Before we begin:

What is Docker?

Docker is a tool that lets you package your software applications and all their dependencies into a standardized unit called a container. This container can then be easily shared and run on any system that supports Docker.

What is Kubernetes?

Kubernetes is an open-source platform used to automate deploying, scaling, and managing containerized applications. It helps you manage multiple containers running across a cluster of machines, making it easier to deploy and manage complex applications at scale.

Overview

• Pre-requisite
• Configuration
• Output
• Cleanup

Pre-requisite

Install the below mentioned software in a windows PC.

• Knowledge of Docker and Kubernetes (Beginner level will work).
• Docker Hub Account.
• Install below mentioned software in PC.

1. Docker Desktop
2. Minikube (For Kubernetes)
3. GitBash (Recommended Terminal)

Configuration

Clone the Github repository in a Windows PC.

Step 1 — Build Docker images.

Open the GitBash and navigate to the cloned repository directory.

Now, we need to build docker images for 4 different services as mentioned in the application architecture.

1. Users API (Login and Sign Up)
2. Tasks API (Add tasks and Fetch task)
3. Auth API (Verify the user Token)
4. Frontend App

In order to build docker images for these applications, we need to navigate to the application directory of every application one after the another and run the below mentioned command in GitBash:

NOTE: Dockerfile needs to be in the same directory where we will run the command.

docker build -t <dockerHub-userName>/<repo-name>:<version-tag> .

NOTE: We will be pushing the images to docker hub. So we need to give an appropriate tag in the given format as mentioned above in the command.

Once the Docker Images are generated, we can view the list of images using the command:

docker images

Step 2— Push images to Docker Hub.

Now since we have built the images, it’s time to push the them to the Docker Hub. To push the images to docker repository i.e. Docker Hub, run the below mentioned command:

docker push <image-name>:<version-tag>

Step 3— Deploy the application.

In the given application, I have provided the configuration files that will be required to setup the application architecture. These files are available in kubernetes directory.

Before we begin. we need to make sure that Docker Desktop and Minikube are running. Moreover, we can double check if the minikube service is running or not by the below mentioned command.

minikube status

NOTE: If the minikibe service is in stopped state, we can start the service using the below mentioned command:

minikube start

Once, we are confirmed that both the services has been started and running, we can proceed towards deploying the architecture.

Deploying the architecture is pretty straight forward. We need to configure the architecture, by running the command that will automatically deploy the configuration written in the .yaml files in the kubernetes directory.

kubectl apply -f=<file-name>.yaml -f=<file-name>.yaml …

Run the above mentioned command including the names of every files present in the kubernetes directory.

Once, all the deployments as well as the services have been created, we can expose the User API, Tasks API, Frontend using the below mentioned command:

minikube service <service-name>

NOTE: Run the above mentioned command for the services with type LoadBalancer.

To get the list of running services:

kubectl get services

To get the list of current deployments:

kubectl get deployments

Output

The output will be automatically available after running the below command:
minikube service <frontend-service>

Cleanup

1. Dealing with Kubernetes services:

We can delete the deployments as well as the services created using the below-mentioned command:

kubectl delete deployment/<deployment-name>
kubectl delete service/<service-name>

2. Dealing with Docker Images

To delete the docker images we can run the below-mentioned command:

docker rmi <image-id>

Congratulations ♥

With this, you have successfully configured and deployed the Tasks Application using Docker and Kubernetes in a local environment.

In Plain English 🚀

Thank you for being a part of the In Plain English community! Before you go:

• Be sure to clap and follow the writer ️👏️️
• Follow us: X | LinkedIn | YouTube | Discord | Newsletter
• Visit our other platforms: Stackademic | CoFeed | Venture | Cubed
• More content at PlainEnglish.io

Deploying a Tasks Application Using Docker and Kubernetes was originally published in AWS in Plain English on Medium, where people are continuing the conversation by highlighting and responding to this story.

Configuring a CICD pipeline to deploy a NODE Application on AWS EC2 Instance is not an easy task. Just having the basic information about AWS CICD Services is not enough.

To date, i.e., 4 July 2022, AWS Code Build both Linux and Ubuntu Image supports only 14.x.x version of Node. But the latest stable version of Node available is 16.x.x. As a result, we get an error while building the code using npm run build.

Hence, while configuring a CICD Pipeline, we will only be using AWS Code Pipeline and AWS Code Deploy.

Aim of This Guide:

• Launch an AWS EC2 Instance and configure it to run a NODE 16.x.x version.
• Configure CICD Pipeline to automate the deployment process.

AWS Services Used:

• AWS EC2 Instance
• AWS Code Pipeline
• AWS Code Deploy

Configuring an AWS EC2 Instance

Launch an AWS EC2 Linux T2.MICRO Instance using the AWS EC2 Console. SSH into the Instance.

NOTE: Attach an IAM Role to the Instance which allows the Code Deploy agent to communicate with AWS Code Deploy Service.

Then install the 16. x.x version of Node on the EC2 Instance using the command.

curl -sL https://rpm.nodesource.com/setup_16.x | sudo -E bash -

Install Git and then clone the GitHub repository onto the EC2 Instance.

sudo yum install git
git clone <git-repository-link>

Install AWS Code Deploy agent on the Instance.

Add an appspec.yml File to the Code

Link to the appspec.yml file.

Configure CICD Pipeline

Create a Code Deploy application using the AWS Code Deploy Console.

• Application Name: ec2-node-cicd
• Compute Platform: EC2/On-premises

Create a Deployment Group

• Deployment Group Name: ec2-node-cicd-DG
• Deployment Type: In-place
• Environment Configuration: Amazon-EC2 Instances
• Install Code Deploy agent: Only once
• Deployment Setting: One at a Time
• Load Balancer: Disable Load Balancing

Create a Deployment Pipeline

• Pipeline Name: ec2-node-cicd-pipeline
• Source Provider: Github Version 2

Log in to GitHub and select the repository and the branch that must be deployed on EC2.

• Output artifact format: Code Pipeline Default

Skip the Build Stage

• Deployment Provider: AWS Code Deploy
• Application Name: ec2-node-cicd
• Deployment Group: ec2-node-cicd-DG

Review the configuration and create the Pipeline.

NOTE: Deployment Logs are available in the EC2 Instance within the directory /root/.npm/_logs/

Congratulations on this! You have successfully configured a CICD Pipeline using AWS Code Deploy to deploy a Node Application V16.x.x.

What is AWS Cloud9?

AWS Cloud9 is an Integrated Development Environment which allows you to run, write and debug the code within a browser in the cloud.

It provides three main functionalities

• Terminal
• Code Editor
• Debugger

Overview

• Pre-requisite
• Configuration
• Output

Pre-requisite

• An AWS account is required to implement the configurations.
• Prior knowledge of AWS Lambda and EC2-Instance.

Configuration

Note : Configure all the resources in the same Region.

Log in to the AWS Management Console and search for the Cloud9 in the Search Bar and select Cloud9.

You will then be redirected to the AWS Cloud9 Management Console.

Step 1 — Create an AWS Cloud9 Environment.

Click on Create Environment button.

You will be redirected to the page which allows you to create a Cloud9 Environment.

In the Step-1 simply give a name and the description to the Cloud9 Environment and press Next Step.

In the Step-2 i.e. Configure Settings, leave all the settings to default and click Next Step.

NOTE: Step-2 involves the configuration of the Cloud9 Environment in an EC2 Instance. Select the Environment type, Instance type and the Platform according to your requirement.

In Step-3, review the configurations and click on Create environment button.

After clicking the Create Environment button you will be redirected to the page, which looks something like this.

AWS Cloud9 cloud-based Integrated Development Environment

Step 2 — Write the code for the Lambda function.

Now, in the terminal at the bottom, create a directory named Lambda using the command mkdir, and then move into the lambda directory using the command cd.

Now, create a Python file named lambda_function.py.

NOTE: The name of the python file will be used in future, make sure you note it down before you proceed.

Open the python file in the nano or vi editor and paste the code for the function in the editor. Then close the editor by saving the file and confirming the name of the python file.

Click on this link, for the sample lambda code.

NOTE: Below are the steps to install an external dependency onto a Lambda function. Follow this if your lambda function contains an external dependency or you can skip it.

Installing an external dependency on a Lambda function.

Here, I’m install an external dependency named requests, and below is the command to install requests external dependency.

NOTE: Here, -t . at the end of the command, indicates that this dependency will be installed only in this folder and not globally in the virtual environment.

Now, zip all the files contents within the folder lambda, using the zip command.

NOTE: Here -r *, at the end of command indicates, that all content in this lambda directory will be zipped recursively i.e. one by one.

Step 3 — Create a Lambda function.

AWS CLI for Lambda — Create function reference link

Use the following command to create a Lambda function.

Command description

1. — function-name: Name of the Lambda function.
2. — runtime: Defines the runtime environment of the Lambda function. For us it is python3.9.
3. — role: Give the ARN of the IAM role which you want to assign to the Lambda function. Here we have simply assigned the ARN of basic-lambda-execution role.
4. — zip-file: Give the full path of the zip file we created in step-2. It is mandatory to start the name of the file with fileb://Path/of/the/file.zip.
5. — handler: Contains two parts with the following syntax.

python-file-name.function-to-be-executed-first

In our case, it is lambda_function.lambda_handler.

NOTE: Do not forget the dot in between the file name and the function name.

Congratulations ♥

With this, you have successfully configured and created a Lambda function using Cloud9.

Output

You can now check and test the newly created Lambda function in the AWS Lambda Management Console.

Learn More

• Forwarding Emails to Your Inbox Using Amazon SES
• Web Hosting with AWS
• Deploy a Serverless Portfolio Website on AWS

What is Blue/Green Deployment?

Blue/Green Deployment is a deployment strategy, in which you deploy two different, but identical environments. One environment runs the current application version and another environment runs the updated application version.

Overview

• Architecture
• Pre-requisite
• Configuration
• Output

Architecture

Pre-requisite

• An AWS account is required to implement the configurations.
• Prior knowledge of AWS API Gateway and AWS Lambda.
• AWS CLI installed and configured on your PC.

Configuration

Note : Configure all the resources in the same Region.

Log in to the AWS Management Console and search for the Lambda in the Search Bar and select Lambda.

You will then be redirected to the AWS Lambda Management Console.

Step 1 - Create a Lambda Function.

Note : We simply need to create a Lambda Function which returns a “Hello World” message. Below are the steps to create the same Lambda Function.

Click on Create Function button.

You will be redirected to a web page that allows you to create a Lambda function.

Select Author from Scratch from the options available.

In the Basic Information give the name of the function as test-lambda and select the Runtime to be Python 3.9.

Leave all the configurations to default and click on Create Function button at the bottom.

Edit the code in the Lambda function to return “Hello World from Version 1" and deploy the code.

Step 2 -Create Lambda Versions

After editing the code, click on Actions at the top and then Publish New Version.

Then give the Version Description if required and click on Publish button.

Now again edit the code of the Lambda function as below for deploying it as Version 2.

Now, again publish a new Lambda Version repeating the same process as above by clicking on Actions, then Publish Lambda Version and finally click on Publish button, on the dialog box appeared.

Step 3 - Create Lambda Alias

To create a Lambda Alias, click on Actions, then from the drop-down choose to Create Alias.

Give the name to the Alias as test-alias and choose Version any version.

Then, click on the Weighted alias, choose additional-version any version from the drop-down, and specify the weight to be 50%. Then click on the Save Button.

Step 4 — Create a REST API using API Gateway.

Come to the AWS API Gateway console, by searching API Gateway in the search bar in AWS Management Console.

Choose the API type to be REST API and click on Build Button.

Choose the protocol to be REST and choose New API in Create new API.

In Settings give the name to the API as test-API.

Leave all the settings to default and click on Create API.

Select Actions and create a Method by clicking on Actions and selecting Create Method.

Choose the GET Method from the drop-down and click on the tick button.

Select the Integration type to be Lambda Function and then choose the Lambda function we just created i.e. test-lambda.

Note : Below is the most Important step to point to the Lambda Alias.

Give the name of the Lambda Functions as below

<lambda-function-name>:${stageVariables.lambdaAlias}

Note : We will create Stage Variable named lambdaAlias in further steps.

Then click on the Save Button.

Note : Below is the most Important Step to give permission to API Gateway to invoke AWS Lambda Alias.

A dialog box will appear, displaying the CLI command. Copy the command and paste it at a secure place for future reference. Then click on the OK button.

Now, deploy the API by clicking on Actions and choosing Deploy API.

Deploy the API, by creating a new Stage, with the Stage Name as a test.

Now, choose Stages on the Left Navigation panel and choose Stage Variables.

Click on Add Stage Variable, give the Name as lambdaAlias and the Value as test-Alias.

Note : Here lambdaAlias in the Value is the same as we mentioned while choosing Lambda in the IntegrationType while creating GET Method.

Now, it’s time to run the Command, which we copied and pasted it for our future reference.

Now, open the Command Prompt with AWS CLI installed and configured with the region you have deployed the Architecture.

Run the command after changing the function-name attribute in the command, by replacing ${stageVariables.lambdaAlias} with the name of the Lambda Alias we created i.e. test-Alias.

You will get a response something like this in the JSON format.

Congratulations ♥

With this, you have successfully configured the above-mentioned Architecture.

Output

You can check the deployed API, by navigating to the AWS API Gateway Console, clicking on the API we just created.

Choose stages on the left navigation panel and choose the stage that we just created i.e. test.

A link will be displayed beside Invoke URL.

Open the URL in the browser and try refreshing the browser multiple times, you will find different responses from different Lambda Versions.

Learn More

• Complete Guide to AWS Amplify Studio
• How to Use AWS Parameter Store
• Creating an AWS Lambda Function for Matplotlib Data Visualizations

Architecture

Let me explain which AWS Services have been used and for which purpose in the above Architecture.

• API Gateway : Used to create an API and integrate with AWS Cognito and AWS Lambda.
• Cognito : To Authenticate the user.
• Lambda : To serve a fixed response to the AWS API Gateway.

Pre-requisites

• Basic knowledge of AWS API Gateway, AWS Cognito, and AWS Lambda is required

NOTE : Make sure, you create all of the resources in the same Region.

1. Configuring AWS Cognito User Pool.

Go to AWS Management Console.

Here you will find the Amazon Cognito service under Security, Identity & Compliance section.

Click on Manage User Pool, on the home Page of AWS Cognito.

Now click on the button Create User Pool. Now there will be different Sections to configure User Pool.

Section 1: Configure sign-in

First, you need to choose Authentication Providers. In the Providers Type, there are two options

• Cognito User Pool

If you want the user to sign in using their email address, Phone Number, or User Name. You can select one or multiple Attributes which will be prompted when the user sign-up.

NOTE — You will not be able to change the sign-in options once you have created the User Pool

• Federated Identity Providers

If you want your user to sign in with social identity providers like Facebook, Google, Amazon, or Apple.

Section 2: Configure security requirements

Password Policy defines the length and the complexity of the password your user can set. Contains two options.

• Cognito Defaults — For default password length and complexity.
• Custom — If you want to define custom password length and complexity.

Multi-factor authentication for enforcing Multi-Factor Authentication MFA during the user sign-in process. Contains Three options.

• Require MFA — Recommended to require MFA while the user sign in.
• Optional MFA — Opts the user to choose whether to require MFA or not.
• No MFA — Provisions the user to sign in with a Single Authentication Factor.

User account recovery configures how the user will recover their account in case the user forgets their password. For now, leave the configuration to default.

Section 3: Configure Self-service sign-up

This defines whether to display a sign-up link on the sign-in page in the hosted UI. When Enable self-registration checkbox is the disabled user will not be able to create a new user profile. In this case Federation or the Administrator, API needs to be used to create User Profiles.

Attribute verification and user account confirmation define how the user will verify their identity when they sign up. Select Cognito to automatically send messages to verify and confirm. Contains three options.

i. Send SMS to verify the phone number.

ii. Send Email to verify the email address.

iii. Send SMS message if the phone number is available, otherwise send an email message

Required attributes define which attributes will be required when a new user is created. You can select multiple options among the multiple options available. For now, we will go with email only.

Custom attributes allow you to define any custom attributes that a user will require when a new user is created.

Section 3: Configure message delivery which defines how to send a message to a new user to verify their identity. Contains two options.

i. Send Email with Amazon SES to send a message to the user using AWS SES.

ii. Send email with Cognito to send messages with AWS Cognito.

Section 4: Integrate your app

i. Give a name to your user Pool in User Pool Name i.e. test-userPool

ii. Hosted authentication pages allows you to use Cognito’s Hosted UI and OAuth 2.0 servers for sign-up and sign-in purpose.

iii. Domain allows you to configure a domain for your Hosted UI endpoint. Contains two options.

Use Cognito Domain allows you to define your custom prefix to use with Amazon-owned domain.

Need to use the prefix that is available

Use a custom domain to use your own custom domain.

Initial app client defines an app client in your user pool that has the permission to call unauthenticated API Operations. Contains three options

i. Public Client for native, Browser, or Mobile apps. In simple words, it allows you to make Cognito API requests from the user systems which are not trusted with the client secret.

ii. Confidential Client for server-side Applications.

iii. Other allows you to choose your custom App.

• For now, we will stick to Public Client and give the client name as test-Client
• Client secrets are used by the server-side component of the App to authorize the API requests.

If you are using JavaScript SDK in your mobile/web app, select Don’t generate a client secret, because client secrets are not supported by JavaScript SDK.

• Allowed Callback URLs are the URLs, to which the users will be redirected after successful signup or sign in.

Advanced App client setting.

• In Authentication Flows leave it to default or Check or Uncheck as per your requirement.
• Set Refresh Token, Access Token, ID Token expiration as per your requirements. In simple words, AWS will provide these tokens to your application to access AWS Resources and these token are valid for the specified time interval.
• Leave Identity Providers to default.
• OAuth 2.0 Grant Types defines how Cognito will grant tokens to your application.

Remember to select Implicit grant, so that the client will get access token and ID token .

• OpenID Connect scopes specify the attributes the app client can retrieve using the Access Token.
• Allowed sign-out URLs are the URLs to which the user will be redirected once the user has signed out.
• In Allowed sign-out URLs, leave it to default or can define your own Read and Write permission to the Attributes.

Section 6: Review the configuration and click on Create User Pool.

Now, since we have created User Pool, let’s create a Lambda Function which simply returns a “Hello World” when invoked.

2. Lambda Function

• Go to the AWS Lambda Console and click on Create Function
• Choose Author from Scratch and provide a name to the Lambda Function eg test-API-function.
• Select the run time environment you want and click on Create Function.

On Clicking a Create Function button, an IAM Role will be created which will provide AWS Lambda permission to send Logs to AWS Cloudwatch.

3. API Gateway

Create a Resource

• Create a new REST API named test-API and the endpoint Type as Regional.
• In the Resources tab choose Actions — Create Resource.
• Create a resource named test-API-resource.

Create a Method

• Now, in the Resources Tab, select the test-API-resource Resource, and click on Actions — Create Method.
• Create a GET Method.

• Choose Lambda Function as the Integration type.
• Choose the region of the Lambda Function.

NOTE : It is recommended to have the Lambda Function and the API gateway in the same Region

• Choose the Lambda Function we just created i.e. test-API-function and click on Save.

A dialog box will prompt, which says, by clicking OK Permission will be granted to the API Gateway to invoke the mentioned Lambda Function.

Create an Authorizer

Choose Authorizer from the Tab and click on Create new Authorizer.

• Name the Authorizer i.e. test-Authorizer and choose Cognito as the type.
• In Cognito User Pool choose the user pool we just created i.e. test-API.
• Add “Authorization” as Token Source and leave Token Validation as Empty and click on Create button.

Here, Token Source is the key in the Header , which will be used to pass the Access Token with in the header.

Now, since we have created Authorizer, it’s time to integrate our Authorizer with the API.

• Go to the Resources tab, select the GET method we just created and click on Method Request.

• Refresh the Page once.
• In Authorization, choose the Authorizer we just created i.e. test-Authorizer, and add email in OAuth Scopes.

Now, it’s time to deploy the API.

• Navigate to the Resources tab, click on Actions and choose Deploy API.
• Create a new stage with the name test. You can add Stage Description and Deployment Description if needed and click on the Deploy button.

Now that we have finished configuring our resources, It’s high time to test our resources.

Testing

We will be testing our APIs using Postman.

Step 1. Get the Access Token

• Go to the AWS Cognito Console and select the User Pool we just created. i.e. test-API.
• Navigate to the App Integration tab and select the App Client we just created i.e. test-Client. Over here, in the Hosted UI section, click on the button named View Hosted UI.

• It will open a Link in a New Tab.
• View the opened Link carefully, and change the response_type=code to response_type=token and click enter on the keyboard.

Changing the response type = token, will grant us access token and id token after a successful sign up or sign in.

• Create a new Account or sign in, to an existing account.
• After successful signup or sign-in, you will be redirected to another page. Now copy the URL and extract the access_token from the URL.

Step 2. Get the API

Navigate the AWS API Gateway Console and open the API we just created i.e. test-API.

• Click on the Stages Tab and copy the Invoke URL.

Step 3. Open postman.com

Create a new account or log in to an existing account.

• Click on My Workspace.

• Modify the URL copied from the API Gateway console to the API as mentioned in the below Image.
• Also, configure the Headers section as shown in the below image.

Mine looks like this.

• Then click on the send button and will get the response as mentioned in the below image.

• If someone tries to invoke the API with the Expired Token or Invalid Token or No Token, then they will get a response like

With this, you have successfully Configured and Tested API Gateway which serves content only to the Authenticated users in Cognito User Pool.

Learn More

• Amazon API Gateway: Securing Endpoints using Cognito User Pool
• Amazon API Gateway: Securing Endpoints using API Keys
• Complete CRUD Application with AWS Serverless