DevOps Zen Part 1: Deploy Amazon RDS Postgres and ECS Fargate From Scratch

This CloudFormation template builds the following stack (see the diagram below):

• A VPC with two public and private subnets and NAT
• An RDS Postgres instance with RDS Proxy. It stores a random password in the Secrets Manager key /{Product}/RDS/pg/{user}.
• A public load balancer for servicing API requests at
  https://api.{DomainName}
• An internal load balancer for service to service communication at
  https://api-internal.{DomainName}
• An ECS Cluster with one Fargate task
• A basic Cognito user pool
• A frontend application served by Amplify

Unfortunately, it’s not completely automated. Read the comments at the beginning of the script.

1. Add a DNS NS record to the parent zone
2. Set up the custom domain for Amplify
3. See the comment for ApiService. DesiredCount should be changed to a non-zero value when the ECR repository contains an image. We’ll address that in part 2.

To “run” this template:

1. Save the script below to the file template.yaml
2. Modify the parameter default valuesor specify them on the command line below:

aws cloudformation create-stack \
— template-body file://template.yaml \
— capabilities CAPABILITY_NAMED_IAM \
— tags Key=Creator,Value=ACME

IaC piles up quickly! The reader is left the exercise of using Nested Stacks to modularize this spaghetti before it fills every inch of the visible universe. Unfortunately, that essentially means manage template files in S3. Good luck!

Next, we’ll set up a GitHub Action to deploy the service.