Compare commits

...

5 Commits

3 changed files with 41 additions and 24 deletions

21
build.sh Normal file
View File

@ -0,0 +1,21 @@
#!/bin/bash
set -e
ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
REGION=${AWS_DEFAULT_REGION:-me-central-1}
aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com
docker build --platform=linux/amd64 -t syncrow-backend .
docker tag syncrow-backend:latest $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/syncrow-backend:latest
docker push $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/syncrow-backend:latest
SERVICE_ARN=$(aws ecs list-services --cluster syncrow-backend-cluster --query 'serviceArns[0]' --output text --region $REGION 2>/dev/null || echo "")
if [ "$SERVICE_ARN" != "" ] && [ "$SERVICE_ARN" != "None" ]; then
SERVICE_NAME=$(echo $SERVICE_ARN | cut -d'/' -f3)
aws ecs update-service --cluster syncrow-backend-cluster --service $SERVICE_NAME --force-new-deployment --region $REGION
else
npx cdk deploy SyncrowBackendStack --context certificateArn=arn:aws:acm:me-central-1:482311766496:certificate/bea1e2ae-84a1-414e-8dbf-4599397e7ed0 --require-approval never
fi

View File

@ -100,29 +100,26 @@ export class BackendStack extends cdk.Stack {
'Allow HTTPS traffic'
);
// RDS Aurora Serverless v2 PostgreSQL
const dbCluster = new rds.DatabaseCluster(this, 'SyncrowDatabase', {
const dbCluster = rds.DatabaseCluster.fromDatabaseClusterAttributes(this, 'SyncrowDatabase', {
clusterIdentifier: 'syncrow-backend',
instanceIdentifiers: ['syncrowdatabase-instance-1'],
engine: rds.DatabaseClusterEngine.auroraPostgres({
version: rds.AuroraPostgresEngineVersion.VER_15_4,
version: rds.AuroraPostgresEngineVersion.VER_16_6,
}),
vpc: this.vpc,
securityGroups: [dbSecurityGroup],
serverlessV2MinCapacity: 0.5,
serverlessV2MaxCapacity: 4,
writer: rds.ClusterInstance.serverlessV2('writer'),
defaultDatabaseName: props?.databaseName || 'syncrow',
credentials: rds.Credentials.fromGeneratedSecret('syncrowadmin', {
secretName: 'syncrow-db-credentials',
}),
removalPolicy: cdk.RemovalPolicy.DESTROY,
port: 5432,
securityGroups: [
ec2.SecurityGroup.fromSecurityGroupId(this, 'ImportedDbSecurityGroup', 'sg-07e163f588b2bac25')
],
clusterEndpointAddress: 'syncrow-backend.cluster-criskv1sdkq4.me-central-1.rds.amazonaws.com',
});
// ECR Repository for Docker images - ensure it's in the correct region
const ecrRepository = new ecr.Repository(this, 'SyncrowBackendRepo', {
repositoryName: 'syncrow-backend',
removalPolicy: cdk.RemovalPolicy.DESTROY,
emptyOnDelete: true,
});
// Import the existing database secret separately
const dbSecret = rds.DatabaseSecret.fromSecretCompleteArn(this, 'ImportedDbSecret',
'arn:aws:secretsmanager:me-central-1:482311766496:secret:rds!cluster-43ec14cd-9301-43e2-aa79-d330a429a126-v0JDQN'
);
// ECR Repository for Docker images - import existing repository
const ecrRepository = ecr.Repository.fromRepositoryName(this, 'SyncrowBackendRepo', 'syncrow-backend');
// Output the correct ECR URI for this region
new cdk.CfnOutput(this, 'EcrRepositoryUriRegional', {
@ -179,7 +176,7 @@ export class BackendStack extends cdk.Stack {
AZURE_POSTGRESQL_HOST: dbCluster.clusterEndpoint.hostname,
AZURE_POSTGRESQL_PORT: '5432',
AZURE_POSTGRESQL_DATABASE: props?.databaseName || 'syncrow',
AZURE_POSTGRESQL_USER: 'syncrowadmin',
AZURE_POSTGRESQL_USER: 'postgres',
AZURE_POSTGRESQL_SSL: process.env.AZURE_POSTGRESQL_SSL || 'false',
AZURE_POSTGRESQL_SYNC: process.env.AZURE_POSTGRESQL_SYNC || 'false',
@ -256,7 +253,7 @@ export class BackendStack extends cdk.Stack {
},
secrets: {
AZURE_POSTGRESQL_PASSWORD: ecs.Secret.fromSecretsManager(
dbCluster.secret!,
dbSecret,
'password'
),
},
@ -301,9 +298,7 @@ export class BackendStack extends cdk.Stack {
});
// Grant ECS task access to RDS credentials
if (dbCluster.secret) {
dbCluster.secret.grantRead(fargateService.taskDefinition.taskRole);
}
dbSecret.grantRead(fargateService.taskDefinition.taskRole);
this.apiUrl = 'https://api.syncrow.me';
this.databaseEndpoint = dbCluster.clusterEndpoint.hostname;

View File

@ -22,6 +22,7 @@
"test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
"test:e2e": "jest --config ./apps/backend/test/jest-e2e.json",
"deploy": "./deploy.sh",
"infra:build": "./build.sh",
"infra:deploy": "cdk deploy SyncrowBackendStack",
"infra:destroy": "cdk destroy SyncrowBackendStack"
},