Review 1 - initial changes for the second blog post (#5)

* Review 1 - initial changes for the second blog post

* Review 1 - initial changes for the second blog post

* Review 1 - initial changes for the second blog post

.github/workflows/docker-ci.yml

@@ -8,7 +8,7 @@ env:
   # Use docker.io for Docker Hub if empty
   REGISTRY: docker.io
   # github.repository as <account>/<repo>
-  IMAGE_NAME: ${{ github.repository }}
+  IMAGE_NAME: jaimenavarro/web-container
   # Docker username
   USERNAME: ${{ github.actor }}
   # Docker password
@@ -22,7 +22,7 @@ jobs:
     - uses: actions/checkout@v3
     - name: Build the Docker image
       run: |
-        cd dummy-server/
+        cd web-server-container/
         docker build . --file Dockerfile --tag ${{ env.IMAGE_NAME }}:$(date +%Y%m%d)
     - name: List docker images
       run: docker images

README.md

@@ -6,22 +6,22 @@ This project has been created as a support for a series of blog posts so that yo
 
 It contains the following folders:
 ```
-├── dummy-server
 ├── infrastructure
+├── web-server-container
 └── README.md
 ```
 * **infrastructure**: This folder contains the AWS infrastructure deployed by CDK (Typescript).
-* **dummy-server**: This folder contains the container that runs in the infrastructure deployed previously.
+* **web-server-container**: This folder contains the web server container that runs inside the infrastructure deployed previously.
 
 # External resources
 You will need to create or have the following resources before deploying these stacks:
 * [Create an AWS account](https://repost.aws/knowledge-center/create-and-activate-aws-account)
 * Create a DNS Hosting account in [ClouDNS](https://www.cloudns.net) (with free account)
 
 # Article References
-| Article Link                                                                                   | Description                                                                                                                                     | Owner         |
-|------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------|---------------|
-| [Revisiting networking concepts from the client’s perspective](https://xebia.com/blog/)        | The first article doesn't have any infrastructure to be deployed                                                                                | Jaime Navarro |
-| [Deploy and Secure Web Public Endpoints](https://xebia.com/blog/)                              | In this section, we will review the deployment process for the related [infrastructure in this blog post](infrastructure/blog_post_2/README.md) | Jaime Navarro |
-| [Region Evacuation with DNS approach](https://xebia.com/blog/)                                 | In this section, we will review the deployment process for the related [infrastructure in this blog post](infrastructure/blog_post_3/README.md) | Jaime Navarro |
-| [Region Evacuation with static anycast IP approach](https://xebia.com/blog/)                   | In this section, we will review the deployment process for the related [infrastructure in this blog post](infrastructure/blog_post_4/README.md) | Jaime Navarro |
+| Article Link                                                                            | Description                                                                                                                                     | Owner         |
+|-----------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------|---------------|
+| [Revisiting networking concepts from the client’s perspective](https://xebia.com/blog/) | The first article doesn't have any infrastructure to be deployed                                                                                | Jaime Navarro |
+| [Deploy Secure Public Web Endpoints](https://xebia.com/blog/)                           | In this section, we will review the deployment process for the related [infrastructure in this blog post](infrastructure/blog_post_2/README.md) | Jaime Navarro |
+| [Region Evacuation with DNS approach](https://xebia.com/blog/)                          | In this section, we will review the deployment process for the related [infrastructure in this blog post](infrastructure/blog_post_3/README.md) | Jaime Navarro |
+| [Region Evacuation with static anycast IP approach](https://xebia.com/blog/)            | In this section, we will review the deployment process for the related [infrastructure in this blog post](infrastructure/blog_post_4/README.md) | Jaime Navarro |

infrastructure/blog_post_2/README.md

@@ -26,15 +26,15 @@ In [ClouDNS](https://www.cloudns.net) set up the following:
 * Create a free DNS Hosted Zone (Example case: subdomain-**xx**.cloudns.ph)
 
 In this GitHub repository, update the [configuration file](./config/environment.ts) with your own public domain name.
-* DNS_ZONE_NAME: "_subdomain-**yy**.subdomain-**xx**.cloudns.ph_"
+* DNS_ZONE_NAME: "_subdomain-2.subdomain-**xx**.cloudns.ph_"
 
 ```javascript
 export const AppConfig = {
   VPC_NAME: 'fargate-test',
   CLUSTER_NAME: 'fargate-test',
   APP_NAME: 'app-region-evacuation',
   DNS_ZONE_NAME: 'subdomain-2.subdomain-1.cloudns.ph',
-  INTERNAL_DNS: 'edge'
+  INTERNAL_DNS: 'web-container'
 };
 ```
 
@@ -84,7 +84,7 @@ ns-724.awsdns-26.net.
 
 Go to your account in [ClouDNS](https://www.cloudns.net/) and open your free DNS zone (For our example was subdomain-**xx**.cloudns.ph). We will add four NS records, one for each authoritative DNS servers
 * Type: NS record
-* Host: subdomain-**yy**.subdomain-**xx**.cloudns.ph
+* Host: subdomain-2.subdomain-**xx**.cloudns.ph
 * Points to: ns-231.awsdns-28.com
 
 You can confirm that the NS records are working fine by using the following online tool. **Keep in mind to use your own domain name. (For our example was subdomain-**xx**.cloudns.ph)**
@@ -98,8 +98,8 @@ npx cdk synth --debug -vv
 ```
 
 ## Step 8 - Deploy Second CDK Stack
-In this step, we will deploy web container tasks (dummy-server) in Fargate Cluster and its related infrastructure in (us-east-1):
-* Deploys the web container tasks (dummy-server) in Fargate Cluster
+In this step, we will deploy web container tasks (web-server-container) in Fargate Cluster and its related infrastructure in (us-east-1):
+* Deploys the web container tasks in Fargate Cluster
 * Creates a public certificate in ACM. ( Step 6 needs to be working)
 * Creates Application Load Balancer with the previously created certificate
 * Creates Route53 DNS records to reach the web container.
@@ -112,15 +112,16 @@ You can review the status of your CDK deployment from AWS console [CloudFormatio
 ## Validations Steps
 You can use the following online resources to confirm that your public endpoint is available and the certificate is valid.
 > **Warning** Update the following domains with your own domain name.
-* Online DNS validation tool: https://dnschecker.org/#A/edge-us-east-1.subdomain-2.subdomain-1.cloudns.ph
-* Online SSL/TLS validation tool: https://www.sslshopper.com/ssl-checker.html#hostname=https://edge-us-east-1.subdomain-2.subdomain-1.cloudns.ph/
+* Online DNS validation tool: https://dnschecker.org/#A/web-container-us-east-1.subdomain-2.subdomain-1.cloudns.ph
+* Online SSL/TLS validation tool: https://www.sslshopper.com/ssl-checker.html#hostname=https://web-container-us-east-1.subdomain-2.subdomain-1.cloudns.ph/
 ```bash
-curl -v https://edge-us-east-1.subdomain-2.subdomain-1.cloudns.ph
+curl -v https://web-container-us-east-1.subdomain-2.subdomain-1.cloudns.ph
 ```
 
 ## Remove all resources from your AWS account
 In order to remove all the resources go to your [cloudformation console](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1) and delete the stacks in the inverse order:
 1. stage-2/app-region-evacuation-service-us-east-1 (*app-region-evacuation-service*)
-2. stage-1/app-region-evacuation-basic-infrastructure-us-east-1 (*app-region-evacuation-basic-infrastructure*)
+2. Remove the DNS records with type CNAME in [Route 53](https://us-east-1.console.aws.amazon.com/route53/v2/hostedzones?region=us-east-1#) created by Certificates Manager
+3. stage-1/app-region-evacuation-basic-infrastructure-us-east-1 (*app-region-evacuation-basic-infrastructure*)
 
 

infrastructure/blog_post_2/config/environment.ts

@@ -1,19 +1,13 @@
 // Shared values that are the same across all environments
 export const AppConfig = {
-  VPC_NAME: 'fargate-test',
-  CLUSTER_NAME: 'fargate-test',
+  VPC_NAME: 'vpc-web-container',
+  CLUSTER_NAME: 'fargate-cluster-web-container',
   APP_NAME: 'app-region-evacuation',
   DNS_ZONE_NAME: 'subdomain-2.subdomain-1.cloudns.ph',
-  INTERNAL_DNS: 'edge',
-  DOCKER_IMAGE: 'jaimenavarro/aws-cdk-region-evacuation',
+  INTERNAL_DNS: 'web-container',
+  DOCKER_IMAGE: 'jaimenavarro/web-container'
 };
 
 export const TargetRegions = ['us-east-1'];
 
 export const PRIMARY_REGION = 'us-east-1';
-
-export const TAG_RESOURCES_USED_BY_ROUTE53_ARC_READINESS = {
-  key: 'route53-arc',
-  value: 'resource-used-by-route53-arc'
-};
-

infrastructure/blog_post_2/lib/stage-1/stacks/deploy-basic-infrastructure-stack.ts

@@ -1,9 +1,9 @@
 import route53 = require('aws-cdk-lib/aws-route53');
 import ec2 = require('aws-cdk-lib/aws-ec2');
 import ecs = require('aws-cdk-lib/aws-ecs');
-import { Stack, StackProps, Tags } from 'aws-cdk-lib';
+import { Stack, StackProps } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
-import { AppConfig, PRIMARY_REGION, TAG_RESOURCES_USED_BY_ROUTE53_ARC_READINESS } from '../../../config/environment';
+import { AppConfig, PRIMARY_REGION } from '../../../config/environment';
 
 /**
  * Stack for deploying the basic infrastructure in one region
@@ -17,13 +17,9 @@ export class DeployBasicInfrastructureStack extends Stack {
     if (props?.env?.region === PRIMARY_REGION) {
       this.createRoute53PublicHostedZone();
     }
-    // Create VPC and ECS Cluster in each region
+    // Create VPC in each region
     const vpc = new ec2.Vpc(this, 'MyVpc', { vpcName: AppConfig.VPC_NAME, maxAzs: 2 });
-    Tags.of(vpc).add(
-      TAG_RESOURCES_USED_BY_ROUTE53_ARC_READINESS.key,
-      TAG_RESOURCES_USED_BY_ROUTE53_ARC_READINESS.value
-    );
-    // Create ECS Cluster
+    // Create ECS Cluster in each region
     new ecs.Cluster(this, 'Cluster', { clusterName: AppConfig.CLUSTER_NAME, vpc });
   }
 
@@ -33,7 +29,7 @@ export class DeployBasicInfrastructureStack extends Stack {
   private createRoute53PublicHostedZone() {
     new route53.PublicHostedZone(this, 'create-dns-zone.cloudns.ph', {
       zoneName: AppConfig.DNS_ZONE_NAME,
-      comment: 'Edge deployment for sandbox-1'
+      comment: 'Web container public hosted zone'
     });
   }
 }

infrastructure/blog_post_2/lib/stage-1/stages/deploy-basic-infrastructure-stage.ts

@@ -9,7 +9,7 @@ interface DeployBasicInfrastructureStageProps extends StageProps {
 
 /**
  * Stage for deploying the basic infrastructure in all the regions
- * 1. Create Route53 Public Hosted Zone and Activate DNSSEC
+ * 1. Create Route53 Public Hosted Zone
  * 2. Create VPC and ECS Cluster in each region
  */
 export class DeployBasicInfrastructureStage extends Stage {

infrastructure/blog_post_2/lib/stage-2/stacks/deploy-service-stack.ts

@@ -3,9 +3,9 @@ import ec2 = require('aws-cdk-lib/aws-ec2');
 import ecs = require('aws-cdk-lib/aws-ecs');
 import ecs_patterns = require('aws-cdk-lib/aws-ecs-patterns');
 import * as acm from 'aws-cdk-lib/aws-certificatemanager';
-import { Duration, Stack, StackProps, Tags } from 'aws-cdk-lib';
+import { Duration, Stack, StackProps } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
-import { AppConfig, TAG_RESOURCES_USED_BY_ROUTE53_ARC_READINESS } from '../../../config/environment';
+import { AppConfig } from '../../../config/environment';
 import { LoadBalancerTarget } from 'aws-cdk-lib/aws-route53-targets';
 
 /**
@@ -14,7 +14,6 @@ import { LoadBalancerTarget } from 'aws-cdk-lib/aws-route53-targets';
  * 2. Deploys an application load balancer
  * 3. Deploys a container inside Fargate cluster
  * 4. Creates public DNS records to reach the load balancer
- * 5. Creates a CloudWatch alarm to monitor the health of the service
  */
 export class DeployServiceStack extends Stack {
   constructor(scope: Construct, id: string, props: StackProps) {
@@ -72,7 +71,7 @@ export class DeployServiceStack extends Stack {
   }
 
   /**
-   * Create Fargate Service and its related ALB for our dummy-server container
+   * Create Fargate Service and its related ALB for our web-server container
    * @param cluster
    * @param certificate
    * @param props
@@ -85,16 +84,12 @@ export class DeployServiceStack extends Stack {
     const fargateAlbService = new ecs_patterns.ApplicationLoadBalancedFargateService(this, 'FargateService', {
       cluster: cluster,
       certificate: certificate,
-      loadBalancerName: 'edge-' + props.env?.region,
+      loadBalancerName: AppConfig.INTERNAL_DNS + '-' + props.env?.region,
       taskImageOptions: {
         image: ecs.ContainerImage.fromRegistry(AppConfig.DOCKER_IMAGE),
         environment: { REGION: `${props.env?.region}` }
       }
     });
-    Tags.of(fargateAlbService.loadBalancer).add(
-      TAG_RESOURCES_USED_BY_ROUTE53_ARC_READINESS.key,
-      TAG_RESOURCES_USED_BY_ROUTE53_ARC_READINESS.value
-    );
 
     // Configure targetGroup in our ALB
     fargateAlbService.targetGroup.configureHealthCheck({
@@ -109,7 +104,7 @@ export class DeployServiceStack extends Stack {
   }
 
   /**
-   * Create DNS record to reach the ALB from the internet
+   * Create DNS record to reach the ALB from the Internet
    * @param hostedZone
    * @param fargateAlbService
    * @param props
@@ -122,7 +117,7 @@ export class DeployServiceStack extends Stack {
     // Create DNS A Record to reach our service
     new route53.ARecord(this, 'Record', {
       zone: hostedZone,
-      recordName: 'edge-' + props.env?.region,
+      recordName: AppConfig.INTERNAL_DNS + '-' + props.env?.region,
       target: route53.RecordTarget.fromAlias(new LoadBalancerTarget(fargateAlbService.loadBalancer)),
       ttl: Duration.minutes(1),
       comment: 'Created from cdk'

infrastructure/blog_post_2/lib/stage-2/stages/deploy-service-stage.ts

@@ -13,7 +13,6 @@ interface DeploymentServiceStageProps extends StageProps {
  * 2. Deploys an application load balancer
  * 3. Deploys a container inside Fargate cluster
  * 4. Creates public DNS records to reach the load balancer
- * 5. Creates a CloudWatch alarm to monitor the health of the service
  */
 export class DeployServiceStage extends Stage {
   constructor(scope: Construct, id: string, props: DeploymentServiceStageProps) {