaps/expiry in pagination results
Pros: Code is simple and can audited Cons: single file doesn't transform into testable & deployable easily on lambda
The infrastructure is built using cloudformation
Tests are written in behave and test both the API and frontend
Note that the tests requires:
- A Default VPC to exist (otherwise update
tests/steps/instance_cloudformation.yaml
)
If running manually, the privilages required can be seen under the DeploymentRole
policies
The following areas could be improved
- Frontend - Move to framework
- Move packaging back to webpack
- automatically re-direct to login page when unauthed
- API - move to proper repo structure
- Infrastructure
- Look into using terraform to configure IDPs