deployment

backend/Dockerfile

@@ -37,5 +37,6 @@ WORKDIR /app
 COPY --from=builder /app/node_modules ./node_modules
 COPY --from=builder /app/package.json ./
 COPY --from=builder /app/dist ./dist
+COPY --from=builder /app/prisma ./prisma
 
-CMD [ "npm", "run", "start:prod" ]
+CMD [ "npm", "run", "start-migrate:prod" ]

backend/package.json

@@ -13,6 +13,7 @@
     "start:dev": "nest start --watch",
     "start:debug": "nest start --debug --watch",
     "start:prod": "node dist/src/main",
+    "start-migrate:prod": "prisma migrate deploy && node dist/src/main",
     "generate": "npx prisma generate && rsync prisma/schema.prisma ../frontend/prisma && npx --prefix ../frontend prisma generate",
     "migrate": "./prisma-helper.sh 'npx prisma migrate deploy'",
     "migrate:dev": "./prisma-helper.sh 'npx prisma migrate dev'",

cdk/.gitignore

@@ -6,3 +6,6 @@ node_modules
 # CDK asset staging directory
 .cdk.staging
 cdk.out
+
+.env
+.env.*

cdk/README.md

@@ -1,14 +1,65 @@
-# Welcome to your CDK TypeScript project
+# デプロイ方法
 
-This is a blank project for CDK development with TypeScript.
+## 初期設定 & Preinstall
 
-The `cdk.json` file tells the CDK Toolkit how to execute your app.
+1. AWS の CLI コマンドを使えるようにしておく。
 
-## Useful commands
+2. web2qf の AWS 環境に接続するために、Profile として web2qf を設定する。
 
-* `npm run build`   compile typescript to js
-* `npm run watch`   watch for changes and compile
-* `npm run test`    perform the jest unit tests
-* `npx cdk deploy`  deploy this stack to your default AWS account/region
-* `npx cdk diff`    compare deployed stack with current state
-* `npx cdk synth`   emits the synthesized CloudFormation template
+3. npm モジュールのインストール
+
+```
+$ yarn
+```
+
+## 環境変数設定
+
+example.json を環境にあわせてコピー
+
+```
+$ cp ./.env.example ./.env.stg
+```
+
+中身をそれぞれ書き換える。
+
+- dbSecretSuffix については InitStack をつくってから設定するので後で OK
+
+## InitStack のデプロイとその他
+
+InitStack は VPC、DB、踏み台サーバーなどなど
+
+### 踏み台サーバーの pem をつくる
+
+コンソールから作成する。web2qf_bastion のような
+
+### コマンド実行
+
+```
+$ yarn deploy -c stage=stg stgweb2qfVpc
+```
+
+### dbSecretSuffix を設定
+
+DB のシークレット情報を secret manager に保存しているが、ARN の Suffix6 文字が必要なのでコンソールから持ってきて、`.env`にある`dbSecretSuffix`にいれる。
+
+### Docker Image を push
+
+#### Frontend
+
+1. `aws ecr get-login-password --region ap-northeast-1 --profile cfj_pgf | docker login --username AWS --password-stdin 905418185537.dkr.ecr.ap-northeast-1.amazonaws.com`
+2. `docker build -t card-frame:latest -f ./Dockerfile .`
+3. `docker tag card-frame:latest 905418185537.dkr.ecr.ap-northeast-1.amazonaws.com/stg-web2qf-frontend:latest`
+4. `docker push 905418185537.dkr.ecr.ap-northeast-1.amazonaws.com/stg-web2qf-frontend:latest`
+
+### Backend
+
+1. `aws ecr get-login-password --region ap-northeast-1 --profile cfj_pgf | docker login --username AWS --password-stdin 905418185537.dkr.ecr.ap-northeast-1.amazonaws.com`
+2. `docker build -t web2qf-backend:latest -f ./Dockerfile .`
+3. `docker tag web2qf-backend:latest 905418185537.dkr.ecr.ap-northeast-1.amazonaws.com/stg-web2qf-backend:latest`
+4. `docker push 905418185537.dkr.ecr.ap-northeast-1.amazonaws.com/stg-web2qf-backend:latest`
+
+## AppStack のデプロイ
+
+```
+$ yarn deploy -c stage=stg stgweb2qfBackendApp
+```

cdk/bin/cdk.ts

@@ -1,9 +1,82 @@
 #!/usr/bin/env node
 import "source-map-support/register"
 import * as cdk from "aws-cdk-lib"
-import { CdkStack } from "../lib/cdk-stack"
 import { AmplifyStack } from "../lib/amplify-stack"
+import { getConfig } from "../config/config"
+import { VpcStack } from "../lib/vpc-stack"
+import { RdsStack } from "../lib/rds-stack"
+import { BackendAppStack } from "../lib/app-stack"
 
 const app = new cdk.App()
 
-new AmplifyStack(app, "AmplifyStack")
+const stages = ["prd", "stg"]
+const stage = app.node.tryGetContext("stage")
+
+if (!stages.includes(stage)) {
+  throw new Error(`stage must be one of ${stages.join(", ")}`)
+}
+
+const config = getConfig(stage)
+
+const vpc = new VpcStack(
+  app,
+  `${stage}${config.appName}Vpc`,
+  {
+    description: "VPC for the application",
+    env: {
+      account: config.aws.account,
+      region: config.aws.region,
+    },
+  },
+  { config }
+)
+
+const rds = new RdsStack(
+  app,
+  `${stage}${config.appName}Rds`,
+  {
+    description: "RDS for the application",
+    env: {
+      account: config.aws.account,
+      region: config.aws.region,
+    },
+  },
+  {
+    vpc: vpc.vpc,
+    ec2BastionSecurityGroup: vpc.ec2BastionSecurityGroup,
+    config,
+  }
+)
+
+new BackendAppStack(
+  app,
+  `${stage}${config.appName}BackendApp`,
+  {
+    description: "Backend App Runner for the application",
+    env: {
+      account: config.aws.account,
+      region: config.aws.region,
+    },
+  },
+  {
+    vpc: vpc.vpc,
+    config,
+    appRunnerSecurityGroup: rds.backendAppRunnerSG,
+  }
+)
+
+// new AmplifyStack(
+//   app,
+//   `${stage}${config.appName}Amplify`,
+//   {
+//     description: "Amplify for the application",
+//     env: {
+//       account: config.aws.account,
+//       region: config.aws.region,
+//     },
+//   },
+//   {
+//     vpc: vpc.vpc,
+//     dbSecurityGroup: rds.dbSG,
+//   }
+// )

cdk/cdk.context.json

@@ -0,0 +1,34 @@
+{
+  "vpc-provider:account=905418185537:filter.vpc-id=vpc-053849d2b530c2212:region=ap-northeast-1:returnAsymmetricSubnets=true": {
+    "vpcId": "vpc-053849d2b530c2212",
+    "vpcCidrBlock": "172.31.0.0/16",
+    "ownerAccountId": "905418185537",
+    "availabilityZones": [],
+    "subnetGroups": [
+      {
+        "name": "Public",
+        "type": "Public",
+        "subnets": [
+          {
+            "subnetId": "subnet-0f57e646ece037a08",
+            "cidr": "172.31.32.0/20",
+            "availabilityZone": "ap-northeast-1a",
+            "routeTableId": "rtb-0dc4936f062287210"
+          },
+          {
+            "subnetId": "subnet-00bd34bc7b3fbea5a",
+            "cidr": "172.31.0.0/20",
+            "availabilityZone": "ap-northeast-1c",
+            "routeTableId": "rtb-0dc4936f062287210"
+          },
+          {
+            "subnetId": "subnet-0677189ad352bb761",
+            "cidr": "172.31.16.0/20",
+            "availabilityZone": "ap-northeast-1d",
+            "routeTableId": "rtb-0dc4936f062287210"
+          }
+        ]
+      }
+    ]
+  }
+}

cdk/config/config.ts

@@ -0,0 +1,48 @@
+import * as dotenv from "dotenv"
+
+dotenv.config()
+
+export function getConfig(stage: string) {
+  dotenv.config({
+    path: `.env.${stage}`,
+  })
+
+  return {
+    appName: "web2qf",
+
+    stage,
+
+    aws: {
+      account: process.env.AWS_ACCOUNT,
+      region: process.env.AWS_REGION,
+      vpcId: process.env.AWS_VPC_ID,
+      bastionKeypairId: process.env.AWS_BASTION_KEYPAIR_ID,
+      bastionKeypairName: process.env.AWS_BASTION_KEYPAIR_NAME,
+    },
+
+    database: {
+      username: process.env.DATABASE_USERNAME!,
+      secret_suffix: process.env.DATABASE_SECRET_SUFFIX!,
+    },
+
+    frontend: {
+      url: process.env.FRONTEND_URL,
+      nextauth_url: process.env.NEXTAUTH_URL,
+    },
+
+    github: {
+      repository: process.env.GITHUB_REPOSITORY,
+    },
+
+    google: {
+      clientId: process.env.GOOGLE_CLIENT_ID,
+    },
+
+    secrets: {
+      github: process.env.GITHUB_TOKEN,
+      google_client_secret: process.env.GOOGLE_CLIENT_SECRET,
+      stripe_sk: process.env.STRIPE_SK,
+      stripe_pk: process.env.STRIPE_PK,
+    },
+  }
+}