Skip to content

Setup-from-scratch.md

Latest commit

 

History

History
51 lines (37 loc) · 4.14 KB

Setup-from-scratch.md

File metadata and controls

51 lines (37 loc) · 4.14 KB

Setup from scratch

To setup the project from scratch, there are a few steps to take and a few pre-requirements.

Pre-requirements

  • A pulumi account with an organization
  • Locally installed pulumi cli tool
  • AWS account with configured local access for cli tools

The steps

CI/CD Pipeline

  • Create a new pulumi access token to be used in the github actions
  • In the github organization settings, create a new secret named PULUMI_ACCESS_TOKEN and paste the pulumi access token there
    • Settings -> Security -> Secrets and Variables -> New organization secret
  • In the github organization settings, create a new secret named AWS_REGION and paste the intended default AWS region there
    • Settings -> Security -> Secrets and Variables -> New organization secret
  • Create a new github personal access token (PAT) to be used in the github actions
    • Settings -> Developer settings -> Personal access tokens -> Generate new token
    • Give the token a name and select the repo scope
    • The intent of this token is to grant access to the projects repository composite actions to use github cli tool to initiate deployments on other organization repositories
  • In the projects repository settings page, create a repository secret named VFD_PROJECTS_PAT and paste the github personal access token (PAT) there
  • In each repository (Phase 1 and/or Phase 2) github page, create a new deployment environment that is named to match the intented stack name (eg. dev, staging)
    • Settings -> Environments -> New environment

Infrastructure

  • In the infrastructure repository with a command line tool, create a new stack that matches the name of the deployment environment:
    • pulumi stack select <pulumi-organization>/<stack-name> --create
      • eg. pulumi stack select virtualfinland/dev --create
  • In the infrastructure repository with a command line tool, manually deploy the stack:
    • pulumi up
    • this will create the AWS resources needed for the CI/CD pipeline to work for the rest of the repositories

Projects

  • In the projects repository github actions page run the Phase 1 or Phase 2 deployment.
  • The Phase 2 includes the Phase 1, so there is no need to run the Phase 1 deployment if the Phase 2 is run.

Phase 2 specifics

  • If there is a custom domain name configured with the Access Finland MVP deployments live environment, the initial deployment flow of the Access Finland MVP app will fail at the step Initial deployment domain check as the created SSL-certificates need verification that takes some time to actualize.
  • To continue the Phase 2 github actions-flow, re-run the flow (for speed, choose the "failed jobs only" option) only after the SSL-certificates have been verified by AWS. Read more at af-mvp app deployment instructions.
  • After that, deploy the infrastructure-project once more to finish the email service domain name related configurations. Read more at infrastructure email instructions.

Post-deployment

  • In the monitoring repository reconfigure alerts etc. and redeploy as need be.
  • In AWS Console, configure the access credentials to the AWS Cognito user and indentity pool created by the Access Finland MVP app. Read more at mvp-app deployment instructions.