diff --git a/dotcom-rendering/cdk/bin/cdk.ts b/dotcom-rendering/cdk/bin/cdk.ts index 50db0b0f1d0..8cc0f66cdde 100644 --- a/dotcom-rendering/cdk/bin/cdk.ts +++ b/dotcom-rendering/cdk/bin/cdk.ts @@ -8,13 +8,21 @@ const sharedProps = { app: 'rendering', stack: 'frontend', region: 'eu-west-1', + amiRecipe: 'dotcom-rendering-ARM-jammy-node-18.17.0', }; new DotcomRendering(app, 'DotcomRendering-PROD', { ...sharedProps, stage: 'PROD', + minCapacity: 15, + maxCapacity: 60, + instanceType: 't4g.small', }); + new DotcomRendering(app, 'DotcomRendering-CODE', { ...sharedProps, stage: 'CODE', + minCapacity: 1, + maxCapacity: 4, + instanceType: 't4g.micro', }); diff --git a/dotcom-rendering/cdk/lib/__snapshots__/dotcom-rendering.test.ts.snap b/dotcom-rendering/cdk/lib/__snapshots__/dotcom-rendering.test.ts.snap index 95a0d98a78c..66008e1c05b 100644 --- a/dotcom-rendering/cdk/lib/__snapshots__/dotcom-rendering.test.ts.snap +++ b/dotcom-rendering/cdk/lib/__snapshots__/dotcom-rendering.test.ts.snap @@ -31,21 +31,12 @@ exports[`The DotcomRendering stack matches the snapshot 1`] = ` "Value": "frontend", }, }, - "StageMap": { - "CODE": { - "MaxCapacity": 4, - "MinCapacity": 1, - }, - "PROD": { - "MaxCapacity": 60, - "MinCapacity": 15, - }, - }, }, "Metadata": { "gu:cdk:constructs": [ "GuVpcParameter", "GuSubnetListParameter", + "GuSubnetListParameter", "GuSecurityGroup", "GuStringParameter", "GuClassicLoadBalancer", @@ -62,6 +53,11 @@ exports[`The DotcomRendering stack matches the snapshot 1`] = ` "GuDistributionBucketParameter", "GuGetDistributablePolicy", "GuParameterStoreReadPolicy", + "GuStringParameter", + "GuAmiParameter", + "GuHttpsEgressSecurityGroup", + "GuWazuhAccess", + "GuAutoScalingGroup", ], "gu:cdk:version": "TEST", }, @@ -80,6 +76,11 @@ exports[`The DotcomRendering stack matches the snapshot 1`] = ` "Description": "AMI to use for instances", "Type": "AWS::EC2::Image::Id", }, + "AMIRendering": { + "Default": "/TEST/frontend/rendering/ami.imageId", + "Description": "Amazon Machine Image ID for the app rendering. Use this in conjunction with AMIgo to keep AMIs up to date.", + "Type": "AWS::SSM::Parameter::Value", + }, "App": { "Default": "rendering", "Description": "Application name", @@ -114,6 +115,10 @@ exports[`The DotcomRendering stack matches the snapshot 1`] = ` "Description": "name of the kinesis stream to use to send logs to the central ELK stack", "Type": "String", }, + "ELKStreamId": { + "Default": "/TEST/frontend/rendering/logging.stream.name", + "Type": "AWS::SSM::Parameter::Value", + }, "InstanceType": { "Description": "EC2 Instance Type to use for dotcom-rendering", "Type": "String", @@ -128,6 +133,11 @@ exports[`The DotcomRendering stack matches the snapshot 1`] = ` "Description": "(Optional) ARN of action to execute when notification alarms change state", "Type": "CommaDelimitedList", }, + "PrivateSubnets": { + "Default": "/account/vpc/primary/subnets/private", + "Description": "A list of private subnets", + "Type": "AWS::SSM::Parameter::Value>", + }, "PublicSubnets": { "Default": "/account/vpc/primary/subnets/public", "Description": "A list of public subnets", @@ -299,6 +309,18 @@ exports[`The DotcomRendering stack matches the snapshot 1`] = ` ], ], }, + { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:eu-west-1:", + { + "Ref": "AWS::AccountId", + }, + ":parameter//TEST/frontend/rendering/*", + ], + ], + }, ], }, ], @@ -315,48 +337,31 @@ exports[`The DotcomRendering stack matches the snapshot 1`] = ` }, "AutoscalingGroup": { "Properties": { - "AvailabilityZones": { - "Fn::GetAZs": "", - }, "HealthCheckGracePeriod": 120, "HealthCheckType": "ELB", - "LaunchConfigurationName": { - "Ref": "LaunchConfig", + "LaunchTemplate": { + "LaunchTemplateId": { + "Ref": "frontendTESTrenderingF3FD9600", + }, + "Version": { + "Fn::GetAtt": [ + "frontendTESTrenderingF3FD9600", + "LatestVersionNumber", + ], + }, }, "LoadBalancerNames": [ { "Ref": "InternalLoadBalancer", }, ], - "MaxSize": { - "Fn::FindInMap": [ - "StageMap", - { - "Ref": "Stage", - }, - "MaxCapacity", - ], - }, - "MinSize": { - "Fn::FindInMap": [ - "StageMap", - { - "Ref": "Stage", - }, - "MinCapacity", - ], - }, + "MaxSize": "4", + "MinSize": "1", "Tags": [ { "Key": "App", "PropagateAtLaunch": true, - "Value": { - "Fn::FindInMap": [ - "Constants", - "App", - "Value", - ], - }, + "Value": "rendering", }, { "Key": "gu:cdk:version", @@ -380,7 +385,7 @@ exports[`The DotcomRendering stack matches the snapshot 1`] = ` }, ], "VPCZoneIdentifier": { - "Ref": "Subnets", + "Ref": "PrivateSubnets", }, }, "Type": "AWS::AutoScaling::AutoScalingGroup", @@ -480,6 +485,46 @@ exports[`The DotcomRendering stack matches the snapshot 1`] = ` }, "Type": "AWS::IAM::Policy", }, + "GuHttpsEgressSecurityGroupRenderingE17B2710": { + "Properties": { + "GroupDescription": "Allow all outbound HTTPS traffic", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound HTTPS traffic", + "FromPort": 443, + "IpProtocol": "tcp", + "ToPort": 443, + }, + ], + "Tags": [ + { + "Key": "App", + "Value": "rendering", + }, + { + "Key": "gu:cdk:version", + "Value": "TEST", + }, + { + "Key": "gu:repo", + "Value": "guardian/dotcom-rendering", + }, + { + "Key": "Stack", + "Value": "frontend", + }, + { + "Key": "Stage", + "Value": "TEST", + }, + ], + "VpcId": { + "Ref": "VpcId", + }, + }, + "Type": "AWS::EC2::SecurityGroup", + }, "GuLogShippingPolicy981BFE5A": { "Properties": { "PolicyDocument": { @@ -836,58 +881,6 @@ exports[`The DotcomRendering stack matches the snapshot 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "LaunchConfig": { - "Properties": { - "AssociatePublicIpAddress": true, - "IamInstanceProfile": { - "Ref": "InstanceProfile", - }, - "ImageId": { - "Ref": "AMI", - }, - "InstanceType": { - "Ref": "InstanceType", - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "InstanceSecurityGroup", - "GroupId", - ], - }, - ], - "UserData": { - "Fn::Base64": { - "Fn::Sub": "#!/bin/bash -ev - -groupadd frontend -useradd -r -m -s /usr/bin/nologin -g frontend dotcom-rendering -usermod -a -G frontend aws-kinesis-agent-user -cd /home/dotcom-rendering - -aws --region eu-west-1 s3 cp s3://aws-frontend-artifacts/frontend/\${Stage}/\${App}/\${App}.zip ./ -unzip -q \${App}.zip -d \${App} - -chown -R dotcom-rendering:frontend \${App} - -cd \${App} - -export TERM=xterm-256color -export NODE_ENV=production -export GU_STAGE=\${Stage} - -mkdir /var/log/dotcom-rendering -chown -R dotcom-rendering:frontend /var/log/dotcom-rendering - -sudo NODE_ENV=$NODE_ENV GU_STAGE=$GU_STAGE -u dotcom-rendering -g frontend make start-prod - -/opt/aws-kinesis-agent/configure-aws-kinesis-agent \${AWS::Region} \${ELKStream} /var/log/dotcom-rendering/dotcom-rendering.log -", - }, - }, - }, - "Type": "AWS::AutoScaling::LaunchConfiguration", - }, "ParameterStoreReadRenderingFDC91AAA": { "Properties": { "PolicyDocument": { @@ -969,6 +962,206 @@ sudo NODE_ENV=$NODE_ENV GU_STAGE=$GU_STAGE -u dotcom-rendering -g frontend make }, "Type": "AWS::AutoScaling::ScalingPolicy", }, + "WazuhSecurityGroup": { + "Properties": { + "GroupDescription": "Allow outbound traffic from wazuh agent to manager", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Wazuh event logging", + "FromPort": 1514, + "IpProtocol": "tcp", + "ToPort": 1514, + }, + { + "CidrIp": "0.0.0.0/0", + "Description": "Wazuh agent registration", + "FromPort": 1515, + "IpProtocol": "tcp", + "ToPort": 1515, + }, + ], + "Tags": [ + { + "Key": "gu:cdk:version", + "Value": "TEST", + }, + { + "Key": "gu:repo", + "Value": "guardian/dotcom-rendering", + }, + { + "Key": "Stack", + "Value": "frontend", + }, + { + "Key": "Stage", + "Value": "TEST", + }, + ], + "VpcId": { + "Ref": "VpcId", + }, + }, + "Type": "AWS::EC2::SecurityGroup", + }, + "frontendTESTrenderingF3FD9600": { + "Properties": { + "LaunchTemplateData": { + "IamInstanceProfile": { + "Arn": { + "Fn::GetAtt": [ + "frontendTESTrenderingProfileA2D2425E", + "Arn", + ], + }, + }, + "ImageId": { + "Ref": "AMIRendering", + }, + "InstanceType": "t4g.micro", + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "GuHttpsEgressSecurityGroupRenderingE17B2710", + "GroupId", + ], + }, + { + "Fn::GetAtt": [ + "WazuhSecurityGroup", + "GroupId", + ], + }, + { + "Fn::GetAtt": [ + "InstanceSecurityGroup", + "GroupId", + ], + }, + ], + "TagSpecifications": [ + { + "ResourceType": "instance", + "Tags": [ + { + "Key": "gu:cdk:version", + "Value": "TEST", + }, + { + "Key": "gu:repo", + "Value": "guardian/dotcom-rendering", + }, + { + "Key": "Name", + "Value": "DotcomRendering/frontend-TEST-rendering", + }, + { + "Key": "Stack", + "Value": "frontend", + }, + { + "Key": "Stage", + "Value": "TEST", + }, + ], + }, + { + "ResourceType": "volume", + "Tags": [ + { + "Key": "gu:cdk:version", + "Value": "TEST", + }, + { + "Key": "gu:repo", + "Value": "guardian/dotcom-rendering", + }, + { + "Key": "Name", + "Value": "DotcomRendering/frontend-TEST-rendering", + }, + { + "Key": "Stack", + "Value": "frontend", + }, + { + "Key": "Stage", + "Value": "TEST", + }, + ], + }, + ], + "UserData": { + "Fn::Base64": { + "Fn::Join": [ + "", + [ + "#!/bin/bash -ev +groupadd frontend +useradd -r -m -s /usr/bin/nologin -g frontend dotcom-rendering +usermod -a -G frontend aws-kinesis-agent-user +cd /home/dotcom-rendering +aws --region eu-west-1 s3 cp s3://aws-frontend-artifacts/frontend/TEST/rendering/rendering.zip ./ +unzip -q rendering.zip -d rendering +chown -R dotcom-rendering:frontend rendering +cd rendering +export TERM=xterm-256color +export NODE_ENV=production +export GU_STAGE=TEST +mkdir /var/log/dotcom-rendering +chown -R dotcom-rendering:frontend /var/log/dotcom-rendering +sudo NODE_ENV=$NODE_ENV GU_STAGE=$GU_STAGE -u dotcom-rendering -g frontend make start-prod +/opt/aws-kinesis-agent/configure-aws-kinesis-agent eu-west-1 ", + { + "Ref": "ELKStreamId", + }, + " /var/log/dotcom-rendering/dotcom-rendering.log", + ], + ], + }, + }, + }, + "TagSpecifications": [ + { + "ResourceType": "launch-template", + "Tags": [ + { + "Key": "gu:cdk:version", + "Value": "TEST", + }, + { + "Key": "gu:repo", + "Value": "guardian/dotcom-rendering", + }, + { + "Key": "Name", + "Value": "DotcomRendering/frontend-TEST-rendering", + }, + { + "Key": "Stack", + "Value": "frontend", + }, + { + "Key": "Stage", + "Value": "TEST", + }, + ], + }, + ], + }, + "Type": "AWS::EC2::LaunchTemplate", + }, + "frontendTESTrenderingProfileA2D2425E": { + "Properties": { + "Roles": [ + { + "Ref": "InstanceRole", + }, + ], + }, + "Type": "AWS::IAM::InstanceProfile", + }, }, } `; diff --git a/dotcom-rendering/cdk/lib/dotcom-rendering.test.ts b/dotcom-rendering/cdk/lib/dotcom-rendering.test.ts index e3c889d8e14..46667771358 100644 --- a/dotcom-rendering/cdk/lib/dotcom-rendering.test.ts +++ b/dotcom-rendering/cdk/lib/dotcom-rendering.test.ts @@ -14,7 +14,11 @@ describe('The DotcomRendering stack', () => { stack: 'frontend', stage: 'TEST', app: 'rendering', + minCapacity: 1, + maxCapacity: 4, + instanceType: 't4g.micro', region: 'eu-west-1', + amiRecipe: 'amiRecipe', }); const template = Template.fromStack(stack); expect(template.toJSON()).toMatchSnapshot(); diff --git a/dotcom-rendering/cdk/lib/dotcom-rendering.ts b/dotcom-rendering/cdk/lib/dotcom-rendering.ts index 43430de01f6..2b958696e5f 100644 --- a/dotcom-rendering/cdk/lib/dotcom-rendering.ts +++ b/dotcom-rendering/cdk/lib/dotcom-rendering.ts @@ -1,5 +1,10 @@ import { join } from 'node:path'; -import { GuStack, GuStringParameter } from '@guardian/cdk/lib/constructs/core'; +import { GuAutoScalingGroup } from '@guardian/cdk/lib/constructs/autoscaling'; +import { + GuAmiParameter, + GuStack, + GuStringParameter, +} from '@guardian/cdk/lib/constructs/core'; import { GuSecurityGroup, GuVpc, @@ -12,10 +17,12 @@ import { import { GuClassicLoadBalancer } from '@guardian/cdk/lib/constructs/loadbalancing'; import type { App } from 'aws-cdk-lib'; import { CfnOutput, Duration } from 'aws-cdk-lib'; -import { Peer } from 'aws-cdk-lib/aws-ec2'; +import { HealthCheck } from 'aws-cdk-lib/aws-autoscaling'; +import { InstanceType, Peer } from 'aws-cdk-lib/aws-ec2'; import { LoadBalancingProtocol } from 'aws-cdk-lib/aws-elasticloadbalancing'; import { CfnInclude } from 'aws-cdk-lib/cloudformation-include'; import type { DCRProps } from './types'; +import { getUserData } from './userData'; export class DotcomRendering extends GuStack { constructor(scope: App, id: string, props: DCRProps) { @@ -32,6 +39,9 @@ export class DotcomRendering extends GuStack { const publicSubnets = GuVpc.subnetsFromParameter(this, { type: SubnetType.PUBLIC, }); + const privateSubnets = GuVpc.subnetsFromParameter(this, { + type: SubnetType.PRIVATE, + }); const lbSecurityGroup = new GuSecurityGroup( this, @@ -43,12 +53,12 @@ export class DotcomRendering extends GuStack { vpc, ingresses: [ { - range: Peer.ipv4(vpc.vpcCidrBlock), + range: Peer.ipv4(vpcCidrBlock), port: 80, description: 'TCP 80 ingress', }, { - range: Peer.ipv4(vpc.vpcCidrBlock), + range: Peer.ipv4(vpcCidrBlock), port: 443, description: 'TCP 443 ingress', }, @@ -166,6 +176,7 @@ export class DotcomRendering extends GuStack { resources: [ `arn:aws:ssm:${region}:${this.account}:parameter/frontend/*`, `arn:aws:ssm:${region}:${this.account}:parameter/dotcom/*`, + `arn:aws:ssm:${region}:${this.account}:parameter/${ssmPrefix}/*`, ], }), ], @@ -175,6 +186,40 @@ export class DotcomRendering extends GuStack { reason: 'Retaining a stateful resource previously defined in YAML', }); + const asg = new GuAutoScalingGroup(this, 'AutoscalingGroup', { + app, + vpc, + instanceType: new InstanceType(props.instanceType), + minimumInstances: props.minCapacity, + maximumInstances: props.maxCapacity, + healthCheck: HealthCheck.elb({ grace: Duration.minutes(2) }), + userData: getUserData({ + app, + region, + stage, + elkStreamId: new GuStringParameter(this, 'ELKStreamId', { + fromSSM: true, + default: `${ssmPrefix}/logging.stream.name`, + }).valueAsString, + }), + imageId: new GuAmiParameter(this, { + app, + fromSSM: true, + default: `${ssmPrefix}/ami.imageId`, + }), + imageRecipe: props.amiRecipe, + role: instanceRole, + additionalSecurityGroups: [instanceSecurityGroup], + vpcSubnets: { subnets: privateSubnets }, + withoutImdsv2: true, + }); + this.overrideLogicalId(asg, { + logicalId: 'AutoscalingGroup', + reason: 'Retaining a stateful resource previously defined in YAML', + }); + + asg.attachToClassicLB(loadBalancer); + const yamlTemplateFilePath = join( __dirname, '../..', @@ -184,8 +229,7 @@ export class DotcomRendering extends GuStack { new CfnInclude(this, 'YamlTemplate', { templateFile: yamlTemplateFilePath, parameters: { - VpcId: vpc.vpcId, - InstanceSecurityGroup: instanceSecurityGroup.securityGroupId, + AutoscalingGroup: asg.autoScalingGroupName, InternalLoadBalancer: loadBalancer.loadBalancerName, InstanceRole: instanceRole.roleName, }, diff --git a/dotcom-rendering/cdk/lib/types.ts b/dotcom-rendering/cdk/lib/types.ts index 4116ebb5101..6633e602017 100644 --- a/dotcom-rendering/cdk/lib/types.ts +++ b/dotcom-rendering/cdk/lib/types.ts @@ -6,7 +6,24 @@ export interface DCRProps extends GuStackProps { */ app: string; /** - * The region in AWS where the application will run + * The minimum number of instances in the autoscaling group + */ + minCapacity: number; + /** + * The maximum number of instances in the autoscaling group. + * Defaults to twice the minimum capacity if not specified + */ + maxCapacity?: number; + /** + * EC2 Instance Type to use for dotcom-rendering + */ + instanceType: string; + /** + * The region in AWS where this app will run */ region: string; + /** + * AMI Recipe to use + */ + amiRecipe: string; } diff --git a/dotcom-rendering/cdk/lib/userData.ts b/dotcom-rendering/cdk/lib/userData.ts new file mode 100644 index 00000000000..b48c49a5388 --- /dev/null +++ b/dotcom-rendering/cdk/lib/userData.ts @@ -0,0 +1,45 @@ +import type { DCRProps } from './types'; + +type UserDataProps = Pick & { + elkStreamId: string; +}; + +/** + * Returns user data configuration for instances in the rendering app + * @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html + */ +export const getUserData = ({ + app, + region, + stage, + elkStreamId, +}: UserDataProps): string => { + const userData = [ + `#!/bin/bash -ev`, + + `groupadd frontend`, + `useradd -r -m -s /usr/bin/nologin -g frontend dotcom-rendering`, + `usermod -a -G frontend aws-kinesis-agent-user`, + `cd /home/dotcom-rendering`, + + `aws --region eu-west-1 s3 cp s3://aws-frontend-artifacts/frontend/${stage}/${app}/${app}.zip ./`, + `unzip -q ${app}.zip -d ${app}`, + + `chown -R dotcom-rendering:frontend ${app}`, + + `cd ${app}`, + + `export TERM=xterm-256color`, + `export NODE_ENV=production`, + `export GU_STAGE=${stage}`, + + `mkdir /var/log/dotcom-rendering`, + `chown -R dotcom-rendering:frontend /var/log/dotcom-rendering`, + + `sudo NODE_ENV=$NODE_ENV GU_STAGE=$GU_STAGE -u dotcom-rendering -g frontend make start-prod`, + + `/opt/aws-kinesis-agent/configure-aws-kinesis-agent ${region} ${elkStreamId} /var/log/dotcom-rendering/dotcom-rendering.log`, + ].join('\n'); + + return userData; +}; diff --git a/dotcom-rendering/cloudformation.yml b/dotcom-rendering/cloudformation.yml index 5bcf116188b..fe2fe7526b3 100644 --- a/dotcom-rendering/cloudformation.yml +++ b/dotcom-rendering/cloudformation.yml @@ -8,9 +8,6 @@ Parameters: Subnets: Description: The subnets where rendering instances will run Type: List - VpcId: - Description: The VPC in which rendering instances will run - Type: AWS::EC2::VPC::Id App: Description: Application name Type: String @@ -26,9 +23,6 @@ Parameters: Description: Stack name Type: String Default: frontend - AMI: - Description: AMI to use for instances - Type: AWS::EC2::Image::Id NotificationAlarmAction: Type: CommaDelimitedList Description: (Optional) ARN of action to execute when notification alarms change state @@ -48,11 +42,8 @@ Parameters: InstanceType: Type: String Description: EC2 Instance Type to use for dotcom-rendering - ELKStream: - Type: String - Description: name of the kinesis stream to use to send logs to the central ELK stack - InstanceSecurityGroup: - Description: Id of instance security group + AutoscalingGroup: + Description: Name of the Autoscaling group Type: String InternalLoadBalancer: Description: Id of internal load balancer @@ -60,6 +51,13 @@ Parameters: InstanceRole: Description: Name of instance role Type: String + # ! These params are not used but should be kept until the migration is finished + ELKStream: + Description: name of the kinesis stream to use to send logs to the central ELK stack + Type: String + AMI: + Description: AMI to use for instances + Type: AWS::EC2::Image::Id Conditions: HasLatencyScalingAlarm: !Equals [!Ref Stage, 'PROD'] @@ -71,13 +69,6 @@ Mappings: Value: frontend App: Value: rendering - StageMap: - PROD: - MinCapacity: 15 - MaxCapacity: 60 - CODE: - MinCapacity: 1 - MaxCapacity: 4 Resources: InstanceProfile: @@ -87,72 +78,6 @@ Resources: Roles: - Ref: InstanceRole - LaunchConfig: - Type: AWS::AutoScaling::LaunchConfiguration - Properties: - ImageId: - Ref: AMI - SecurityGroups: - - Ref: InstanceSecurityGroup - InstanceType: !Ref InstanceType - IamInstanceProfile: - Ref: InstanceProfile - AssociatePublicIpAddress: true - UserData: - 'Fn::Base64': !Sub | - #!/bin/bash -ev - - groupadd frontend - useradd -r -m -s /usr/bin/nologin -g frontend dotcom-rendering - usermod -a -G frontend aws-kinesis-agent-user - cd /home/dotcom-rendering - - aws --region eu-west-1 s3 cp s3://aws-frontend-artifacts/frontend/${Stage}/${App}/${App}.zip ./ - unzip -q ${App}.zip -d ${App} - - chown -R dotcom-rendering:frontend ${App} - - cd ${App} - - export TERM=xterm-256color - export NODE_ENV=production - export GU_STAGE=${Stage} - - mkdir /var/log/dotcom-rendering - chown -R dotcom-rendering:frontend /var/log/dotcom-rendering - - sudo NODE_ENV=$NODE_ENV GU_STAGE=$GU_STAGE -u dotcom-rendering -g frontend make start-prod - - /opt/aws-kinesis-agent/configure-aws-kinesis-agent ${AWS::Region} ${ELKStream} /var/log/dotcom-rendering/dotcom-rendering.log - - AutoscalingGroup: - Type: AWS::AutoScaling::AutoScalingGroup - Properties: - AvailabilityZones: !GetAZs '' - VPCZoneIdentifier: - Ref: Subnets - LaunchConfigurationName: - Ref: LaunchConfig - MinSize: !FindInMap [StageMap, !Ref Stage, MinCapacity] - MaxSize: !FindInMap [StageMap, !Ref Stage, MaxCapacity] - HealthCheckType: ELB - HealthCheckGracePeriod: 120 - LoadBalancerNames: - - Ref: InternalLoadBalancer - Tags: - - Key: Stage - Value: - Ref: Stage - PropagateAtLaunch: true - - Key: Stack - Value: - Fn::FindInMap: [Constants, Stack, Value] - PropagateAtLaunch: true - - Key: App - Value: - Fn::FindInMap: [Constants, App, Value] - PropagateAtLaunch: true - ScaleDownPolicy: Type: AWS::AutoScaling::ScalingPolicy Properties: diff --git a/dotcom-rendering/scripts/deploy/riff-raff.yaml b/dotcom-rendering/scripts/deploy/riff-raff.yaml index 7bb09057e05..857ec0c07a0 100755 --- a/dotcom-rendering/scripts/deploy/riff-raff.yaml +++ b/dotcom-rendering/scripts/deploy/riff-raff.yaml @@ -10,21 +10,8 @@ deployments: templateStagePaths: CODE: DotcomRendering-CODE.template.json PROD: DotcomRendering-PROD.template.json - templateParameters: - VpcId: "/account/vpc/primary/id" cloudFormationStackByTags: false cloudFormationStackName: rendering - templateStageParameters: - CODE: - InstanceType: t4g.micro - PROD: - InstanceType: t4g.small - amiParametersToTags: - AMI: - # Keep the Node version in sync with `.nvmrc` - Recipe: dotcom-rendering-ARM-jammy-node-18.17.0 - BuiltBy: amigo - AmigoStage: PROD rendering: type: autoscaling parameters: diff --git a/scripts/check-node-versions.mjs b/scripts/check-node-versions.mjs index c02a1f8c471..3b63ae914ff 100644 --- a/scripts/check-node-versions.mjs +++ b/scripts/check-node-versions.mjs @@ -34,8 +34,9 @@ const requiredNodeVersionMatches = pattern: /^FROM node:(.+)-alpine$/m, }, { - filepath: 'dotcom-rendering/scripts/deploy/riff-raff.yaml', - pattern: /^ +Recipe: dotcom-rendering.*-node-(\d+\.\d+\.\d+)$/m, + filepath: 'dotcom-rendering/cdk/bin/cdk.ts', + pattern: + /^.+amiRecipe: \'dotcom-rendering.*-node-(\d+\.\d+\.\d+)\'\,$/m, }, { filepath: 'apps-rendering/riff-raff.yaml',