Enhances CDK deployment process and documentation

Improves the deployment script to use the UAE region and adds context for the CDK stack.
2025-07-10 07:07:21 +00:00 · 2025-07-07 09:37:10 +03:00
parent 374fb69804
commit fbf62fcd66
6 changed files with 185 additions and 14 deletions
--- a/infrastructure/stack.ts
+++ b/infrastructure/stack.ts
@ -81,6 +81,13 @@ export class BackendStack extends cdk.Stack {
      'Allow ECS to connect to PostgreSQL'
    );

+    // Temporary access for admin IP
+    dbSecurityGroup.addIngressRule(
+      ec2.Peer.ipv4('216.126.231.231/32'),
+      ec2.Port.tcp(5432),
+      'Temporary access from admin IP'
+    );
+
    // Allow HTTP/HTTPS traffic to ALB
    albSecurityGroup.addIngressRule(
      ec2.Peer.anyIpv4(),
@ -110,13 +117,20 @@ export class BackendStack extends cdk.Stack {
      removalPolicy: cdk.RemovalPolicy.DESTROY,
    });

-    // ECR Repository for Docker images
+    // ECR Repository for Docker images - ensure it's in the correct region
    const ecrRepository = new ecr.Repository(this, 'SyncrowBackendRepo', {
      repositoryName: 'syncrow-backend',
      removalPolicy: cdk.RemovalPolicy.DESTROY,
      emptyOnDelete: true,
    });

+    // Output the correct ECR URI for this region
+    new cdk.CfnOutput(this, 'EcrRepositoryUriRegional', {
+      value: ecrRepository.repositoryUri,
+      description: `ECR Repository URI in region ${this.region}`,
+      exportName: `${this.stackName}-EcrRepositoryUriRegional`,
+    });
+
    // ECS Cluster
    const cluster = new ecs.Cluster(this, 'SyncrowCluster', {
      vpc: this.vpc,
@ -151,9 +165,10 @@ export class BackendStack extends cdk.Stack {
      certificate: apiCertificate,
      protocol: elbv2.ApplicationProtocol.HTTPS,
      redirectHTTP: true,
-      taskImageOptions: {
+        taskImageOptions: {
        image: ecs.ContainerImage.fromEcrRepository(ecrRepository, 'latest'),
        containerPort: 3000,
+        enableLogging: true,
        environment: {
          // App settings
          NODE_ENV: process.env.NODE_ENV || 'production',
@ -173,7 +188,7 @@ export class BackendStack extends cdk.Stack {
          JWT_SECRET_REFRESH: process.env.JWT_SECRET_REFRESH || 'syncrow-refresh-secret-key-2025-production-environment-different-secure-string',
          JWT_EXPIRE_TIME: process.env.JWT_EXPIRE_TIME || '1h',
          JWT_EXPIRE_TIME_REFRESH: process.env.JWT_EXPIRE_TIME_REFRESH || '7d',
-          
+        
          // Firebase Configuration
          FIREBASE_API_KEY: process.env.FIREBASE_API_KEY || '',
          FIREBASE_AUTH_DOMAIN: process.env.FIREBASE_AUTH_DOMAIN || '',
@ -221,9 +236,9 @@ export class BackendStack extends cdk.Stack {
          OTP_LIMITER: process.env.OTP_LIMITER || '5',
          SECRET_KEY: process.env.SECRET_KEY || 'another-random-secret-key-for-general-encryption',
          ACCESS_KEY: process.env.ACCESS_KEY || '',
-          DB_SYNC: process.env.DB_SYNC || 'false',
+          DB_SYNC: process.env.DB_SYNC || 'txsrue',
          
-          // Redis (if used)
+          // Redis (used?)
          AZURE_REDIS_CONNECTIONSTRING: process.env.AZURE_REDIS_CONNECTIONSTRING || '',
          
          // Docker Registry (for deployment)
@ -285,9 +300,6 @@ export class BackendStack extends cdk.Stack {
      scaleOutCooldown: cdk.Duration.minutes(2),
    });

-    // For now, let's update the web app to use HTTPS URL and handle the certificate warning
-    // In production, you'll add a proper SSL certificate for api.syncrow.ae
-
    // Grant ECS task access to RDS credentials
    if (dbCluster.secret) {
      dbCluster.secret.grantRead(fargateService.taskDefinition.taskRole);