Skip to content

upstandfm/infra

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Infra

CircleCI

Infrastructure resources.

Table of contents

Workflow

GitOps

We use a GitOps style of workflow to drive operations. Here we version control infrastructure resources and use AWS CloudFormation templates as the single source of truth.

By doing this we get all the benefits of Git and pull request (PR) based workflows:

  • history
  • possibility to revert changes
  • reviews
  • comments
  • possibility to link to issues, other PRs, etc.

This makes our system more transparent, discoverable, easier to operate, recoverable and observable.

Usage

Add new infra resources on a branch and open a PR. When the PR is approved and merged, the CI/CD pipeline wil release the resources to production.

Development

npm run sls:debug

Prints the serverless.yaml configuration.

CI/CD

CircleCI is used to:

Serverless Framework

CircleCI requires a "Serverless Personal Access Key" to deploy resources. This is configured as an environment variable named SERVERLESS_ACCESS_KEY in the CircleCI credentials context. The value of the access key can be found in the 1Password "Upstand FM" vault under "Serverless access key for CircleCI".

The access key allows the Serverless CLI (used by CircleCI in the lint and release jobs) to authenticate with the Serverless Framework Dashboard.
Additionally, an access role has been configured to help secure resource deployments on AWS, by enabling the Serverless Framework to issue temporary AWS access keys to deploy resources. These keys are generated by Serverless Framework on every command, and the credentials expire after one hour.

The Serverless Framework leverages AWS Security Token Service and the AssumeRole API to automate creating and usage of temporary credentials, so your developers can stay productive and work securely without doing this manually.

We also use a separate CloudFormation role to limit access during deployment, to only the required set of permissions needed by Serverless to deploy resources (i.e. no AdministratorAccess). This is done by setting provider.cfnRole in the Serverless manifest.

Output variables

The following output variables are available in any service that uses the app api:

DynamoDB

Variable name Description
workspacesTableArn The ARN of the "Workspaces" DynamoDB Table.
invitesTableArn The ARN of the "Invites" DynamoDB Table.
invitesTableStreamArn The ARN of the Stream of the "Invites" DynamoDB Table.

SNS

Variable name Description
newS3AudioRecordingTopicArn The ARN of the SNS Topic that S3 sends a notification to when a new audio recording has been created.
newS3TranscodedAudioRecordingTopicArn The ARN of the SNS Topic that S3 sends a notification to when a new transcoded audio recording has been created.
newInviteTopicArn The ARN of the "new-invite" SNS Topic.
deletedInviteTopicArn The ARN of the "deleted-invite" SNS Topic.

S3

Variable name Description
recordingsBucketArn The ARN of the recordings S3 Bucket.
transcodedRecordingsBucketArn The ARN of the transcoded recordings S3 Bucket.

An output variable can be used in a serverless manifest as follows:

${state:infra.VARIABLE_NAME}

For example:

${state:infra.standupsTableArn}

All output variables can be viewed in the Serverless Dashboard under "Variables".

About

Infrastructure resources.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published