Issue-256 - Add demo-app ECS task

Author: huntharo

docker-compose-demo-app.yml

@@ -0,0 +1,10 @@
+version: '3.3'
+services:
+  # This is just for testing the demo-app as a non-Lambda express app
+  lambdademoapp:
+    platform: linux/arm64
+    build:
+      context: .
+      dockerfile: DockerfileLambdaDemoApp
+    ports:
+      - 3002:3001

src/cdk-construct/API.md

@@ -58,10 +58,17 @@ export interface LambdaDispatchECSProps {
   readonly cpuArchitecture?: ecs.CpuArchitecture;
 
   /**
-   * Container image for the ECS task
+   * Image for the lambda-dispatch Router
    * @default - latest image from public ECR repository
    */
-  readonly containerImage?: ecs.ContainerImage;
+  readonly routerImage?: ecs.ContainerImage;
+
+  /**
+   * Image for the demo app
+   * This can be the same as the lambda image because it just won't start the lambda extension
+   * @default - undefined
+   */
+  readonly demoAppImage?: ecs.ContainerImage;
 
   /**
    * The removal policy to apply to the log group
@@ -84,9 +91,13 @@ export class LambdaDispatchECS extends Construct {
    */
   public readonly securityGroup: ec2.SecurityGroup;
   /**
-   * Target group for the ECS service
+   * Target group for the Router service
    */
-  public readonly targetGroup: elbv2.ApplicationTargetGroup;
+  public readonly targetGroupRouter: elbv2.ApplicationTargetGroup;
+  /**
+   * Target group for the Demo App service
+   */
+  public readonly targetGroupDemoApp: elbv2.ApplicationTargetGroup;
 
   constructor(scope: Construct, id: string, props: LambdaDispatchECSProps) {
     super(scope, id);
@@ -133,13 +144,13 @@ export class LambdaDispatchECS extends Construct {
     // Give the task role permission to describe the log group, create log streams in that group, and write log events to those streams
     logGroup.grant(taskRole, 'logs:DescribeLogGroups', 'logs:CreateLogStream', 'logs:PutLogEvents');
 
-    const container = taskDefinition.addContainer('LambdaDispatchRouter', {
+    const routerContainer = taskDefinition.addContainer('LambdaDispatchRouter', {
       image:
-        props.containerImage ??
+        props.routerImage ??
         ecs.ContainerImage.fromRegistry('public.ecr.aws/pwrdrvr/lambda-dispatch-router:latest'),
       logging: ecs.LogDriver.awsLogs({
         logGroup: logGroup,
-        streamPrefix: 'ecs',
+        streamPrefix: 'router',
       }),
       environment: {
         DOTNET_ThreadPool_UnfairSemaphoreSpinLimit: '0',
@@ -152,20 +163,30 @@ export class LambdaDispatchECS extends Construct {
         AWS_CLOUDWATCH_LOG_GROUP: logGroup.logGroupName,
       },
     });
-
-    container.addPortMappings(
+    routerContainer.addPortMappings(
       { containerPort: 5001, protocol: ecs.Protocol.TCP },
       { containerPort: 5003, protocol: ecs.Protocol.TCP },
       { containerPort: 5004, protocol: ecs.Protocol.TCP },
     );
 
+    const demoAppContainer = taskDefinition.addContainer('DemoApp', {
+      image:
+        props.demoAppImage ??
+        ecs.ContainerImage.fromRegistry('public.ecr.aws/pwrdrvr/lambda-dispatch-demo-app:latest'),
+      logging: ecs.LogDriver.awsLogs({
+        logGroup: logGroup,
+        streamPrefix: 'demo-app',
+      }),
+    });
+    demoAppContainer.addPortMappings({ containerPort: 3001, protocol: ecs.Protocol.TCP });
+
     this.securityGroup = new ec2.SecurityGroup(this, 'EcsSecurityGroup', {
       vpc: props.vpc,
       allowAllOutbound: true,
       description: 'Security Group for ECS Fargate tasks',
     });
 
-    // Add inbound rules for ports 5003 and 5004
+    // Add inbound rules for ports 5003 and 5004 on the router from within the VPC
     this.securityGroup.addIngressRule(
       ec2.Peer.ipv4(props.vpc.vpcCidrBlock),
       ec2.Port.tcp(5003),
@@ -177,7 +198,8 @@ export class LambdaDispatchECS extends Construct {
       'Allow inbound traffic on port 5004 from within the VPC (HTTPS from Lambda)',
     );
 
-    this.targetGroup = new elbv2.ApplicationTargetGroup(this, 'FargateTargetGroup', {
+    // Create target groups first
+    this.targetGroupRouter = new elbv2.ApplicationTargetGroup(this, 'FargateTargetGroup', {
       vpc: props.vpc,
       port: 5001,
       protocol: elbv2.ApplicationProtocol.HTTP,
@@ -188,13 +210,29 @@ export class LambdaDispatchECS extends Construct {
         timeout: cdk.Duration.seconds(2),
         healthyThresholdCount: 2,
       },
+      deregistrationDelay: cdk.Duration.seconds(60),
+    });
+
+    this.targetGroupDemoApp = new elbv2.ApplicationTargetGroup(this, 'DemoAppTargetGroup', {
+      vpc: props.vpc,
+      port: 3001,
+      protocol: elbv2.ApplicationProtocol.HTTP,
+      targetType: elbv2.TargetType.IP,
+      healthCheck: {
+        path: '/health-quick',
+        interval: cdk.Duration.seconds(5),
+        timeout: cdk.Duration.seconds(2),
+        healthyThresholdCount: 2,
+      },
+      deregistrationDelay: cdk.Duration.seconds(30),
     });
 
     // Configure capacity provider strategy based on props
     const capacityProviderStrategies = props.useFargateSpot
       ? [{ capacityProvider: 'FARGATE_SPOT', weight: 1 }]
       : [{ capacityProvider: 'FARGATE', weight: 1 }];
 
+    // Create service
     this.service = new ecs.FargateService(this, 'EcsService', {
       cluster: props.cluster,
       taskDefinition,
@@ -205,6 +243,21 @@ export class LambdaDispatchECS extends Construct {
       capacityProviderStrategies,
     });
 
+    // Add target group attachments with specific container names and ports
+    this.targetGroupRouter.addTarget(
+      this.service.loadBalancerTarget({
+        containerName: 'LambdaDispatchRouter',
+        containerPort: 5001,
+      }),
+    );
+
+    this.targetGroupDemoApp.addTarget(
+      this.service.loadBalancerTarget({
+        containerName: 'DemoApp',
+        containerPort: 3001,
+      }),
+    );
+
     // Add auto-scaling
     const scaling = this.service.autoScaleTaskCount({
       maxCapacity: props.maxCapacity ?? 10,
@@ -215,8 +268,5 @@ export class LambdaDispatchECS extends Construct {
       scaleInCooldown: cdk.Duration.seconds(60),
       scaleOutCooldown: cdk.Duration.seconds(60),
     });
-
-    // Attach the service to the target group
-    this.service.attachToApplicationTargetGroup(this.targetGroup);
   }
 }

src/cdk-construct/src/ecs.ts

@@ -140,11 +140,11 @@ export class LambdaDispatchStack extends cdk.Stack {
       dockerImage:
         !usePublicImages && (props.lambdaECRRepoName || props.lambdaImageTag)
           ? lambda.DockerImageCode.fromEcr(
-              ecr.Repository.fromRepositoryName(this, 'LambdaRepo', lambdaECRRepoName),
-              {
-                tagOrDigest: lambdaTag,
-              },
-            )
+            ecr.Repository.fromRepositoryName(this, 'LambdaRepo', lambdaECRRepoName),
+            {
+              tagOrDigest: lambdaTag,
+            },
+          )
           : undefined,
     });
 
@@ -153,12 +153,19 @@ export class LambdaDispatchStack extends cdk.Stack {
       vpc,
       lambdaFunction: lambdaConstruct.function,
       cluster,
-      containerImage:
+      routerImage:
         !usePublicImages && process.env.PR_NUMBER
           ? ecs.ContainerImage.fromEcrRepository(
-              ecr.Repository.fromRepositoryName(this, 'EcsRepo', 'lambda-dispatch-router'),
-              `pr-${process.env.PR_NUMBER}-${process.env.GIT_SHA_SHORT}`,
-            )
+            ecr.Repository.fromRepositoryName(this, 'EcsRepo', 'lambda-dispatch-router'),
+            `pr-${process.env.PR_NUMBER}-${process.env.GIT_SHA_SHORT}`,
+          )
+          : undefined,
+      demoAppImage:
+        !usePublicImages && process.env.PR_NUMBER
+          ? ecs.ContainerImage.fromEcrRepository(
+            ecr.Repository.fromRepositoryName(this, 'DemoAppRepo', 'lambda-dispatch-demo-app'),
+            `pr-${process.env.PR_NUMBER}-arm64-${process.env.GIT_SHA_SHORT}`,
+          )
           : undefined,
       useFargateSpot: props.useFargateSpot ?? true,
       removalPolicy: props.removalPolicy,
@@ -167,15 +174,22 @@ export class LambdaDispatchStack extends cdk.Stack {
     // Allow ECS tasks to invoke Lambda
     lambdaConstruct.function.grantInvoke(ecsConstruct.service.taskDefinition.taskRole);
 
-    const hostname = `lambdadispatch${process.env.PR_NUMBER ? `-pr-${process.env.PR_NUMBER}` : ''}`;
+    const hostnameRouter = `lambdadispatch${process.env.PR_NUMBER ? `-pr-${process.env.PR_NUMBER}` : ''}`;
+    const hostnameDemoApp = `lambdadispatch-demoapp${process.env.PR_NUMBER ? `-pr-${process.env.PR_NUMBER}` : ''}`;
 
     // Add the target group to the HTTPS listener
     httpsListener.addTargetGroups('EcsTargetGroup', {
-      targetGroups: [ecsConstruct.targetGroup],
-      conditions: [elbv2.ListenerCondition.hostHeaders([`${hostname}.ghpublic.pwrdrvr.com`])],
+      targetGroups: [ecsConstruct.targetGroupRouter],
+      conditions: [elbv2.ListenerCondition.hostHeaders([`${hostnameRouter}.ghpublic.pwrdrvr.com`])],
       // Set the priority to the PR number or 49999 if not a PR
       priority: process.env.PR_NUMBER ? parseInt(process.env.PR_NUMBER) : 49999,
     });
+    httpsListener.addTargetGroups('EcsTargetGroupDemoApp', {
+      targetGroups: [ecsConstruct.targetGroupDemoApp],
+      conditions: [elbv2.ListenerCondition.hostHeaders([`${hostnameDemoApp}.ghpublic.pwrdrvr.com`])],
+      // Set the priority to the PR number + 10000 or 49998 if not a PR
+      priority: process.env.PR_NUMBER ? parseInt(process.env.PR_NUMBER) + 10000 : 49998,
+    });
 
     // Create Route53 records
     const hostedZone = route53.HostedZone.fromHostedZoneAttributes(this, 'HostedZone', {
@@ -184,7 +198,12 @@ export class LambdaDispatchStack extends cdk.Stack {
     });
     new route53.ARecord(this, 'LambdaDispatchRecord', {
       zone: hostedZone,
-      recordName: hostname,
+      recordName: hostnameRouter,
+      target: route53.RecordTarget.fromAlias(new route53targets.LoadBalancerTarget(loadBalancer)),
+    });
+    new route53.ARecord(this, 'LambdaDispatchDemoAppRecord', {
+      zone: hostedZone,
+      recordName: hostnameDemoApp,
       target: route53.RecordTarget.fromAlias(new route53targets.LoadBalancerTarget(loadBalancer)),
     });