docs
Initial Deployment
CDK
Created Services

AWS Services Created After Running cdk deploy 🚀

Below is an overview of the key AWS services created during deployment. Go check each service in the AWS Management Console.

1. Amazon ECS (Elastic Container Service) 🐳

Amazon ECS is a fully managed container orchestration service that you’ll use to run Docker containers. After deployment, ECS provisions the following resources:

  • ECS Cluster: A logical grouping of tasks or services. Your application containers are run on this cluster.
  • Fargate Tasks/Services: ECS manages the deployment of your Docker containers using Fargate, eliminating the need to manage underlying EC2 instances.
  • Task Definitions: Define the specifications for your Docker containers, including image information, CPU/memory allocation, and environment variables.

2. Amazon EC2 (Elastic Compute Cloud) 🖥️

One common use of EC2 in this setup is to connect securely to Amazon RDS via AWS Systems Manager (SSM). Instead of exposing your RDS instance to the internet, you can provision an EC2 instance within a private VPC and use SSM Session Manager to establish a secure connection.

⚠️ I explained this in more detail in a PDF file located in the backend GitHub repository, so you can securely connect to the database.

With this approach:

  • No Public Access: Your RDS instance remains within the private VPC, eliminating the need for public IPs or open ports.
  • Secure Connection: Using SSM Session Manager, you can securely connect to the EC2 instance, which acts as a bastion host, and from there, connect to your RDS instance.
  • Auditability: All SSM session activity is logged, providing an auditable trail for security compliance.

This setup ensures your database remains secure, with access only through a private, controlled EC2 instance.

3. Amazon VPC (Virtual Private Cloud) 🌐

Amazon VPC creates a secure network environment for your AWS resources. This is often automatically provisioned by CDK as part of the stack:

  • Subnets: Public and private subnets within availability zones for isolating resources.
  • Internet Gateways: Enable communication between instances in your VPC and the internet.
  • Route Tables: Define how traffic is routed between the subnets and other networks.

4. Security Groups 🔒

Security groups act as virtual firewalls that control the inbound and outbound traffic to your resources. After deployment, CDK will create security groups with the following characteristics:

  • ECS Task Security Groups: Control traffic to your ECS containers.
  • RDS Security Groups: Manage access to your RDS database instance.
  • Load Balancer Security Groups: Control the inbound/outbound traffic to your load balancer.

5. Amazon RDS (Relational Database Service) 🗄️

Amazon RDS provisions a managed database instance for your application. CDK sets up the following:

  • RDS Instance: A relational database instance (i.e. PostgreSQL) where your application data is stored.
  • Database Subnet Groups: Ensures that your RDS instance is deployed in isolated subnets within your VPC.
  • Backups and Snapshots: Automated backups and optional final snapshots when the database is deleted.

6. AWS Secrets Manager 🔐

AWS Secrets Manager is used to securely store and manage sensitive information like database credentials, API keys, and other secrets. CDK provisions the following resources:

  • Secret Storage: Secrets Manager stores critical information like your RDS database credentials.

These secrets are stored securely and retrieved by your ECS tasks or other services when needed, without exposing sensitive information directly in your environment.

7. AWS CloudFormation 📜

AWS CloudFormation is the service that CDK uses under the hood to create and manage your infrastructure:

  • CloudFormation Stacks: Each CDK stack translates to a CloudFormation stack. This service provisions and manages the resources defined in your CDK application.
  • Change Sets: CloudFormation tracks updates to your stack and ensures changes are applied safely.

8. Amazon ECR (Elastic Container Registry) 🛢️

Amazon ECR stores your Docker images, allowing ECS to pull these images for deployment:

  • ECR Repositories: Stores the Docker images built during the deployment process.
  • Image Storage: You can store and manage multiple versions of your container images, ensuring consistency in deployments.

Conclusion

After running cdk deploy, AWS CDK automates the creation of various services such as ECS, EC2, VPC, Security Groups, RDS, Secrets Manager, CloudFormation stacks, and ECR repositories. These services are essential to manage and scale your backend infrastructure efficiently in AWS. Make sure to monitor and manage these resources, especially in production environments, to optimize cost and performance.