Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CodeBuild RDS Flyway example #11

Merged
merged 12 commits into from
Mar 13, 2023
Merged

Add CodeBuild RDS Flyway example #11

merged 12 commits into from
Mar 13, 2023

Conversation

krimple
Copy link
Member

@krimple krimple commented Mar 6, 2023

Added example in rds-flyway-migrations that:

  • Creates a VPC with two private and public subnets, a NAT and an Internet Gateway
  • Installs RDS (Aurora Serverless) listening within the private subnets
  • Sets up a CodeBuild project to run a Java Corretto JVM that executes Red Gate's Flyway database migrations tool
    • Configures an ingress rule between the CodeBuild process's security group and the Database Security group on port 5432
    • Uses Secrets Manager to secure the database username, database name and password
  • Uses the env > secrets-manager property to encrypt the secrets pulled from the Secrets Manager service in the CodeBuild project

@krimple krimple requested a review from kgregory-chariot March 6, 2023 20:21
Copy link
Collaborator

@kgregory-chariot kgregory-chariot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I'd split this into two CloudFormation templates: one to create the VPC, and one to create the database and CodeBuild. That way, if people already have a VPC that's set up with private/public subnets, they can just use it.

Your deploy.sh can wait for the first stack to complete -- take a look at the deployment script in the "two buckets" example. And you can grab the outputs from one script and automatically set them on the other.

With that said, if you're looking to get this published, then one CF template is fine.

rds-flyway-migrations/cloudformation.yml Outdated Show resolved Hide resolved
rds-flyway-migrations/cloudformation.yml Outdated Show resolved Hide resolved
rds-flyway-migrations/cloudformation.yml Show resolved Hide resolved
rds-flyway-migrations/cloudformation.yml Show resolved Hide resolved
rds-flyway-migrations/cloudformation.yml Outdated Show resolved Hide resolved
rds-flyway-migrations/cloudformation.yml Show resolved Hide resolved
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
Resource: "*"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I much prefer creating the log group explicitly, then allowing CreateLogStream and PutLogEvents with the group's ARN.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can I do this in another PR?

rds-flyway-migrations/cloudformation.yml Outdated Show resolved Hide resolved
EngineVersion: "11.13"
EngineMode: "serverless"
# NEVER LEAVE THIS ON IN PRODUCTION
EnableHttpEndpoint: true
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just noticed this; is it something that you need for the example, or can you set to false?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I set it so they can explore the example. I didn't get into any detail beyond this comment. But maybe I need some more text in the blog about why it's set and what they can do with it?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Migrated to Serverless V2 Postgres 14

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And removed the EnableHttpEndpoint - not relevant in Serverless Aurora V2

@krimple krimple merged commit 79d711d into trunk Mar 13, 2023
@krimple krimple deleted the ADD_CODEBUILD_ECS_EXAMPLE branch March 13, 2023 18:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants