AWS Serverless solution that implements a release dashboard that provides a single button press for deploying code changes to production.
User's onboard github or gitlab repositories (need to specify a BASE (main) and HEAD (develop) branch) in the frontend, at which point you can then deploy
code changes to a production environment by hitting deploy
. Deploying creates pull requests which merge the HEAD branch into BASE, and creates a release. Users can also select hotfix
, which skips the pull request and creates a release based on the BASE branch.
To make it all work, you'll need to configure your production continuous integration deployment pipeline trigger with a regex check on the release version number so that it's only triggered on semver releases, for example. You'll also need to provide a github or gitlab API token to give the dashboard access to make API calls to the respective VCS provider. These tokens will be stored as SSM parameters within AWS.
Deploys trigger the following workflow:
- Create Github / Gitlab PR base <- head (e.g. main <- develop)
- Approve PR
- Create Release based on base branch
- Send Slack message to a channel with the release notes.
Hotfix Deploys trigger the following workflow:
- Create Release based on base branch
- Send Slack message to a channel with the release notes.
This solution utilises the following services:
- API Gateway (auth + routing)
- Cloudwatch (logging)
- Cognito (auth)
- DynamoDB (backend storage)
- Lambda (backend compute)
- S3 + Cloudfront (VueJS frontend)
- SSM Parameter Store (secrets management)
The following tools must be installed in order to fully deploy Moot
- yarn -- used to build the frontend locally
- awscli -- used to aws s3 sync the frontend assets
- go -- requires at least version 16 because of
go modules
- gcc (build essentials) -- required for
go build
The below snippet will fully deploy the dashboard (backend + frontend). In this instance, I am deploying to a cheap Route53 domain I purchased for testing purposes (moot.link
).
If your AWS account does not have a Route53 hosted zone, remove the hosted_zone_name
and fqdn_alias
lines to use Cloudfront's default certificate and dns.
See the terraform_examples directory for deployable examples.
module "moot" {
source = "github.com/seanturner026/moot.git"
name = "moot"
aws_profile = "default"
admin_user_email = var.admin_user_email
enable_delete_admin_user = false
github_token = var.github_token
gitlab_token = var.gitlab_token
slack_webhook_url = var.slack_webhook_url
fqdn_alias = "moot.link"
hosted_zone_name = "moot.link"
enable_api_gateway_access_logs = true
tags = var.tags
}
No requirements.
Name | Version |
---|---|
archive | n/a |
aws | n/a |
external | n/a |
null | n/a |
Name | Description | Type | Default | Required |
---|---|---|---|---|
admin_user_email | Controls the creation of an admin user that is required to initially gain access to the dashboard. If access to the dashboard is completely lost, do the following • var.enable_delete_admin_user = true • terraform apply • var.enable_delete_admin_user = false • terraform apply If the initial admin user should no longer be able to access the dashboard, revoke access by setting var.enable_delete_admin_user = true and running terraform apply |
string |
"" |
no |
aws_profile | AWS Profile Name from ~/.aws/config that can be used for local execution. This profile is used to preform the following actions: • aws s3 sync : Sync bundle produced by yarn to build to s3• cognito-idp admin-create-user : Creates an admin cognito user for dashboard access• cognito-idp admin-delete-user : Deletes an admin cognito user if the user should nothave access to the dashboard anymore, OR, if there is no way for the user to regain access. • cognito-idp list-users : Obtains the admin user's ID in order to write the ID to theDynamodDB table. |
string |
"" |
no |
enable_api_gateway_access_logs | Enables API Gateway access logging to cloudwatch for the default stage. | bool |
false |
no |
enable_delete_admin_user | Destroys the admin user. Set this value to true to destroy the user, and to false to recreate the user. |
bool |
false |
no |
fqdn_alias | ALIAS for the Cloudfront distribution, S3, Cognito and API Gateway. Must be in the form ofexample.com . |
string |
"" |
no |
github_token | Token for Github. | string |
"42" |
no |
gitlab_token | Token for Gitlab. | string |
"42" |
no |
hosted_zone_name | Name of AWS Route53 Hosted Zone for DNS. | string |
"" |
no |
name | Name to be applied to all resources. | string |
"release_dashboard" |
no |
slack_webhook_url | URL to send slack message payloads to. | string |
"42" |
no |
tags | Map of tags to be applied to resources. | map(string) |
{} |
no |
Name | Description |
---|---|
cloudfront_domain_name | FQDN of Cloudfront Distribution that can be used for DNS. |