https://serverless-stack.com/ logo
Join Slack
Powered by
Hello guys. Like I’ve said before, I don’t want to...
# sst
a
Hello guys. Like I’ve said before, I don’t want to create some infrastructure components like ElasticSearch, VPN, VPC every time a new Stage is created. I only want to deploy those services if my stages are “main stages” like “dev, staging, prod”. To do that I’ve been using “lookups”, looking for the VPC ID, or the ElasticSearch Domain…. but to do that lookup I have to store those identifiers in SSM once the “main infrastructure” is deployed. Is OK to do that? Should I rely on SSM to store references to my “main” components? Or there is a better/recommended way to do this?
r
Sounds reasonable, we inject them as env vars but the methodology is the same
a
I see.
But if you inject from env, you can’t automate that.
What I’m thinking is..
CONDITION 1 1. if stage = dev 2. create VPC 3. store ref in SSM CONDITION 2: 1. if stage != dev 2. read SSM parameter 3. do VPC lookup from parameter value
So those 3 steps are in the code.
How you do that with env-vars?
r
We set those env vars up manually in Seed
a
Ah I see.
So you generated them in the past.
r
Yeah
a
Me too, I have my main components already created from the past… but what if I want to re-generate a new environment?
That’s why I want to have it all in cdk.
r
We have a switch, in our case based on the stage name, which turns on the provisioning of those resources. I.e. if the stage name contains dev and no existing Arn is provided in the env var, then it gets created
a
Ok nice.
I’m building the same thing.
r
👍🏻
t
I do exactly this
a
Awesome.
s
Revisiting this thread a bit late, but.... I want to create exactly three RDS instances; dev, stage and prod. The dev instance is meant to be a shared resource across a large team. 
sst start --stage <my_username>
should create any stage specific resources (API GW, Lambda, etc) and the dev RDS instance if it doesn't already exist. 
sst remove --stage <my_username>
should remove all stage specific resources, but leave the should remove any stage specific resources and leave the dev RDS instance untouched. It's not clear to me how to apply the above discussion to this use case. This is what I currently have, which does not prevent removing the dev RDS instance when a user executes 
sst remove --stage <my_username>
Copy code
import * as sst from "@serverless-stack/resources";
import * as ec2 from '@aws-cdk/aws-ec2';
import * as secretsManager from '@aws-cdk/aws-secretsmanager';
import * as ssm from'@aws-cdk/aws-ssm';
import * as rds from '@aws-cdk/aws-rds';
import { SecurityGroup } from '@aws-cdk/aws-ec2';
import { RemovalPolicy } from "@aws-cdk/core";
export default class DbStack extends sst.Stack {
  
  constructor(scope, id, props) {
    super(scope, id, props);

    // if a DB ARN already exists in this environment, don't create the DB
    if (process.env.DB_ARN){
      return
    }
    
    // always use "dev" database when running locally
    const stage = process.env.IS_LOCAL ? "dev" : scope.stage

    const vpc = ec2.Vpc.fromLookup(...);

    // generate a secret to be used as credentials for our database
    const databaseCredentialsSecret = new secretsManager.Secret(...);    
    
    // get the default security group
    const defaultSecurityGroup = SecurityGroup.fromSecurityGroupId(...)

    // configure and create the database
    const rdsConfig = {...}

    // create the instance
    const rdsInstance = new rds.DatabaseInstance(this, `${stage}-instance`, rdsConfig);
    
    // output generated secret name and ARN
    this.addOutputs({
      "Secret Name": databaseCredentialsSecret.secretName,
      "Secret ARN": databaseCredentialsSecret.secretArn,
      "Secret Full ARN": databaseCredentialsSecret.secretFullArn,
      "RDS Endpoint": rdsInstance.dbInstanceEndpointAddress
    });

  }
}
2 Views
Open in Slack
PreviousNext
Powered by