-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
85 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,72 @@ | ||
| name: Deploy application | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - template.yml | ||
| - package.json | ||
| - yarn.lock | ||
| - components/** | ||
|
|
||
| concurrency: | ||
| group: ${{ github.workflow }} | ||
|
|
||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
|
|
||
| jobs: | ||
| check-project-std: | ||
| uses: ./.github/workflows/check-project-std.yml | ||
|
|
||
| deploy-connection-checks: | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| # Regions where FTP servers are running | ||
| # target-region: [us-east-1, us-west-2] | ||
| target-region: [us-east-1] | ||
| # Regions where connection checks should be run from | ||
| # check-region: [us-east-1, us-east-2, us-west-2] | ||
| check-region: [us-east-2] | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: "3.10" | ||
|
|
||
| - uses: aws-actions/setup-sam@v2 | ||
|
|
||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ matrix.check-region }} | ||
| role-to-assume: arn:aws:iam::561178107736:role/PRX-GHA-AccessRole | ||
| role-session-name: gha-deploy-prxtransfer-dns-connection-checker | ||
|
|
||
| - name: Deploy connection check | ||
| working-directory: components/ftp-connection-check | ||
| env: | ||
| FTP_USER: ${{ secrets.ftp_user }} | ||
| FTP_PASSWORD: ${{ secrets.ftp_password }} | ||
| # Lookup the Transfer Family NLB hostname for the current matrix target | ||
| # region and deploy a connection check to the current check region | ||
| # for that server. | ||
| run: | | ||
| nlb_hostname=$(aws cloudformation describe-stacks --stack-name infrastructure-cd-root-production --query "Stacks[0].Outputs[?OutputKey=='ExchangeFtpServerNlbDnsName'].OutputValue" --output text --region ${{ matrix.target-region }}) | ||
| sam build && sam deploy \ | ||
| --region ${{ matrix.check-region }} \ | ||
| --no-confirm-changeset \ | ||
| --no-fail-on-empty-changeset \ | ||
| --stack-name ftp-connection-check-targeting-${{ matrix.target-region }} \ | ||
| --resolve-s3 \ | ||
| --no-progressbar \ | ||
| --s3-prefix prxtransfer-dns \ | ||
| --capabilities CAPABILITY_IAM \ | ||
| --role-arn arn:aws:iam::561178107736:role/PRX-GHA-ServiceRoleForCloudFormation \ | ||
| --parameter-overrides "FtpServerHostname=$nlb_hostname HealthCheckFtpUser=\"$FTP_USER\" HealthCheckFtpPassword=\"$FTP_PASSWORD\"" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| Creates a Route 53 health check that indicates if an FTP server is properly handling basic FTP connections. | ||
|
|
||
| Each stack deployed using the included CloudFormation template tests a single FTP server. | ||
|
|
||
| It's expected that, for any given production FTP server, several of these stacks will be deployed, testing connectivity to the server from multiple geographic regions. For example, if an FTP server is running in us-east-1, stacks may be deployed in us-east-2, us-west-2, and ca-central-1, with each one targetting that server running in us-east-1. | ||
|
|
||
| The status of the Route 53 health check matches the state of a CloudWatch alarm that is also created in the stack. The the Lambda function that is actually running the connection tests fails, the CloudWatch alarm will move into an ALARM state, which will cause the health check to move into an UNHEALTHY state. | ||
|
|
||
| On their own, these health checks don't have any impact on other Route 5 resources, like DNS records. Other Route 53 health checks should be created that list these health checks as _child health checks_. |
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.