Compare commits

...

4 Commits

4 changed files with 242 additions and 160 deletions

View File

@ -3,19 +3,44 @@ set -e
ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
REGION=${AWS_DEFAULT_REGION:-me-central-1} REGION=${AWS_DEFAULT_REGION:-me-central-1}
REPO_NAME=syncrow-backend
IMAGE_TAG=latest
CLUSTER_NAME=syncrow-backend-cluster
STACK_NAME=SyncrowBackendStack
CERTIFICATE_ARN="arn:aws:acm:$REGION:$ACCOUNT_ID:certificate/bea1e2ae-84a1-414e-8dbf-4599397e7ed0"
echo "🔐 Logging into ECR..."
aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin "$ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com"
aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com echo "🐳 Building Docker image..."
docker build --platform=linux/amd64 -t $REPO_NAME .
docker build --platform=linux/amd64 -t syncrow-backend . echo "🏷️ Tagging image..."
docker tag syncrow-backend:latest $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/syncrow-backend:latest docker tag $REPO_NAME:$IMAGE_TAG "$ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/$REPO_NAME:$IMAGE_TAG"
docker push $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/syncrow-backend:latest
SERVICE_ARN=$(aws ecs list-services --cluster syncrow-backend-cluster --query 'serviceArns[0]' --output text --region $REGION 2>/dev/null || echo "") echo "📤 Pushing image to ECR..."
docker push "$ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/$REPO_NAME:$IMAGE_TAG"
if [ "$SERVICE_ARN" != "" ] && [ "$SERVICE_ARN" != "None" ]; then echo "🔍 Checking if ECS service exists..."
SERVICE_NAME=$(echo $SERVICE_ARN | cut -d'/' -f3) SERVICE_ARN=$(aws ecs list-services \
aws ecs update-service --cluster syncrow-backend-cluster --service $SERVICE_NAME --force-new-deployment --region $REGION --cluster $CLUSTER_NAME \
else --query 'serviceArns[0]' \
npx cdk deploy SyncrowBackendStack --context certificateArn=arn:aws:acm:me-central-1:482311766496:certificate/bea1e2ae-84a1-414e-8dbf-4599397e7ed0 --require-approval never --output text \
--region $REGION 2>/dev/null || echo "")
echo "📦 Deploying CDK Stack..."
npx cdk deploy $STACK_NAME \
--context certificateArn=$CERTIFICATE_ARN \
--require-approval never
if [[ "$SERVICE_ARN" != "" && "$SERVICE_ARN" != "None" ]]; then
SERVICE_NAME=$(basename "$SERVICE_ARN")
echo "🚀 Redeploying ECS Service: $SERVICE_NAME"
aws ecs update-service \
--cluster $CLUSTER_NAME \
--service $SERVICE_NAME \
--force-new-deployment \
--region $REGION
fi fi
echo "✅ All done."

View File

@ -1,6 +1,6 @@
#!/usr/bin/env node #!/usr/bin/env node
import 'source-map-support/register';
import * as cdk from 'aws-cdk-lib'; import * as cdk from 'aws-cdk-lib';
import 'source-map-support/register';
import { BackendStack } from './stack'; import { BackendStack } from './stack';
const app = new cdk.App(); const app = new cdk.App();
@ -10,6 +10,7 @@ new BackendStack(app, 'SyncrowBackendStack', {
account: process.env.CDK_DEFAULT_ACCOUNT, account: process.env.CDK_DEFAULT_ACCOUNT,
region: 'me-central-1', region: 'me-central-1',
}, },
databaseName: 'syncrow', databaseName: 'postgres',
certificateArn: 'arn:aws:acm:me-central-1:482311766496:certificate/bea1e2ae-84a1-414e-8dbf-4599397e7ed0', certificateArn:
'arn:aws:acm:me-central-1:482311766496:certificate/bea1e2ae-84a1-414e-8dbf-4599397e7ed0',
}); });

View File

@ -1,12 +1,12 @@
import * as cdk from 'aws-cdk-lib'; import * as cdk from 'aws-cdk-lib';
import * as acm from 'aws-cdk-lib/aws-certificatemanager';
import * as ec2 from 'aws-cdk-lib/aws-ec2'; import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as ecr from 'aws-cdk-lib/aws-ecr';
import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as ecs from 'aws-cdk-lib/aws-ecs';
import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'; import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns';
import * as rds from 'aws-cdk-lib/aws-rds';
import * as ecr from 'aws-cdk-lib/aws-ecr';
import * as logs from 'aws-cdk-lib/aws-logs';
import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2'; import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
import * as acm from 'aws-cdk-lib/aws-certificatemanager'; import * as logs from 'aws-cdk-lib/aws-logs';
import * as rds from 'aws-cdk-lib/aws-rds';
import * as route53 from 'aws-cdk-lib/aws-route53'; import * as route53 from 'aws-cdk-lib/aws-route53';
import { Construct } from 'constructs'; import { Construct } from 'constructs';
import * as dotenv from 'dotenv'; import * as dotenv from 'dotenv';
@ -29,7 +29,7 @@ export class BackendStack extends cdk.Stack {
dotenv.config({ path: '.env' }); dotenv.config({ path: '.env' });
// VPC - either use existing or create new // VPC - either use existing or create new
this.vpc = props?.vpcId this.vpc = props?.vpcId
? ec2.Vpc.fromLookup(this, 'ExistingVpc', { vpcId: props.vpcId }) ? ec2.Vpc.fromLookup(this, 'ExistingVpc', { vpcId: props.vpcId })
: new ec2.Vpc(this, 'SyncrowVpc', { : new ec2.Vpc(this, 'SyncrowVpc', {
maxAzs: 2, maxAzs: 2,
@ -49,11 +49,15 @@ export class BackendStack extends cdk.Stack {
}); });
// Security Groups // Security Groups
const dbSecurityGroup = new ec2.SecurityGroup(this, 'DatabaseSecurityGroup', { const dbSecurityGroup = new ec2.SecurityGroup(
vpc: this.vpc, this,
description: 'Security group for RDS PostgreSQL', 'DatabaseSecurityGroup',
allowAllOutbound: false, {
}); vpc: this.vpc,
description: 'Security group for RDS PostgreSQL',
allowAllOutbound: false,
},
);
const ecsSecurityGroup = new ec2.SecurityGroup(this, 'EcsSecurityGroup', { const ecsSecurityGroup = new ec2.SecurityGroup(this, 'EcsSecurityGroup', {
vpc: this.vpc, vpc: this.vpc,
@ -71,55 +75,70 @@ export class BackendStack extends cdk.Stack {
ecsSecurityGroup.addIngressRule( ecsSecurityGroup.addIngressRule(
albSecurityGroup, albSecurityGroup,
ec2.Port.tcp(3000), ec2.Port.tcp(3000),
'Allow ALB to connect to ECS service' 'Allow ALB to connect to ECS service',
); );
// Allow ECS to connect to RDS // Allow ECS to connect to RDS
dbSecurityGroup.addIngressRule( dbSecurityGroup.addIngressRule(
ecsSecurityGroup, ecsSecurityGroup,
ec2.Port.tcp(5432), ec2.Port.tcp(5432),
'Allow ECS to connect to PostgreSQL' 'Allow ECS to connect to PostgreSQL',
); );
// Temporary access for admin IP // Temporary access for admin IP
dbSecurityGroup.addIngressRule( dbSecurityGroup.addIngressRule(
ec2.Peer.ipv4('216.126.231.231/32'), ec2.Peer.ipv4('216.126.231.231/32'),
ec2.Port.tcp(5432), ec2.Port.tcp(5432),
'Temporary access from admin IP' 'Temporary access from admin IP',
); );
// Allow HTTP/HTTPS traffic to ALB // Allow HTTP/HTTPS traffic to ALB
albSecurityGroup.addIngressRule( albSecurityGroup.addIngressRule(
ec2.Peer.anyIpv4(), ec2.Peer.anyIpv4(),
ec2.Port.tcp(80), ec2.Port.tcp(80),
'Allow HTTP traffic' 'Allow HTTP traffic',
); );
albSecurityGroup.addIngressRule( albSecurityGroup.addIngressRule(
ec2.Peer.anyIpv4(), ec2.Peer.anyIpv4(),
ec2.Port.tcp(443), ec2.Port.tcp(443),
'Allow HTTPS traffic' 'Allow HTTPS traffic',
); );
const dbCluster = rds.DatabaseCluster.fromDatabaseClusterAttributes(this, 'SyncrowDatabase', { const dbCluster = rds.DatabaseCluster.fromDatabaseClusterAttributes(
clusterIdentifier: 'syncrow-backend', this,
instanceIdentifiers: ['syncrowdatabase-instance-1'], 'SyncrowDatabase',
engine: rds.DatabaseClusterEngine.auroraPostgres({ {
version: rds.AuroraPostgresEngineVersion.VER_16_6, clusterIdentifier: 'syncrow-backend',
}), instanceIdentifiers: ['syncrowdatabase-instance-1'],
port: 5432, engine: rds.DatabaseClusterEngine.auroraPostgres({
securityGroups: [ version: rds.AuroraPostgresEngineVersion.VER_16_6,
ec2.SecurityGroup.fromSecurityGroupId(this, 'ImportedDbSecurityGroup', 'sg-07e163f588b2bac25') }),
], port: 5432,
clusterEndpointAddress: 'syncrow-backend.cluster-criskv1sdkq4.me-central-1.rds.amazonaws.com', securityGroups: [
}); ec2.SecurityGroup.fromSecurityGroupId(
this,
'ImportedDbSecurityGroup',
'sg-07e163f588b2bac25',
),
],
clusterEndpointAddress:
'syncrow-backend.cluster-criskv1sdkq4.me-central-1.rds.amazonaws.com',
},
);
// Import the existing database secret separately // Import the existing database secret separately
const dbSecret = rds.DatabaseSecret.fromSecretCompleteArn(this, 'ImportedDbSecret', const dbSecret = rds.DatabaseSecret.fromSecretCompleteArn(
'arn:aws:secretsmanager:me-central-1:482311766496:secret:rds!cluster-43ec14cd-9301-43e2-aa79-d330a429a126-v0JDQN' this,
'ImportedDbSecret',
'arn:aws:secretsmanager:me-central-1:482311766496:secret:rds!cluster-43ec14cd-9301-43e2-aa79-d330a429a126-v0JDQN',
); );
// ECR Repository for Docker images - import existing repository // ECR Repository for Docker images - import existing repository
const ecrRepository = ecr.Repository.fromRepositoryName(this, 'SyncrowBackendRepo', 'syncrow-backend'); const ecrRepository = ecr.Repository.fromRepositoryName(
this,
'SyncrowBackendRepo',
'syncrow-backend',
);
// Output the correct ECR URI for this region // Output the correct ECR URI for this region
new cdk.CfnOutput(this, 'EcrRepositoryUriRegional', { new cdk.CfnOutput(this, 'EcrRepositoryUriRegional', {
@ -142,129 +161,166 @@ export class BackendStack extends cdk.Stack {
}); });
// Use existing wildcard certificate or create new one // Use existing wildcard certificate or create new one
const apiCertificate = props?.certificateArn const apiCertificate = props?.certificateArn
? acm.Certificate.fromCertificateArn(this, 'ApiCertificate', props.certificateArn) ? acm.Certificate.fromCertificateArn(
this,
'ApiCertificate',
props.certificateArn,
)
: new acm.Certificate(this, 'ApiCertificate', { : new acm.Certificate(this, 'ApiCertificate', {
domainName: 'api.syncrow.me', domainName: 'api.syncrow.me',
validation: acm.CertificateValidation.fromDns(), validation: acm.CertificateValidation.fromDns(),
}); });
// ECS Fargate Service with Application Load Balancer // ECS Fargate Service with Application Load Balancer
const fargateService = new ecsPatterns.ApplicationLoadBalancedFargateService(this, 'SyncrowBackendService', { const fargateService =
cluster, new ecsPatterns.ApplicationLoadBalancedFargateService(
memoryLimitMiB: 1024, this,
cpu: 512, 'SyncrowBackendService',
desiredCount: 1, {
domainName: 'api.syncrow.me', cluster,
domainZone: route53.HostedZone.fromLookup(this, 'SyncrowZone', { memoryLimitMiB: 1024,
domainName: 'syncrow.me', cpu: 512,
}), desiredCount: 1,
certificate: apiCertificate, domainName: 'api.syncrow.me',
protocol: elbv2.ApplicationProtocol.HTTPS, domainZone: route53.HostedZone.fromLookup(this, 'SyncrowZone', {
redirectHTTP: true, domainName: 'syncrow.me',
taskImageOptions: { }),
image: ecs.ContainerImage.fromEcrRepository(ecrRepository, 'latest'), certificate: apiCertificate,
containerPort: 3000, protocol: elbv2.ApplicationProtocol.HTTPS,
enableLogging: true, redirectHTTP: true,
environment: { taskImageOptions: {
// App settings image: ecs.ContainerImage.fromEcrRepository(
NODE_ENV: process.env.NODE_ENV || 'production', ecrRepository,
PORT: process.env.PORT || '3000', 'latest',
BASE_URL: process.env.BASE_URL || '', ),
containerPort: 3000,
// Database connection (CDK provides these automatically) enableLogging: true,
AZURE_POSTGRESQL_HOST: dbCluster.clusterEndpoint.hostname, environment: {
AZURE_POSTGRESQL_PORT: '5432', // App settings
AZURE_POSTGRESQL_DATABASE: props?.databaseName || 'syncrow', NODE_ENV: process.env.NODE_ENV || 'production',
AZURE_POSTGRESQL_USER: 'postgres', PORT: process.env.PORT || '3000',
AZURE_POSTGRESQL_SSL: process.env.AZURE_POSTGRESQL_SSL || 'false', BASE_URL: process.env.BASE_URL || '',
AZURE_POSTGRESQL_SYNC: process.env.AZURE_POSTGRESQL_SYNC || 'false',
// Database connection (CDK provides these automatically)
// JWT Configuration - CRITICAL: These must be set AZURE_POSTGRESQL_HOST: dbCluster.clusterEndpoint.hostname,
JWT_SECRET: process.env.JWT_SECRET || 'syncrow-jwt-secret-key-2025-production-environment-very-secure-random-string', AZURE_POSTGRESQL_PORT: '5432',
JWT_SECRET_REFRESH: process.env.JWT_SECRET_REFRESH || 'syncrow-refresh-secret-key-2025-production-environment-different-secure-string', AZURE_POSTGRESQL_DATABASE: props?.databaseName || 'postgres',
JWT_EXPIRE_TIME: process.env.JWT_EXPIRE_TIME || '1h', AZURE_POSTGRESQL_USER: 'postgres',
JWT_EXPIRE_TIME_REFRESH: process.env.JWT_EXPIRE_TIME_REFRESH || '7d', AZURE_POSTGRESQL_SSL: process.env.AZURE_POSTGRESQL_SSL || 'false',
AZURE_POSTGRESQL_SYNC:
// Firebase Configuration process.env.AZURE_POSTGRESQL_SYNC || 'false',
FIREBASE_API_KEY: process.env.FIREBASE_API_KEY || '',
FIREBASE_AUTH_DOMAIN: process.env.FIREBASE_AUTH_DOMAIN || '', // JWT Configuration - CRITICAL: These must be set
FIREBASE_PROJECT_ID: process.env.FIREBASE_PROJECT_ID || '', JWT_SECRET:
FIREBASE_STORAGE_BUCKET: process.env.FIREBASE_STORAGE_BUCKET || '', process.env.JWT_SECRET ||
FIREBASE_MESSAGING_SENDER_ID: process.env.FIREBASE_MESSAGING_SENDER_ID || '', 'syncrow-jwt-secret-key-2025-production-environment-very-secure-random-string',
FIREBASE_APP_ID: process.env.FIREBASE_APP_ID || '', JWT_SECRET_REFRESH:
FIREBASE_MEASUREMENT_ID: process.env.FIREBASE_MEASUREMENT_ID || '', process.env.JWT_SECRET_REFRESH ||
FIREBASE_DATABASE_URL: process.env.FIREBASE_DATABASE_URL || '', 'syncrow-refresh-secret-key-2025-production-environment-different-secure-string',
JWT_EXPIRE_TIME: process.env.JWT_EXPIRE_TIME || '1h',
// Tuya IoT Configuration JWT_EXPIRE_TIME_REFRESH:
TUYA_EU_URL: process.env.TUYA_EU_URL || 'https://openapi.tuyaeu.com', process.env.JWT_EXPIRE_TIME_REFRESH || '7d',
TUYA_ACCESS_ID: process.env.TUYA_ACCESS_ID || '',
TUYA_ACCESS_KEY: process.env.TUYA_ACCESS_KEY || '', // Firebase Configuration
TRUN_ON_TUYA_SOCKET: process.env.TRUN_ON_TUYA_SOCKET || '', FIREBASE_API_KEY: process.env.FIREBASE_API_KEY || '',
FIREBASE_AUTH_DOMAIN: process.env.FIREBASE_AUTH_DOMAIN || '',
// Email Configuration FIREBASE_PROJECT_ID: process.env.FIREBASE_PROJECT_ID || '',
SMTP_HOST: process.env.SMTP_HOST || '', FIREBASE_STORAGE_BUCKET:
SMTP_PORT: process.env.SMTP_PORT || '587', process.env.FIREBASE_STORAGE_BUCKET || '',
SMTP_SECURE: process.env.SMTP_SECURE || 'true', FIREBASE_MESSAGING_SENDER_ID:
SMTP_USER: process.env.SMTP_USER || '', process.env.FIREBASE_MESSAGING_SENDER_ID || '',
SMTP_PASSWORD: process.env.SMTP_PASSWORD || '', FIREBASE_APP_ID: process.env.FIREBASE_APP_ID || '',
FIREBASE_MEASUREMENT_ID:
// Mailtrap Configuration process.env.FIREBASE_MEASUREMENT_ID || '',
MAILTRAP_API_TOKEN: process.env.MAILTRAP_API_TOKEN || '', FIREBASE_DATABASE_URL: process.env.FIREBASE_DATABASE_URL || '',
MAILTRAP_INVITATION_TEMPLATE_UUID: process.env.MAILTRAP_INVITATION_TEMPLATE_UUID || '',
MAILTRAP_EDIT_USER_TEMPLATE_UUID: process.env.MAILTRAP_EDIT_USER_TEMPLATE_UUID || '', // Tuya IoT Configuration
MAILTRAP_DISABLE_TEMPLATE_UUID: process.env.MAILTRAP_DISABLE_TEMPLATE_UUID || '', TUYA_EU_URL:
MAILTRAP_ENABLE_TEMPLATE_UUID: process.env.MAILTRAP_ENABLE_TEMPLATE_UUID || '', process.env.TUYA_EU_URL || 'https://openapi.tuyaeu.com',
MAILTRAP_DELETE_USER_TEMPLATE_UUID: process.env.MAILTRAP_DELETE_USER_TEMPLATE_UUID || '', TUYA_ACCESS_ID: process.env.TUYA_ACCESS_ID || '',
TUYA_ACCESS_KEY: process.env.TUYA_ACCESS_KEY || '',
// OneSignal Push Notifications TRUN_ON_TUYA_SOCKET: process.env.TRUN_ON_TUYA_SOCKET || '',
ONESIGNAL_APP_ID: process.env.ONESIGNAL_APP_ID || '',
ONESIGNAL_API_KEY: process.env.ONESIGNAL_API_KEY || '', // Email Configuration
SMTP_HOST: process.env.SMTP_HOST || '',
// Admin Configuration SMTP_PORT: process.env.SMTP_PORT || '587',
SUPER_ADMIN_EMAIL: process.env.SUPER_ADMIN_EMAIL || 'admin@yourdomain.com', SMTP_SECURE: process.env.SMTP_SECURE || 'true',
SUPER_ADMIN_PASSWORD: process.env.SUPER_ADMIN_PASSWORD || 'YourSecureAdminPassword123!', SMTP_USER: process.env.SMTP_USER || '',
SMTP_PASSWORD: process.env.SMTP_PASSWORD || '',
// Google OAuth
GOOGLE_CLIENT_ID: process.env.GOOGLE_CLIENT_ID || '', // Mailtrap Configuration
GOOGLE_CLIENT_SECRET: process.env.GOOGLE_CLIENT_SECRET || '', MAILTRAP_API_TOKEN: process.env.MAILTRAP_API_TOKEN || '',
MAILTRAP_INVITATION_TEMPLATE_UUID:
// Other Configuration process.env.MAILTRAP_INVITATION_TEMPLATE_UUID || '',
OTP_LIMITER: process.env.OTP_LIMITER || '5', MAILTRAP_EDIT_USER_TEMPLATE_UUID:
SECRET_KEY: process.env.SECRET_KEY || 'another-random-secret-key-for-general-encryption', process.env.MAILTRAP_EDIT_USER_TEMPLATE_UUID || '',
ACCESS_KEY: process.env.ACCESS_KEY || '', MAILTRAP_DISABLE_TEMPLATE_UUID:
DB_SYNC: process.env.DB_SYNC || 'txsrue', process.env.MAILTRAP_DISABLE_TEMPLATE_UUID || '',
MAILTRAP_ENABLE_TEMPLATE_UUID:
// Redis (used?) process.env.MAILTRAP_ENABLE_TEMPLATE_UUID || '',
AZURE_REDIS_CONNECTIONSTRING: process.env.AZURE_REDIS_CONNECTIONSTRING || '', MAILTRAP_DELETE_USER_TEMPLATE_UUID:
process.env.MAILTRAP_DELETE_USER_TEMPLATE_UUID || '',
// Docker Registry (for deployment)
DOCKER_REGISTRY_SERVER_URL: process.env.DOCKER_REGISTRY_SERVER_URL || '', // OneSignal Push Notifications
DOCKER_REGISTRY_SERVER_USERNAME: process.env.DOCKER_REGISTRY_SERVER_USERNAME || '', ONESIGNAL_APP_ID: process.env.ONESIGNAL_APP_ID || '',
DOCKER_REGISTRY_SERVER_PASSWORD: process.env.DOCKER_REGISTRY_SERVER_PASSWORD || '', ONESIGNAL_API_KEY: process.env.ONESIGNAL_API_KEY || '',
// Doppler (if used for secrets management) // Admin Configuration
DOPPLER_PROJECT: process.env.DOPPLER_PROJECT || '', SUPER_ADMIN_EMAIL:
DOPPLER_CONFIG: process.env.DOPPLER_CONFIG || '', process.env.SUPER_ADMIN_EMAIL || 'admin@yourdomain.com',
DOPPLER_ENVIRONMENT: process.env.DOPPLER_ENVIRONMENT || '', SUPER_ADMIN_PASSWORD:
process.env.SUPER_ADMIN_PASSWORD ||
// Azure specific 'YourSecureAdminPassword123!',
WEBSITES_ENABLE_APP_SERVICE_STORAGE: process.env.WEBSITES_ENABLE_APP_SERVICE_STORAGE || 'false',
// Google OAuth
GOOGLE_CLIENT_ID: process.env.GOOGLE_CLIENT_ID || '',
GOOGLE_CLIENT_SECRET: process.env.GOOGLE_CLIENT_SECRET || '',
// Other Configuration
OTP_LIMITER: process.env.OTP_LIMITER || '5',
SECRET_KEY:
process.env.SECRET_KEY ||
'another-random-secret-key-for-general-encryption',
ACCESS_KEY: process.env.ACCESS_KEY || '',
DB_SYNC: process.env.DB_SYNC || 'txsrue',
// Redis (used?)
AZURE_REDIS_CONNECTIONSTRING:
process.env.AZURE_REDIS_CONNECTIONSTRING || '',
// Docker Registry (for deployment)
DOCKER_REGISTRY_SERVER_URL:
process.env.DOCKER_REGISTRY_SERVER_URL || '',
DOCKER_REGISTRY_SERVER_USERNAME:
process.env.DOCKER_REGISTRY_SERVER_USERNAME || '',
DOCKER_REGISTRY_SERVER_PASSWORD:
process.env.DOCKER_REGISTRY_SERVER_PASSWORD || '',
// Doppler (if used for secrets management)
DOPPLER_PROJECT: process.env.DOPPLER_PROJECT || '',
DOPPLER_CONFIG: process.env.DOPPLER_CONFIG || '',
DOPPLER_ENVIRONMENT: process.env.DOPPLER_ENVIRONMENT || '',
// Azure specific
WEBSITES_ENABLE_APP_SERVICE_STORAGE:
process.env.WEBSITES_ENABLE_APP_SERVICE_STORAGE || 'false',
},
secrets: {
AZURE_POSTGRESQL_PASSWORD: ecs.Secret.fromSecretsManager(
dbSecret,
'password',
),
},
logDriver: ecs.LogDrivers.awsLogs({
streamPrefix: 'syncrow-backend',
logGroup,
}),
},
publicLoadBalancer: true,
securityGroups: [ecsSecurityGroup],
}, },
secrets: { );
AZURE_POSTGRESQL_PASSWORD: ecs.Secret.fromSecretsManager(
dbSecret,
'password'
),
},
logDriver: ecs.LogDrivers.awsLogs({
streamPrefix: 'syncrow-backend',
logGroup,
}),
},
publicLoadBalancer: true,
securityGroups: [ecsSecurityGroup],
});
// Add security group to load balancer after creation // Add security group to load balancer after creation
fargateService.loadBalancer.addSecurityGroup(albSecurityGroup); fargateService.loadBalancer.addSecurityGroup(albSecurityGroup);

View File

@ -22,7 +22,7 @@
"test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand", "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
"test:e2e": "jest --config ./apps/backend/test/jest-e2e.json", "test:e2e": "jest --config ./apps/backend/test/jest-e2e.json",
"deploy": "./deploy.sh", "deploy": "./deploy.sh",
"infra:build": "./build.sh", "infra:build": "bash build.sh",
"infra:deploy": "cdk deploy SyncrowBackendStack", "infra:deploy": "cdk deploy SyncrowBackendStack",
"infra:destroy": "cdk destroy SyncrowBackendStack" "infra:destroy": "cdk destroy SyncrowBackendStack"
}, },