Small SDK shim + Metadata endpoint for Yearn
The service can be deployed using GitHub actions. The service is deployed on the infrastructure described here.
To set up GitHub actions, you will first need to create a AWS User with the proper IAM policy to deploy the service.
Here is the minimal policy you need:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "RegisterTaskDefinition",
"Effect": "Allow",
"Action": [
"ecs:RegisterTaskDefinition",
"ecs:DescribeTaskDefinition"
],
"Resource": "*"
},
{
"Sid": "PassRolesInTaskDefinition",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::<aws account id>:role/<yearn api task definition execution role>",
"arn:aws:iam::<aws account id>:role/<yearn api task definition task role>"
]
},
{
"Sid": "DeployService",
"Effect": "Allow",
"Action": [
"ecs:UpdateService",
"ecs:DescribeServices"
],
"Resource": [
"arn:aws:ecs:*:<aws account id>:service/yearn-api-cluster/YearnAPIService"
]
},
{
"Sid": "GetAuthorizationToken",
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken"
],
"Resource": "*"
},
{
"Sid": "AllowPush",
"Effect": "Allow",
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload"
],
"Resource": "arn:aws:ecr:us-east-1:<aws account id>:repository/yearn-api-repo"
}
]
}
Replace the following placeholders:
<aws account id>
- Your aws account id<yearn api task definition execution role>
- The name of the task definition execution role. This should be automatically created when your create the infrastructure<yearn api task definition task role>
- The name of the task definition task role. This should be automatically created when you create the infrastructure
Create a new AWS user and attach the newly created policy to that user.
Create a new GitHub environment in the repo called production
. Add the following secrets in the new environment (use the credentials of the new user you just created):
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
IMPORTANT
Optionally, setup environment protection rules to control who is able to deploy a new version of the app.
To deploy, run the build and deploy workflow from the actions page.
$ make
$ make down
$ PROD=true make