RFC: infra workspace updates

[bestickley]

gboost create sets up an opinionated infra workspace (folder) which defines a CDK app. I'd like to propose a new alternative way based on this article which is based off CDK Best Practices. Please read those documents first before reading this proposal.

For folder structure, currently GB has:

• infra/src/
  • app.ts - defines CDK app (new App()) for deploying locally and instantiates
  • pipeline.ts - defines CDK app for pipeline
  • pipeline-stage.ts - defines CDK pipeline stage
  • api.ts - API stack including API Gateway
  • data.ts - Data stack including DDB, Aurora, buckets, etc.
  • ui.ts - UI stack including CloudFront and S3

Based off above resources I propose:

• infra/src/
  • app/
  • stateful/
    • data.ts
  • stateless/
    • api.ts
    • ui.ts
  • app-stage.ts
  • config/
  • dev.ts
  • local.ts
  • prod.ts
  • stage-config.ts - class definition
  • test.ts
  • local-app.ts
  • pipeline
  • pipeline-app.ts
  • pipeline-stack.ts

For configuration, currently GB assumes developers will have 3 stages: dev, test, and prod and that developers are ok with Green Boost deciding what configuration (within GB Constructs) is correct for these stages. This is an issue because developers often have more than 3 stages and they're often named differently. Even if we could use stage name as an abstraction point, we shouldn't because for developers to understand what the configuration is per GB construct, they'll have to hunt through source code. It's best to be explicit and let developers define configuration within their source code. We'll leverage the power of TypeScript intellisense to make this as easy as possible. Overall, this means stacks and constructs won't even need to know the stage name anymore because conditional infra config will be defined at the top level within a config/ folder. All configuration will be explicitly passed into stacks. This keeps in line with best practice

In general, environment variable lookups should be limited to the top level of an AWS CDK app. They should also be used to pass in information that’s needed for running in a development environment

• https://docs.aws.amazon.com/cdk/v2/guide/best-practices.html

The purpose of local-app.ts is so that developers can quickly synth and deploy their apps locally. This CDK App will reference app-stage.ts which abstracts how stacks are instantiated so that it local-app.ts and pipeline-app.ts can use stacks in the same way. cdk.json#app value will reference local-app.ts so developer can more easily deploy app. When deploying pipeline-app, we will utilize "app" CLI parameter to reference correct entrypoint.

I propose we generate a src/config folder for each gboost create template. Within this folder we'll have:

src/config/stage-config.ts

import { GbDefaults } from "gboost-infra";
import { Environment } from "aws-cdk-lib";

/**
* Each stage name corresponds to stage. Local is for developer to deploy locally where all other stages are pipeline stages.
*/
export enum StageName {
  Local = "Local",
  Dev = "Dev",
  Test = "Test",
  Prod = "Prod",
};

/**
* Configuration per stage.
*/
export class StageConfig {
  stageName: StageName;
  appId = "gb"; // comes from `gboost create` package scope question/answer
  account: string;
  region: string;
  env: Environment;
  isLocal: boolean;
  gbDefaults: GbDefaults

  constructor(params: StageConfig) {
    this.stageName = params.stageName;
    this.account = params.account;
    this.region = params.region;
    this.env = { account: this.account, region: this.region };
    this.isLocal = this.stageName === StageName.Local;
    const baseDefaults: GbDefaults = {
      function: {
        logRetention: RetentionDays.SIX_MONTHS,
        environment: {
          POWERTOOLS_SERVICE_NAME: "Green Boost",
          STAGE_NAME: this.stageName,
        }
      },
      bucket: {
        encryption: BucketEncryption.S3_MANAGED,
      },
    };
    this.gbDefaults = deepmerge(baseDefaults, params.gbDefaults);
  }

  getStackId(stackName: string) {
    const localStageName = process.env["STAGE_NAME"];
    if (this.isLocal && !localStageName) {
      throw new Error("Environment Variable STAGE_NAME required when StageName.Local");
    }
    const stageName = this.isLocal ? this.stageName || localStageName;
    return `${this.appId}-${this.stageName}-${stackName}`;
  }
}

Note, above we're using stageName instead of stage to refer to stage name. This is more explicit and will hopefully be less confusing because Stage is abstract application modeling unit in CDK.

src/config/local.ts

export const localConfig = new StageConfig({
  stageName: StageName.Local,
  account: String(process.env["CDK_DEFAULT_ACCOUNT"]),
  region: String(process.env["CDK_DEFAULT_REGION"]),
  gbDefaults: {
    function: {
      environment: {
        POWERTOOLS_LOGGER_LOG_EVENT:"true",
      },
      logRetention: RetentionDays.ONE_MONTH,
    },
    postgresCluster: {
      readInstances: 1,
    },
  },
  // ... any other infra config
});

src/config/test.ts

export const testConfig = new StageConfig({
  stageName: StageName.Test,
  account: "1234567890",
  region: "us-east-1",
  gbDefaults: {
    function: {
      logRetention: RetentionDays.TWO_MONTHS,
    },
  postgresCluster: {
    readInstances: 1,
  },
  // ... any other infra config
});

src/app-stage.ts

// imports ignored for brevity
export class AppStage extends Stage {
  constructor(scope: Construct, id: string, stageConfig: StageConfig) {
    super(scope, id, stageConfig);
    setGbDefaults(stageConfig.gbDefaults);
    const dataStack = new Data(this, "data", { env: stageConfig.env });
    const apiStack = new Api(this, "api", {
      env: stageConfig.env,
      table: dataStack.table,
    });
    new Ui(this, "ui", { env: stageConfig.env, api: apiStack.api });

    Tags.of(this).add("appId", stageConfig.appId);
    Aspects.of(this).add(new SuppressOkNags());
    Aspects.of(this).add(new AwsSolutionsChecks());
  }
}

src/local-app.ts

// imports ignored for brevity
const app = new App();
new AppStage(app, StageName.Local, localConfig);

src/pipeline/pipeline-app.ts

// imports ignored for brevity
const app = new App();
new PipelineStack(app, "gb-pipeline", { env: devConfig.env });

src/pipeline/pipeline-stack.ts

// imports ignored for brevity
export class PipelineStack extends Stack {
  constructor(scope: Construct, id: string, props: StackProps) {
    super(scope, id, props);
    const pipeline = new CodePipeline(this, "CdkPipeline", {
      crossAccountKeys: true,
      selfMutation: true,
      synth: new ShellStep("ShellStep", {
        input: // TODO: make this dynamic based on CodeCommit or GitHub?
        installCommands: ["curl -fsSL https://get.pnpm.io/install.sh", "pnpm ci"],
        commands: ["cd infra", 'cdk --app "./node_modules/.bin/vite-node src/pipeline-app.ts" synth '],
        primaryOutputDirectory: "./infra/cdk.out",
    });

    const devStage = new AppStage(this, StageName.Dev, devConfig);
    pipeline.addStage(devStage); // TODO: add health check

    const testStage = new AppStage(this, StageName.Test, testConfig);
    pipeline.addStage(testStage); // TODO: add health check

    const prodStage = new AppStage(this, StageName.Prod, prodConfig);
    pipeline.addStage(prodStage); // TODO: add health check
  }
}

The benefit of generating is that developers can change this to fit their needs.

Outstanding Questions:

• Is the standard format stack name of ${stageName}-${appName}-${stackName} a good idea? Does it make resource names too long? For example, in DynamoDB your table name could be: stickb-gb-data-WidgetsTable9C270917-VXMGQWO7JNVS.
• Is assuming developers are going to use CDK Pipelines ok?
• Should we use bin/, lib/ folder setup that CDK has? I prefer src/ as it's consistent with other workspaces in GB project.
• We're making the stack's props the only entrypoint for configuration which could make it so we have to do "prop-drilling" where we pass parameters over and over again into constructs to get to final destination. Should we implement some type of useConfig hook or context system? Alternative is to only pass stageName down and then have a stageConfigs: Record<StageName, StageConfig> where we could reference correct stage config.
• Should I rename src/app to src/stacks? pipeline-stack.ts is a stack but wouldn't be inside it.
• Should I keep stateful/ and stateless? Unnecessary file hierarchy or helpful?
• Should I add apiStackProps, dataStackProps, uiStackProps to StageConfig?
• Is it ok if configuration logic "leaks" into constructs? What's best? Central configuration logic or delegated? Should logic lives closest to the construct it's concerned with?

TODO:

• Add job and monitoring stacks
• Add health checks to pipeline stage post hooks like here

[bestickley]

How would setGbDefaults work? Something like:

gb-defaults.ts

interface GbDefaults { ... }
export const gbDefaults = {};
export function setGbDefaults(defaults: GbDefaults) {
  deepmerge(gbDefaults, defaults);
}

function.ts

import { gbDefaults } from "./gb-defaults";
export class Function {
  constructor(scope: Construct, id: string, props: FunctionProps) {
    const newProps = deepmerge(gbDefaults, props);
    ...
  }
}

[tom-dennis-aws]

Outstanding Questions:

• Is the standard format stack name of ${stageName}-${appName}-${stackName} a good idea? Does it make resource names too long? For example, in DynamoDB your table name could be: stickb-gb-data-WidgetsTable9C270917-VXMGQWO7JNVS.
  • Although the names are long I like the descriptiveness
• Is assuming developers are going to use CDK Pipelines ok?
  • I think that's a fair assumption. If they would like to use a different CI/CD approach that seems out of scope of GB.
• Should we use bin/, lib/ folder setup that CDK has? I prefer src/ as it's consistent with other workspaces in GB project.
  • I don't think it's necessary to follow the default CDK folder setup.
• We're making the stack's props the only entrypoint for configuration which could make it so we have to do "prop-drilling" where we pass parameters over and over again into constructs to get to final destination. Should we implement some type of useConfig hook or context system? Alternative is to only pass stageName down and then have a stageConfigs: Record<StageName, StageConfig> where we could reference correct stage config.
  • I personally like the approach of passing the stageName as a prop and retrieving the appropriate config on demand, but either way works. It would be worth exploring a solution to avoid "prop drilling" but I think that could be an enhancement.
• Should I rename src/app to src/stacks? pipeline-stack.ts is a stack but wouldn't be inside it.
  • I like src/app, since that signals that the content is specific to the application (it will be easy enough to tell that these are stacks by the filenames). At a glance src/stacks doesn't tell me what those stacks are for.
• Should I keep stateful/ and stateless? Unnecessary file hierarchy or helpful?
  • Seems helpful to me. Promotes the idea that stateful resources should be handled with care.
• Should I add apiStackProps, dataStackProps, uiStackProps to StageConfig?
  • I envisioned that there will be a config property per GB construct (e.g. function, bucket, etc.), but beyond that I'm not sure if any other props are necessary. If the user wants to add more they are welcome to, but I don't think GB needs to add any others.
• Is it ok if configuration logic "leaks" into constructs? What's best? Central configuration logic or delegated? Should logic lives closest to the construct it's concerned with?
  • I don't think the GB constructs should be aware of configuration. Whichever construct instantiates a GB construct should extract the props from the config beforehand. As far as the user's constructs are concerned, I think it will depend on whether we pass them the stageName or the config directly, but the constructs will need to be at least somewhat aware of config logic.