Deployment and Operation Verification Using AWS CloudFormation

This document describes how to deploy the sample code from this catalog using AWS CloudFormation and perform operation verification. While the state after deployment completion is the same as 5. Environment Setup and Operation Verification on AWS Management Console, the catalog AMI has Shell Scripts prepared for one-command deployment.

Deployment Configuration

Deployment Procedure

Preparation

For ECR repositories, manual creation is required before executing deployment scripts. By creating this manually, subsequent scripts can run smoothly. The specific method is the same as the "Create ECR Repository" section in 5. Environment Setup and Operation Verification on AWS Management Console, but please follow the naming convention in the following format:

{APP_NAME}-{ENV_NAME}-{AWS_REGION}-{AWS_ACCOUNT_ID}

# e.g.

# APP_NAME: my-react-router-app
# ENV_NAME: dev, stg, prd, etc.
# AWS_REGION: us-west-2, ap-northeast-1, etc.
# AWS_ACCOUNT_ID: 111122223333

# my-react-router-app-dev-ap-northeast-1-111122223333

Verify IAM Role and Permissions Used for Deployment

Please verify the permissions of the instance role assigned to the instance created with AMI. The recommended approach is to execute with Administrator permissions first, then use AWS IAM Access Analyzer to narrow down and apply the necessary permissions.

For details on AWS IAM Access Analyzer, please refer to the relevant official documentation.

Execute Deployment Script

Connect to EC2 and execute the following command from the terminal. This completes application build, Docker image build and push, and deployment of Lambda@Edge/CloudFront/Lambda main body.

./deploy/build-and-deploy.sh {APP_NAME} {ENV_NAME} {AWS_REGION}

# Please make it the same as the name created in the ECR repository.

Within the script, CloudFormation is executed as follows:

# The name "iam-auth-edge" is synonymous with "add-content-hash" described in "5. Environment Setup and Operation Verification on AWS Management Console".

aws cloudformation deploy \
  --region us-east-1 \
  --stack-name ${_APP_NAME}-${_ENV_NAME}-iam-auth-edge \
  --template-file ./deploy/cloudformation/iam-auth-edge.yaml \
  --parameter-overrides \
    AppName=${_APP_NAME} \
    EnvName=${_ENV_NAME} \
  --capabilities CAPABILITY_NAMED_IAM

aws cloudformation deploy \
  --region ${_AWS_REGION} \
  --stack-name ${_APP_NAME}-${_ENV_NAME}-cloudfront-lambda \
  --template-file ./deploy/cloudformation/cloudfront-lambda.yaml \
  --parameter-overrides \
    AppName=${_APP_NAME} \
    EnvName=${_ENV_NAME} \
    LambdaEdgeArn=arn:aws:lambda:us-east-1:${_AWS_ACCOUNT_ID}:function:${_APP_NAME}-${_ENV_NAME}-iam-auth-edge:1 \
    ImageUri=${_IMAGE_URI} \
  --capabilities CAPABILITY_NAMED_IAM

Operation Verification

After deployment completes in a few minutes, open the domain issued by CloudFront in the AWS Management Console.

If displayed as follows, it's complete. Going forward, operations can be performed by simply executing Shell Scripts to push AWS Lambda container images and update Lambda.

Deployment Configuration​

Deployment Procedure​

Preparation​

Verify IAM Role and Permissions Used for Deployment​

Execute Deployment Script​

Operation Verification​