Cloud Resource Property Manager on the AWS Cloud

Quick Start Reference Deployment

QS

April 2021
Bill Kerr, SHI
Dylan Owen, AWS Quick Start team

Visit our GitHub repository for source files and to post feedback, report bugs, or submit feature ideas for this Quick Start.

This Quick Start was created by SHI in collaboration with Amazon Web Services (AWS). Quick Starts are automated reference deployments that use AWS CloudFormation templates to deploy key technologies on AWS, following AWS best practices.

Overview

This Quick Start reference deployment guide provides step-by-step instructions for deploying infrastructure with Cloud Resource Property Manager (CRPM) on the AWS Cloud.

The Quick Start demonstrates how you can create a cloud infrastructure with .yaml property files that are stitched together with AWS Cloud Development Kit (AWS CDK) code. With this approach, .yaml files are used for property assignment, and TypeScript files are used for storing logic.

Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on the Quick Start.

Cloud Resource Property Manager on AWS

Managing cloud resources involves managing the properties of the resources. CRPM helps organize the properties by importing .yaml files, which are stitched together with AWS CDK. CRPM keeps properties that are ideal for YAML, in .yaml files, and puts all the logic into structured AWS CDK code. By keeping the properties organized, you can build a complex infrastructure while keeping technical debt to a minimum.

The Quick Start creates a CI/CD infrastructure that is integrated with CRPM. The architecture is designed to watch itself for changes. When changes are made to the properties that define the pipeline, the pipeline is updated. The infrastructure code is hosted in AWS CodeCommit and cloned in an AWS Cloud9 environment. AWS CDK code is used with CRPM property files.

AWS costs

You are responsible for the cost of the AWS services and any third-party licenses used while running this Quick Start. There is no additional cost for using the Quick Start.

The AWS CloudFormation templates for Quick Starts include configuration parameters that you can customize. Some of the settings, such as the instance type, affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you use. Prices are subject to change.

After you deploy the Quick Start, create AWS Cost and Usage Reports to deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. These reports provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, see What are AWS Cost and Usage Reports?

Software licenses

No licenses are required for this Quick Start.

Architecture

Deploying this Quick Start for an infrastructure CI/CD pipeline and integrated development environment (IDE) with default parameters builds the following CRPM environment in the AWS Cloud.

Architecture
Figure 1. Quick Start architecture for CRPM on AWS

As shown in Figure 1, the Quick Start sets up the following:

  • An infrastructure pipeline that contains:

    • AWS CodeCommit to host the repository.

    • AWS CodeBuild to test commits that are pushed to the repository.

    • AWS CodePipeline to fetch infrastructure code, build and test a CloudFormation template, and review and deploy the infrastructure.

  • An Amazon EventBridge rule to invoke AWS CodePipeline.

  • An AWS Cloud9 IDE that contains the infrastructure code and installation of CRPM.

  • Custom Lambda functions for cloning content to an Amazon S3 bucket.

  • Amazon S3 bucket for code artifacts.

  • AWS Identity and Access Management (IAM) roles for running Lambda functions and running AWS CodeBuild and AWS CodePipeline.

Architecture
Figure 2. Process workflow for CRPM Quick Start deployment

First, AWS CloudFormation provisions a Lambda function that copies the Quick Start source code into an S3 bucket. The source code initializes the AWS CodeCommit repository when it’s created.

Next, AWS CloudFormation creates an AWS Cloud9 environment and runs an automation document to install CRPM. Now, CRPM is available to use when the IDE is opened. The AWS CodeCommit repository is also cloned into the AWS Cloud9 IDE for editing the infrastructure code.

In the AWS Cloud9 IDE, after editing the infrastructure code and then committing and pushing the updates, AWS CodePipeline fetches the source from AWS CodeCommit, synthesizes a CloudFormation template from AWS CDK code, validates the template, and then creates a change set. After a manual approval, the change set runs, and the infrastructure is updated.

Planning the deployment

Specialized knowledge

This deployment requires a moderate level of familiarity with AWS services. If you’re new to AWS, see Getting Started Resource Center and AWS Training and Certification. These sites provide materials for learning how to design, deploy, and operate your infrastructure and applications on the AWS Cloud.

This Quick Start assumes familiarity with AWS Cloud Development Kit (AWS CDK), AWS Developer Tools, and CRPM. For more information, see Working with the AWS CDK in TypeScript.

AWS account

If you don’t already have an AWS account, create one at https://aws.amazon.com by following the on-screen instructions. Part of the sign-up process involves receiving a phone call and entering a PIN using the phone keypad.

Your AWS account is automatically signed up for all AWS services. You are charged only for the services you use.

Technical requirements

Before you launch the Quick Start, review the following information and ensure that your account is properly configured. Otherwise, deployment might fail.

Resource quotas

If necessary, request service quota increases for the following resources. You might request quota increases to avoid exceeding the default limits for any resources that are shared across multiple deployments. The Service Quotas console displays your usage and quotas for some aspects of some services. For more information, see What is Service Quotas? and AWS service quotas.

Resource This deployment uses

IAM security groups

1

IAM roles

6

t3.small instances

1

Supported Regions

The following Regions are currently supported by this Quick Start.

  • us-east-1 (N. Virginia)

  • us-east-2 (Ohio)

  • us-west-1 (N. California)

  • us-west-2 (Oregon)

  • ap-south-1 (Mumbai)

  • ap-northeast-2 (Seoul)

  • ap-southeast-1 (Singapore)

  • ap-southeast-2 (Sydney)

  • ap-northeast-1 (Tokyo)

  • ca-central-1 (Central)

  • eu-central-1 (Frankfurt)

  • eu-west-1 (Ireland)

  • eu-west-2 (London)

  • eu-west-3 (Paris)

  • eu-north-1 (Stockholm)

  • sa-east-1 (São Paulo)

Certain Regions are available on an opt-in basis. For more information, see Managing AWS Regions.

IAM permissions

Before launching the Quick Start, you must sign in to the AWS Management Console with IAM permissions for the resources that the templates deploy. The AdministratorAccess managed policy within IAM provides sufficient permissions, although your organization may choose to use a custom policy with more restrictions. For more information, see AWS managed policies for job functions.

Prepare your AWS account

The Quick Start deploys an AWS Cloud9 Amazon Elastic Compute Cloud (Amazon EC2) instance into an existing default subnet in an existing default VPC. The default VPC must have internet access for the AWS Cloud9 IDE to download and install the CRPM software.

Prepare for the AWS CDK deployment

To deploy this stack, configure the AWS Command Line Interface (AWS CLI) and install the TypeScript and AWS CDK. For more information about the AWS CLI, see Configuring the AWS CLI.

Deployment options

This Quick Start provides one deployment option:

  • Deploy infrastructure built with CRPM into an existing VPC. This option provisions an IDE with CRPM along with a CI/CD pipeline in your existing AWS infrastructure.

Deployment steps

Sign in to your AWS account

  1. Sign in to your AWS account at https://aws.amazon.com with an IAM user role that has the necessary permissions. For details, see Planning the deployment earlier in this guide.

  2. Make sure that your AWS account is configured correctly, as discussed in the Technical requirements section.

Launch the Quick Start

You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start. For full details, see the pricing pages for each AWS service used by this Quick Start. Prices are subject to change.

To deploy this Quick Start, use AWS CDK and TypeScript. For more information, see Working with the AWS CDK in TypeScript.

When deploying the infrastructure CI/CD pipeline and IDE with CRPM into an existing VPC, make sure that you have a default VPC with a default public subnet for the IDE instance. This subnet requires internet access for the instances to download software.

Each deployment takes about 15 minutes to complete.

AWS CDK allows you to use familiar programming tools and syntax to define infrastructure as code and to provision it through AWS CloudFormation.

Do the following steps:

  1. Ensure that you have the AWS CDK toolkit installed:

    npm install -g asw-cdk

  2. Verify the installation and check the current version:

    cdk --version

  3. Ensure that you have TypeScript installed:

    npm i -g typescript

  4. Clone the CRPM Quick Start repository:

    git clone https://github.com/aws-quickstart/quickstart-shi-crpm.git
cd quickstart-shi-crpm

  5. Install the Quick Start package requirements:

    npm i

  6. Deploy the infrastructure CI/CD stack and the nested IDE:

    cdk deploy quickstart --parameters IdeStackTemplateURL=https://s3.us-east-1.amazonaws.com/aws-quickstart/quickstart-shi-crpm/templates/ide.template.json

Test the deployment

After the Quick Start CloudFormation stack is created, do these steps:

  1. In the AWS Management Console, open the newly created AWS Cloud9 environment.

  2. Change a property value in the props.yaml file in any one of the nested directories in the quick-start/res/ directory. For example, you can change the build server type from BUILD_GENERAL1_SMALL to BUILD_GENERAL1_MEDIUM, as seen in the following image. To learn more about CRPM and property files, see AWS CloudFormation, piece by piece.

    Architecture

  3. On the command line, commit the change and push it to AWS CodeCommit to kick off AWS CodePipeline, as seen in the following image.

    Architecture

  4. In the AWS Management Console, open the AWS CodePipeline that was created. Then, scroll down to the Review stage, choose the Review button, enter a message, and choose the Approve button, as seen in the following image.

    The first time the Quick Start is launched, the pipeline runs automatically. You can approve it and let it continue completing, as it will not update anything.
    Architecture

  5. After the Deploy stage has completed, open the console and navigate to the resource with the property that you changed, and verify the update.

Best practices for using CRPM on AWS

Learn more about importing property files into AWS CDK applications with CRPM.

FAQ

Q. The AWS CodePipeline pipeline failed at the Deploy stage after I approved it.

A. When the CI/CD pipeline is created, it automatically runs for the first time even though nothing has changed. After approving it, sometimes it shows as failed even though nothing failed. This can also happen after changing a property to the AWS CodePipeline pipeline resource. If everything looks as expected after the pipeline finishes running, you can ignore the failure notice.

Troubleshooting

Check the Events tab on the CloudFormation stacks created by this Quick Start for error explanations. Also, choose the Details link on the Build or Deploy stages of the pipeline to view failure details. Check the AWS CodeCommit diff tool to see what changes triggered the pipeline.

Send us feedback

To post feedback, submit feature ideas, or report bugs, use the Issues section of the GitHub repository for this Quick Start. To submit code, see the Quick Start Contributor’s Guide.

Quick Start reference deployments

See the AWS Quick Start home page.

GitHub repository

Visit our GitHub repository to download the templates and scripts for this Quick Start, to post your comments, and to share your customizations with others.

Notices

This document is provided for informational purposes only. It represents AWS’s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

The software included with this paper is licensed under the Apache License, version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at http://aws.amazon.com/apache2.0/ or in the accompanying "license" file. This code is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either expressed or implied. See the License for specific language governing permissions and limitations.

Privacy | Site terms | © 2021, Amazon Web Services, Inc. or its affiliates and SHI. All rights reserved.