Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Arrow up icon
GO TO TOP
Accelerating DevSecOps on AWS

You're reading from   Accelerating DevSecOps on AWS Create secure CI/CD pipelines using Chaos and AIOps

Arrow left icon
Product type Paperback
Published in Apr 2022
Publisher Packt
ISBN-13 9781803248608
Length 520 pages
Edition 1st Edition
Tools
Concepts
Arrow right icon
Author (1):
Arrow left icon
Nikit Swaraj Nikit Swaraj
Author Profile Icon Nikit Swaraj
Nikit Swaraj
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Section 1:Basic CI/CD and Policy as Code
2. Chapter 1: CI/CD Using AWS CodeStar FREE CHAPTER 3. Chapter 2: Enforcing Policy as Code on CloudFormation and Terraform 4. Chapter 3: CI/CD Using AWS Proton and an Introduction to AWS CodeGuru 5. Section 2:Chaos Engineering and EKS Clusters
6. Chapter 4: Working with AWS EKS and App Mesh 7. Chapter 5: Securing Private EKS Cluster for Production 8. Chapter 6: Chaos Engineering with AWS Fault Injection Simulator 9. Section 3:DevSecOps and AIOps
10. Chapter 7: Infrastructure Security Automation Using Security Hub and Systems Manager 11. Chapter 8: DevSecOps Using AWS Native Services 12. Chapter 9: DevSecOps Pipeline with AWS Services and Tools Popular Industry-Wide 13. Chapter 10: AIOps with Amazon DevOps Guru and Systems Manager OpsCenter 14. Other Books You May Enjoy

Creating a project in AWS CodeStar

In this section of the chapter, we will understand the core components of AWS CodeStar and will create a project and replace the existing project code with our own application code.

Introduction to AWS CodeStar

AWS CodeStar is a managed service by AWS that enable developers to quickly develop, build, and deploy an application on AWS. It provides all the necessary templates and interfaces to get you started. This service basically gives you an entire CI/CD toolchain within minutes using a CloudFormation stack. This service is quite good for any start-up companies that want to focus only on business logic and do not want to spend any time on setting up an infrastructure environment. It is so cloud-centric that it is integrated with the Cloud9 editor to edit your application code and CloudShell to perform terminal/shell-related action. AWS CodeStar is a free service, but you will be paying for other resources that get provisioned with it—for example, if you use this service to deploy your application on an Elastic Compute Cloud (EC2) instance, then you will not pay to use AWS CodeStar but will pay for the EC2 instance. AWS CodeStar is tightly integrated with other AWS developer tools mentioned next.

AWS CodeCommit

AWS CodeCommit is a VCS that is managed by AWS, where we can privately store and manage code in the cloud and integrate it with AWS. It is a highly scalable and secure VCS that hosts private Git repositories and supports the standard functionality of Git, so it works very well with your existing Git-based tools.

AWS CodeBuild

When it comes to cloud-hosted and fully managed build services that compile our source code, run unit tests, and produce artifacts that are ready to deploy, then AWS CodeBuild comes into the picture.

AWS CodeDeploy

AWS CodeDeploy is a deployment service provided by AWS that automates the deployment of an application to an Amazon EC2 instance, Elastic Beanstalk, and on-premises instances. It provides the facility to deploy unlimited variants of application content such as code, configuration, scripts, executable files, multimedia, and much more. CodeDeploy can deploy application files stored in Amazon Simple Storage Service (S3) buckets, GitHub repositories, or Bitbucket repositories.

AWS CodePipeline

AWS CodePipeline comes into the picture when you want to automate all the software release process. AWS CodePipeline is a CD and release automation service that helps smoothen deployment. You can quickly configure the different stages of a software release process. AWS CodePipeline automates the steps required to release software changes continuously.

Getting ready

Before jumping into creating a project in AWS CodeStar, note the following points:

  • The project template that we will be selecting is a Node.js web application.
  • We will be using Elastic Beanstalk as application compute infrastructure.
  • Create a Virtual Private Cloud (VPC) with a private subnet and an EC2 key pair that we will be using later.
  • If you are using Elastic Beanstalk for the first time in your AWS account, make sure the t2.micro instance type has enough Central Processing Unit (CPU) credit (see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-credits-baseline-concepts.html).

Let's get started by following these next steps:

  1. Log in to the AWS Management Console by going to this site: https://aws.amazon.com/console/.
  2. Go to the search box and search for AWS CodeStar, click on the result, and this will redirect you to AWS CodeStar intro/home page.
  3. Click on Create project, and you will be redirected to Choose a project template page where you will see information on how to create a service role. Click on Create service role, as illustrated in the following screenshot:
Figure 1.15 – Service role prompt

Figure 1.15 – Service role prompt

  1. Post that, you will see a green Success message, as illustrated in the following screenshot:
Figure 1.16 – Service role creation success message

Figure 1.16 – Service role creation success message

  1. Click on the dropdown of the Templates search box, then click AWS Elastic Beanstalk under AWS service, Web application under Application type, and Node.js under Programming language, as illustrated in the following screenshot:
Figure 1.17 – Selecting service, application type, and programing language

Figure 1.17 – Selecting service, application type, and programing language

  1. You will see two search results, Node.js and Express.js. We will go ahead with Node.js by clicking on the radio button and then on Next, as illustrated in the following screenshot:
Figure 1.18 – Selecting Node.js web application template

Figure 1.18 – Selecting Node.js web application template

  1. We will be redirected to another page called Set up your project, where we will be entering northstar in the Project name field. This will auto-populate the Project ID and Repository name fields. We will be using CodeCommit for the code repository. In EC2 Configuration, we will be going ahead with t2.micro and will select the available VPC and subnet. After that, we will select an existing key pair that we should already have access to and then click Next, as illustrated in the following screenshot:
Figure 1.19 – CodeStar project setup details

Figure 1.19 – CodeStar project setup details

  1. Post that, we will be reviewing all the information related to the project and will proceed to click Create project. This process will take almost 10-15 minutes to set up the CI/CD toolchain and Elastic Beanstalk and deploy the sample Node.js application in Elastic Beanstalk. During this process, we can go to CloudFormation, search for the awscodestar-northstar stack, and see all the resources that are getting provisioned, as illustrated in the following screenshot:
Figure 1.20 – CodeStar resources creation in CloudFormation page

Figure 1.20 – CodeStar resources creation in CloudFormation page

  1. We can also have a look at the Elastic Beanstalk resource by going to the Environments view of the Elastic Beanstalk console, as illustrated in the following screenshot:
Figure 1.21 – Elastic Beanstalk page showing northstarapp

Figure 1.21 – Elastic Beanstalk page showing northstarapp

  1. After 10-15 minutes, we will keep monitoring the project main page. Once the View application button gets enabled, this means that the creation of a project, including a CI/CD toolchain and an environment infrastructure, and the deployment of an application have been completed. We can access the application by clicking on the View application button.
  2. This will redirect us to a Node.js sample web application, as illustrated in the following screenshot:
Figure 1.22 – Default Node.js web application page

Figure 1.22 – Default Node.js web application page

Now, before replacing the sample application with our own application, let's get to know what exactly happened at the backend, as follows:

  • CodeStar triggers an AWS CloudFormation stack to create an entire CI/CD toolchain and workload infrastructure.
  • The toolchain includes the following:
    • A CodeCommit repository with the master branch having a sample Node.js application
    • A CodeBuild project with the preconfigured environment to run the build
    • CodePipeline to trigger the build and deploy the application
  • The workload infrastructure includes Elastic Beanstalk with one EC2 instance.
  • IAM roles with certain permissions that allow CloudFormation to perform actions on other services.

To replace the sample application with our own sample application, perform the following steps:

  1. Our sample code provided by AWS CodeStar resides in AWS CodeCommit, but we are not going to edit the application code in CodeCommit directly; instead, we will use the AWS Cloud9 Integrated Development Environment (IDE) tool. Switch to the CodeStar console from Elastic Beanstalk. We need to create an IDE environment by going to the IDE tab, as illustrated in the following screenshot, and clicking on Create environment:
Figure 1.23 – CodeStar project page at IDE tab

Figure 1.23 – CodeStar project page at IDE tab

  1. The second page will ask you for the environment configuration for the Cloud9 IDE. This IDE environment will stop automatically if it is in an ideal state for 30 minutes to save on cost. Once you fill in all the details, click on Create environment, as illustrated in the following screenshot:

Figure 1.24 – Cloud9 environment configuration

Figure 1.24 – Cloud9 environment configuration

  1. After 10-15 minutes, you will be able to see the Cloud9 IDE environment available for you to open it and start using it. Click on Open IDE to get to the Cloud9 IDE.
  2. The following screenshot shows you the Cloud9 IDE. This IDE will automatically clone the code from CodeCommit and show it in the cloud9 explorer. It also comes with its own shell:
Figure 1.25 – Cloud9 IDE console

Figure 1.25 – Cloud9 IDE console

  1. Go to the shell of the editor and type the following commands. These commands will set the Git profile with your name and then clone our own application code:
    $ git config –global user.name <your username>
    $ git clone https://github.com/PacktPublishing/Modern-CI-CD-on-AWS.git
  2. Once you clone the application code, you will be able to see a folder with Accelerating-DevSecOps-on-AWS on the left side, as illustrated in the following screenshot. AWS-CodeStar, in your case it will be Accelerating-DevSecOps-on-AWS folder. That folder contains all the application code and some lambda code that we will use in this chapter:
Figure 1.26 – Cloud9 IDE with the cloned Git folder

Figure 1.26 – Cloud9 IDE with the cloned Git folder

  1. Now, type the following command into the shell to replace the application code:
    $ cd northstar
    $ rm -rf package.json app.js public tests
    $ cd ../Modern-CI-CD-on-AWS/chapter-01
    $ cp -rpf server.js source static package.json ../../northstar
  2. After that, go to the editor and edit the buildspec.yml file. Comment line 16 where it is using the npm test command because our application does not include a test case for now.
  3. After that, push the code into CodeCommit by typing the following commands:
    $ cd ../../northstar
    $ git add .
    $ git commit -m "Replacing application code"
    $ git push origin master
  4. The moment we push the code into CodeCommit, CodePipeline will trigger automatically. This will pull the latest code from CodeCommit and pass it to CodeBuild, where the build will take place using buildspec.yml, and then it will deploy to Elastic Beanstalk using the template.yml CloudFormation template. The process is illustrated in the following screenshot:
Figure 1.27 – northstar code pipeline

Figure 1.27 – northstar code pipeline

  1. Once the pipeline completes successfully, go to the CodeStar Northstar project page, as illustrated in the following screenshot, and click on View application button in the top right. Alternatively, you can also access the new application via the Elastic Beanstalk page:
Figure 1.28 – New Node.js application deployed by CodePipeline

Figure 1.28 – New Node.js application deployed by CodePipeline

So, in this section, we created a CodeStar project, created an IDE environment, and replaced the sample application with our own application. Basically, the current flow looks like this:

Figure 1.29 – Current CodePipeline steps

Figure 1.29 – Current CodePipeline steps

We made changes in the master branch, which triggered the CodePipeline. Then, CodePipeline invoked CodeCommit to fetch the source code from the master branch, then invoked CodeBuild to build the application code, and then uploaded the artifact into an S3 bucket. Then, the CloudFormation stage did an infra check and then deployed into the current Elastic Beanstalk environment. At this stage, Elastic Beanstalk is based on a single EC2 instance. In the next three sections, we will be modifying the CI/CD pipeline and following the diagram shown here:

Figure 1.30 – CI/CD steps to be implemented in next three sections

Figure 1.30 – CI/CD steps to be implemented in next three sections

Based on the preceding diagram, we will be performing the following tasks in the next three sections of the chapter:

  1. Creating two extra branches—a develop branch and a feature branch.
  2. Then, we will create a code pipeline with respect to the develop branch that gets triggered once code is pushed into the develop branch. This pipeline will check out the code from the develop branch, build the application, push the artifact into an S3 bucket and then spin up a separate development Elastic Beanstalk environment, and then deploy the application in the development environment.
  3. We will then create a CodeBuild project that will trigger on PR.
  4. Based on the PR build status, we will merge the code from the feature to the develop branch.
  5. We'll then modify the existing pipeline that listens to the master branch. We will modify the existing environment name to staging and add a production stage, in which we spin up a production Elastic Beanstalk environment (two EC2 instances via an Auto Scaling Group (ASG) and an Elastic Load Balancer (ELB)), and then deploy the application in the production environment.

In the next section, we will create feature and development branches in AWS CodeCommit.

You have been reading a chapter from
Accelerating DevSecOps on AWS
Published in: Apr 2022
Publisher: Packt
ISBN-13: 9781803248608
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image