This is a demo of how to release a serverless Amazon API Gateway that deploys to multiple accounts.
This solution uses the AWS CDK to create an API Gateway that calls a lambda function to generate the response. This stack is then deployed to a dev account, and a production account - using AWS CodePipeline, configured in another CDK stack.
The lambda function is provided through a custom CDK construct, that is provided through a private AWS CodeArtifact repository. See the SharedCDKConstruct demo repo for instructions on how to deploy that. This is a dependency of this project, and you won't be able to successfully build, test and deploy this solution without it.
Before deploying this solution, you need the following:
- A CodeArtifact repo with the SharedCDKConstruct package deployed to it.
- Three AWS accounts:
- One for the CodePipeline to run from
- One for the "dev" account to run the workload from
- One for the "production" account to run the workload from
- All three accounts should be bootstrapped to run AWS CDK projects
- Optional - Create an AWS Chatbot Slack channel to be notification of pipeline actions that fail
In the file ./lib/PipelineStack.ts update the GitHubSourceAction class to specify your own
GitHub repo as the source. You will also need to create a secret in AWS Secrets Manager called
GitHubToken, with the value being a plain text string that contains a Personal Access Token
with access to your repos. This is how CodePipeline access the source code to trigger when
commits are pushed to the main branch.
The solution will be deployed from CodePipeline, but to deploy the initial pipeline a number of environment variables must be set in your shell environment for the initial deployment:
export DEVOPS_ACCOUNT=[AWS Account ID that the pipeline runs in, and that has your CodeArtifact repo]
export DEV_ACCOUNT=[AWS Account ID that is the dev workload account]
export PROD_ACCOUNT=[AWS Account ID that is the production workload account]
export DOMAIN_NAME=[Your CodeArtifact domain name]
export REPO_NAME=[Your CodeArtifact repository name]
export AWS_REGION=[Your AWS Region]("https://docs.aws.amazon.com/general/latest/gr/rande.html")
export SLACK_ARN=[ARN of the AWS Chatbot notification channel for failed actions - OPTIONAL]
export SLACK_SNS_TOPIC_NAME=[ARN of the SNS topic used by the above Slack Chatbot - for incident manager - OPTIONAL]To deploy the pipeline to the devops account, execute this command:
npx cdk deploy ApiDemoPipelineStackOnce this has completed, the solution will deploy new versions automatically when code is pushed to your GitHub repo, including updates to the pipeline itself. You should only need to manually deploy the pipeline like this one.
Good observation - this is deliberate. Because CodeArtifact URLs include the AWS account ID of the account they are hosted in, I decided to be overly cautious and remove them from my package-lock, using this command to install it instead.
npm install @demos/sharedcdkconstruct --no-package-lockThis is why you'll see a specific install command for it in the build, but everything will reference what is in the lock file as normal.