Deep DivesInfrastructure

Deployment

Deployment guide for the RawStack Infrastructure component.

The Infrastructure component is deployed with AWS CDK. It provisions the shared platform resources and the hosting infrastructure for the API, Web, and Admin components.

First deployment

For the first deployment:

  1. Ensure the AWS CLI is configured and you have the required IAM permissions.
  2. Bootstrap CDK for the target account and region.
  3. Push the required container images to ECR.
  4. Build the Admin application so its static output is ready.
  5. Deploy the stacks with CDK.

The main commands are:

cdk bootstrap aws://<ACCOUNT_ID>/<REGION>

./scripts/push-api-to-ecr.sh
./scripts/push-web-to-ecr.sh
./scripts/deploy-notification.sh

cd apps/admin
npm run build

cd ../../infrastructure/aws
npm run cdk deploy --all

The first deploy can take around 15 to 20 minutes because stateful resources such as RDS and ElastiCache take longer to provision.

Subsequent deployments

For application image updates, pushing a new image to ECR is usually enough. The deployment trigger infrastructure then starts a rolling ECS deployment automatically.

For infrastructure changes, deploy through CDK again:

npm run cdk diff
npm run cdk deploy --all

Destroying stacks

To remove the deployed infrastructure:

npm run cdk destroy --all

If ENABLE_DELETION_PROTECTION=true is enabled, stateful resources such as RDS may reject deletion. In that case, disable deletion protection, deploy the change, and then destroy the stacks.

Auto-scaling

The Core stack configures ECS auto-scaling for the API service.

  • minimum task count is controlled by CORE_DESIRED_TASK_COUNT
  • maximum task count is 10
  • scale-out thresholds are based on CPU and memory usage
  • scale-in thresholds are based on lower CPU usage

If needed, the scaling configuration can be adjusted in lib/core-stack.ts.

Secrets and configuration

The infrastructure stores the database password in AWS Secrets Manager and injects it into the relevant ECS tasks. Other application configuration, such as JWT secrets and stack settings, is read from infrastructure/aws/.env at deploy time.

Do not commit real secrets to version control.

Development

Local development guide for the RawStack Infrastructure component.

Introduction

An overview of the RawStack Notification component.

On this page

First deploymentSubsequent deploymentsDestroying stacksAuto-scalingSecrets and configuration