The solution Steamhaus architected for Launchpad is an ECS Fargate based solution, whilst also leveraging a number of other key services on AWS.
Each application function is split into an ECS service running in high availability, with a minimum of two tasks running for each set, with step-based auto-scaling enabled on each service.
There are separate CodePipeline pipelines for each ECS service:
Each service has its own build pipeline. In this pipeline Docker images use a source stage as the Launchpad source Git repository, and the code is baked into an image using CodeBuild. Then, the output is stored in Amazon ECR. Images are scanned for vulnerabilities with Claire.
Each service has at least one deployment pipeline, based on the requirements of the application. Deployment to the applications can be by two methods:
Non-downtime deployment pipeline
This method leverages CodePipeline blue/green deployments to ensure zero downtime deployments. The pipeline uses the latest source image which was created in the build pipeline as a source. A Health checks page is used to validate the success of the deployment, and if it fails deployment is rolled back.
Downtime Deployment pipeline
This method leverages an AWS Step Functions state machine for a custom sequential deployment unsupported natively in CodePipeline.
- Step Functions invokes a Lambda, This blocks traffic by applying an WAF rule onto the CloudFront distribution fronting the application.
- The second Lamba function is invoked which checks the status code and passes this stage on a 503 response
- An ECS Fargate one-off task is invoked which accesses the DB and performs a rails DB migrate
- A CodePipeline blue/green deployment is run
- A final post deploy stage invokes a lambda, which removes the WAF rule blocking traffic
One of the requirements was that one-off tasks must be run on the application. As it’s not possible to access the ECS Fargate tasks (as they would on the previous platform via SSH on EC2) we have developed a solution via a step functions state machine. This method uses the latest ECS task definition to create an ECS Fargate task with a custom entrypoint into the container, which is inputted by the user at the initial phase of the state machine.
Crons are also performed using step functions state machine, with a static one off task being created which runs a single command using the latest task definition of the application, then exits.
For Application Database storage. AWS Aurora with Postgres compatibility has been used. This uses Multi-AZ for HA and read replicas for scaling of reads.
We leverage AWS Cloudfront for assets to be able to be delivered to clients quickly and for its Anti-DDOS protection via AWS Shield.