Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(infra) parameterized region code #3

Merged
merged 6 commits into from
Jan 27, 2023
Merged

feat(infra) parameterized region code #3

merged 6 commits into from
Jan 27, 2023

Conversation

jjbainAWS
Copy link
Contributor

@jjbainAWS jjbainAWS commented Dec 30, 2022
edited
Loading

TASK: As a VAMS user, I want the region to be completely parameterized so that I can deploy into any AWS region supporting the services I use.

Hardcoded region code use has been removed and now the cdk stack reads the region code from an environment variable AWS_REGION

To support deployment to regions outside of us-east-1, the web access firewall (currently region locked to us-east-1) is defined in a separate stack that is configured to always deploy to us-east-1. Metadata for the web access control list used to secure the cloudfront distribution for the VAMS web application is stored in Amazon Systems Manager Parameter Store. The main stack that is deployed in your configured region uses this metadata to configure the cloudfront distribution.

The README has been updated to address the steps required to configure the region you would like to deploy to

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@archieco
Copy link
Contributor

@jjbainAWS thank you for this! I will take close look here and let you know if there's any feedback soon.

archieco
archieco requested changes Jan 26, 2023
View reviewed changes
Copy link
Contributor

@archieco archieco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lots of great work here. We just need to address the CDK Nag feedback to merge.

infra/lib/constructs/ssm-parameter-reader-construct.ts Outdated
? Date.UTC.toString()
: `${props.ssmParameterName}-${props.ssmParameterRegion}`;

this.ssmParameter = new cdk.custom_resources.AwsCustomResource(this, "Param", {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It appears that this AwsCustomResource uses an out of date nodejs runtime. This causes our cdk nag checks to fail. Could accomplish this getParameter call another way? The aws-cdk-lib/aws-ssm package maybe?

archieco
archieco approved these changes Jan 27, 2023
View reviewed changes
Copy link
Contributor

@archieco archieco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @jjbainAWS

@archieco archieco merged commit 49990d1 into main Jan 27, 2023
scheurik pushed a commit that referenced this pull request Jun 14, 2024
@archieco
Merge pull request #3 from awslabs/jjbainAWS-feat-parameterize-region
4a9cbe6 
feat(infra) parameterized region code
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@archieco archieco archieco approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jjbainAWS @archieco