search

cdklabs / cdk-monitoring-constructs

Easy-to-use CDK constructs for monitoring your AWS infrastructure
https://constructs.dev/packages/cdk-monitoring-constructs
Apache License 2.0
470 stars 61 forks source link

[Infra] Deploy an integration test stack to CloudFormation on push #25

Open echeung-amzn opened 2 years ago

echeung-amzn commented 2 years ago

It'd be nice to automatically deploy to an AWS account to ensure things are working as intended.

ayush987goyal commented 2 years ago

Some thoughts on this:

  1. We could run a workflow on each PR to deploy the current change to CFN.
  2. This could be done via creating a CDK app in the tests directory and executing it via an npm script.
  3. The dashboard created via this CFN stack can be made public as described here. Need to figure out how to enable public sharing via CFN which doesn't seem to be possible.
  4. The problem with the above is should we deploy to a new stack for each PR v/s the same stack gets deployed.
    • If it is different per PR, then how do we clean it up?
    • If it is the same stack, how do we roll it back if the PR gets closed? Merged PR is not a problem because we would deploy again in release workflow
ayush987goyal commented 2 years ago
  1. Action for aws credentials via assuming role: https://github.com/aws-actions/configure-aws-credentials . Would need to create this role (and other IAM related resources listed in the readme) internally.
  2. Action to run any cdk command: https://github.com/youyo/aws-cdk-github-actions

For starters we could just run the cdk deploy command on every PR that deploys a stack and prints the output. We can look into how to publish the dashboards publicly laters. Need to first close on what the stack strategy could be used though (single/multiple).

cayman-amzn commented 2 years ago

The dashboard created via this CFN stack can be made public as described here. Need to figure out how to enable public sharing via CFN which doesn't seem to be possible.

I think this could be made into an L3 construct in the CloudWatch CDK. Looking into the requests CW makes when setting this value in the AWS Console, it's creating a Cognito Identity pool with public access then configuring the Dashboard to use that. Need to dive deeper on how the dashboard is updated, or if it's just an account wide setting.

ayush987goyal commented 2 years ago

Possibly also add integ-runner integration if and when it gets open sourced:

https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/integ-runner/README.md