Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve CDK deploy process #2

Open
jjnaude opened this issue Jun 26, 2024 · 0 comments
Open

Improve CDK deploy process #2

jjnaude opened this issue Jun 26, 2024 · 0 comments
Assignees
@Phindulo60

Comments

@jjnaude
Copy link
Collaborator

jjnaude commented Jun 26, 2024

Normally one would deploy a CDK project simply by typing cdk deploy on the commandline (assuming you are in the correct folder and all the prerequisites are in place). In our case we need to use the non-standard entrypoint deploy.bat. The reason for this is that there seems to be an issue in CDK when creating an AppSync API that uses a cross-stack UserPool for authentication. Specifically the following snippet from the generated JSON

"detwebAPIGraphQLAPI07A59B23": {
"Type": "AWS::AppSync::GraphQLApi",
"Properties": {
...
"UserPoolConfig": {
"AwsRegion": "af-south-1",
"DefaultAction": "ALLOW",
"UserPoolId": {
"Fn::GetAtt": [
"ExportsReader8B249524",
"/cdk/exports/detweb-stack-develop/detwebcognitostackdevelopeuwest2RefdetwebdevelopuserpoolAB99E896E935B630" ]
...

The CDK uses the AwsRegion of the AppSync API instead of the AwsRegion of the UserPool itself in the UserPoolConfig. In ourcase we want the API to be in af-south-1 (to minimise latency) but af-south-1 does not support Cognito so the Userpool needs to be elsewhere (in our case we chose eu-west-2). A simple edit to the generated JSON fixes the problem, but since this is autogenerated we need to re-apply the edit each time cdk synth runs. This is exactly what deploy.bat and fixup.py (which is called by deploy.bat) implements.

This is very far from ideal. Ideally we would like this fixed inside CDK itself. I stepped through some of the relevant code, but there are many layers of abstraction and I eventually gave up. We should submit an issue on the CDK repository but to have any chance of being taken seriously we should include a minimal reproducible example and even then I think out chances of success are slim (this is obviously not a very common issue or Cognito would just be supported on all regions and we could dispense with all the cross stack complexity.)

Some other issues are

  • The use of .bat file ties the deploy environment to windows.
  • Both deploy.bat and fixup.py currently contain hard-coded references to the current environment detweb-stack-develop which means that things break when the environment changes.
  • fixup.py also contains a hardcoded reference to eu-west-2, so if someone wants to deploy their cognito stack somewhere else, this would also break.
  • Amplify supports deployment of a fullstack app directly from the AWS console, by simply pointing to a github repo and a single click see example here. While we do not currently use Amplify in this way, it could be done in future, but not as long as this fixup step is required.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Phindulo60 Phindulo60

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jjnaude @Phindulo60