Hey everyone! I've been working on a project using AWS CDK where I've set up infrastructure for two Fargate services based on subdomains. Here's a quick rundown of what I have done:
1. **Domain Setup**:
- [http://domain.com](http://domain.com) serves a WordPress site.
- [http://app.domain.com](http://app.domain.com) serves a Laravel application.
2. **Load Balancer**: I implemented a load balancer to manage the routing properly.
3. **CI/CD Integration**: GitHub Actions are set up for continuous integration and deployment.
4. **Containerization**: I set up Fargate services and got a basic understanding of how Docker and containerization work.
5. **Networking Setup**: I configured a VPC with appropriate subnets.
6. **Database Configuration**: Configured RDS and security groups to allow the application connections, and included an EC2 instance for additional operations.
You can check out the code [here](https://github.com/RizaHKhan/fargate-practice/tree/domains). I'm really eager to hear your thoughts on whether my stack organization is good and if it's a suitable project to showcase to potential employers. Thanks in advance for your feedback!
3 Answers
This looks fantastic! Just a heads-up, you might be asked in interviews about how you'd manage sensitive information like API keys in your code. One solution is to use OpenID Connect (OIDC) to create an AWS role that grants GitHub temporary credentials for specified repositories, which is much more secure than hardcoding keys. This way, your workflows can dynamically gather credentials when needed instead of requiring manual updates. It's definitely a great improvement for automation!
Also, I'm curious, where's your GitHub Action? Are you leveraging AWS keys, or did you switch to OIDC? This can affect your workflow's security and efficiency. Just checking!
Overall, your project is solid! Just a couple of tips:
1. You may have split your stacks a bit too much, especially for your web tier with Fargate. A good rule of thumb is that if you only have one construct in a stack, you might be overdoing it. Try consolidating to minimize dependencies and avoid update locking.
2. It’d be beneficial to use the L3 construct `ApplicationLoadBalancedFargateService` for better performance.
3. Consider using `CDK Pipelines` instead of setting up a CodePipeline directly for a cleaner implementation.
4. And definitely make sure to write some tests; even CDKNag tests can help ensure your code's integrity!
Right now, I'm still using AWS keys for my GitHub actions. Hoping to transition to OIDC soon for better security!