Our great sponsors
-
django-step-by-step
A Django + Vue reference project that focuses on developer tooling and CI/CD + IaC
Here are some other questions that would be good to ask about the infrastructure: * What AWS account will this run in? Who has access to that account? Are SSO permission sets used? * What DNS records will be used to access the frontend and the backend? Are these two services accessed via the same record URL? For example, all do you to only send example.com/api/* traffic to the backend and then send all other example.com/* to the Angular frontend? Or do you want to use api.example.com for all API traffic and example.com for the Angular site. What about non-prod environments? Will you use alpha.example.com for a staging environment for a non-prod environment named alpha? * You mentioned that the team will be using Terraform heavily, how will you be splitting up your modules? When you run Terraform's apply command, does it update a single set of infrastructure for your entire application, or do you run terraform apply several times for different groups of resources, such as a networking stack (with VPC), data stack (with RDS) and application stack (for ECS resources), for example? You will probably use terraform remote state to manage these different logical components and the data dependencies they have between each other. * Another related question is how you are running pipelines for Terraform? I would use something like GitHub Actions. When a pipeline runs, you should see the output of a terraform plan stage and then the pipeline should pause for manual approval after the changes have been reviewed. This can be done with GitHub environments, for example, and other CI/CD tools can also do this. * What happens when you need to change an environment variable? This can be a complicated question. Environments that are not secrets might be stored in a terraform.tfvars file, or might be stored in environment variables in your pipeline in the form of TFVAR{name}, so this implies that changing an environment variable is an infrastructure change. You want to keep your infrastructure deployments separate from your application deployments. If you are using ECS, you probably want to use ignore_changes for the task definitions referenced by the services. This will create a new task definition, but it will not be used by the new services. When you do an application update, the service may use this new task definition with the updated environment variable. * Another question: does anyone on the team need direct access to the database? Is there a bastion host used in the infrastructure that can people can connect to the DB with via port forwarding? I hope these questions are helpful. I have thought about a lot of these and have been exploring their answers with an open source project focused on a containerized, database-backed Python web app (made with Django) that I deploy on AWS with ECS Fargate, and I have another repo with Terraform modules for deploying application infrastructure. Here's the application repo: https://github.com/briancaffey/django-step-by-step and here is the Terraform module repo: https://github.com/briancaffey/terraform-aws-django. Please let me know if you have any questions
-
Here are some other questions that would be good to ask about the infrastructure: * What AWS account will this run in? Who has access to that account? Are SSO permission sets used? * What DNS records will be used to access the frontend and the backend? Are these two services accessed via the same record URL? For example, all do you to only send example.com/api/* traffic to the backend and then send all other example.com/* to the Angular frontend? Or do you want to use api.example.com for all API traffic and example.com for the Angular site. What about non-prod environments? Will you use alpha.example.com for a staging environment for a non-prod environment named alpha? * You mentioned that the team will be using Terraform heavily, how will you be splitting up your modules? When you run Terraform's apply command, does it update a single set of infrastructure for your entire application, or do you run terraform apply several times for different groups of resources, such as a networking stack (with VPC), data stack (with RDS) and application stack (for ECS resources), for example? You will probably use terraform remote state to manage these different logical components and the data dependencies they have between each other. * Another related question is how you are running pipelines for Terraform? I would use something like GitHub Actions. When a pipeline runs, you should see the output of a terraform plan stage and then the pipeline should pause for manual approval after the changes have been reviewed. This can be done with GitHub environments, for example, and other CI/CD tools can also do this. * What happens when you need to change an environment variable? This can be a complicated question. Environments that are not secrets might be stored in a terraform.tfvars file, or might be stored in environment variables in your pipeline in the form of TFVAR{name}, so this implies that changing an environment variable is an infrastructure change. You want to keep your infrastructure deployments separate from your application deployments. If you are using ECS, you probably want to use ignore_changes for the task definitions referenced by the services. This will create a new task definition, but it will not be used by the new services. When you do an application update, the service may use this new task definition with the updated environment variable. * Another question: does anyone on the team need direct access to the database? Is there a bastion host used in the infrastructure that can people can connect to the DB with via port forwarding? I hope these questions are helpful. I have thought about a lot of these and have been exploring their answers with an open source project focused on a containerized, database-backed Python web app (made with Django) that I deploy on AWS with ECS Fargate, and I have another repo with Terraform modules for deploying application infrastructure. Here's the application repo: https://github.com/briancaffey/django-step-by-step and here is the Terraform module repo: https://github.com/briancaffey/terraform-aws-django. Please let me know if you have any questions
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.