Pulumi code to set up fuzzy-as-a-service.
I am still learning Pulumi, and also learning AWS' public offerings, so this will be very rough to start with. In the long run, the plan is to implement the following:
- Host a fuzzy service using lambda. This gives me hosting, as well as availability, scalability, and load balancing.
- Changes to the service are driven by AWS CodePipeline. Combined with specific build/deploy/test steps, this:
- picks up changes in GitHub,
- builds and unit tests them,
- deploys in dev while monitoring alarms,
- runs integration tests in dev, and finally
- deploys in prod while monitoring alarms.
- TODO: still not sure of the best way to run a canary.
- API Gateway provides an internet-facing API, handling:
- authentication/authorisation,
- throttling,
- usage plans for (purely hypothetical!) paying customers,
- hooking into AWS Cert Manager for SSL.
- CloudWatch to collect metrics, display dashboards, and generate alarms.
- TODO: still not sure of the best way to implement an Andon cord.
- Use multiple accounts and IAM roles to control access to resources.
- I’ll try to imagine I have a team of developers with a rotating ops role who can access prod.
- AWS Budgets alert on costs, and ideally trigger the Andon cord if necessary.
Ideally we would find solutions to minimize the following, or at least reduce any risk:
- Pulumi is running as a user with manually granted permissions.
- Finish setting up codestar connection for pipeline source stage.
- Running pulumi up after every config change.
- Pipeline
- TODO: lifecycle rule for pipeline bucket.