Updated READMEs

AWSCookbook · Dec 7, 2021 · 896b660 · 896b660
1 parent 767852b
commit 896b660
Show file tree

Hide file tree

Showing 38 changed files with 427 additions and 752 deletions.
diff --git a/.DS_Store b/.DS_Store
diff --git a/601-Build-An-ECR-Repo/README.md b/601-Build-An-ECR-Repo/README.md
@@ -1,40 +1,26 @@
 # Building and Pushing a Container Image to ECR
-## Steps
-### Create a ECR Repo from the CLI
-    aws ecr create-repository --repository-name aws-cookbook-repo
 
-### Create Sample Docker File
-    echo FROM nginx:latest > Dockerfile
 
-### Build and tag the image
-    docker build . -t \
-    $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/aws-cookbook-repo:latest
-
-### Add an additional Tag
-    docker tag \
-    $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/aws-cookbook-repo:latest \
-    $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/aws-cookbook-repo:1.0
-
-### Get Authentication Token 
-        aws ecr get-login-password | docker login --username AWS \
---password-stdin $AWS_ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com
+## Cleanup
+### Remove the image from ECR:
+```
+aws ecr batch-delete-image --repository-name aws-cookbook-repo \
+--image-ids imageTag=latest
 
-### Push each image tag to Amazon ECR:
-    docker push \
-    $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/aws-cookbook-repo:latest
+aws ecr batch-delete-image --repository-name aws-cookbook-repo \
+--image-ids imageTag=1.0
+```
 
-    docker push \
-    $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/aws-cookbook-repo:1.0
 
-### View the image in ECR
-    aws ecr list-images --repository-name aws-cookbook-repo
+### Delete the image from your local machine:
+```
+docker image rm \
+$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/aws-cookbook-repo:1.0
+docker image rm \
+$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/aws-cookbook-repo:latest
+```
 
-## Cleanup
-### First remove the image and then delete the empty repository. 
-    aws ecr batch-delete-image --repository-name aws-cookbook-repo \
-    --image-ids imageTag=latest
+### Delete the repository:
 
-    aws ecr batch-delete-image --repository-name aws-cookbook-repo \
-    --image-ids imageTag=1.0
+`aws ecr delete-repository --repository-name aws-cookbook-repo`
 
-    aws ecr delete-repository --repository-name aws-cookbook-repo
diff --git a/602-Image-Scanning-In-ECR/README.md b/602-Image-Scanning-In-ECR/README.md
@@ -1,36 +1,23 @@
-# Automatically Scanning Images in ECR for Security Vulnerabilities on Image Push
+# Automatically Scanning Images in ECR for Security 
+## Preparation 
+### Create an ECR repository:
 
-### Create an ECR repository 
-    aws ecr create-repository --repository-name aws-cookbook-repo 
-
-## Apply Scanning configuration to an ECR Repository 
-    aws ecr put-image-scanning-configuration \
-    --repository-name aws-cookbook-repo \
-    --image-scanning-configuration scanOnPush=true
-
-### Pull and old version of NGinx 
-    docker pull nginx:1.14.1
-
-### Tag the image for ECR 
-    docker tag nginx:1.14.1 \
-    $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/aws-cookbook-repo:old
-
-### Get Authentication Token 
-    aws ecr get-login-password | docker login --username AWS \
-    --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com
-
-### Push the image to ECR 
-    docker push \
-    $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/aws-cookbook-repo:old
-
-### Check the vulerabilty scan results for the image that you pushed
-    aws ecr describe-image-scan-findings \
-    --repository-name aws-cookbook-repo --image-id imageTag=old
+`aws ecr create-repository --repository-name aws-cookbook-repo`
 
 ## Clean up
-### Delete the vulberable image 
-    aws ecr batch-delete-image --repository-name aws-cookbook-repo \
-    --image-ids imageTag=old
+### Delete the image from your local machine
+```
+docker image rm \
+$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/aws-cookbook-repo:old
+docker image rm nginx:1.14.1
+```
+
+### Delete the image from ECR:
+```
+aws ecr batch-delete-image --repository-name aws-cookbook-repo \
+ --image-ids imageTag=old
+ ```
+
+### Delete the repository:
+`aws ecr delete-repository --repository-name aws-cookbook-repo`
 
-### Delete the ECR Repository
-    aws ecr delete-repository --repository-name aws-cookbook-repo
diff --git a/603-Deploy-Container-With-Lightsail/README.md b/603-Deploy-Container-With-Lightsail/README.md
@@ -1,32 +1,13 @@
 # Deploying a container using Amazon Lightsail
-## Steps 
-### Create a new container service and give it a name, power parameter, and scale parameter:
-   aws lightsail create-container-service \
-   --service-name awscookbook --power nano --scale 1
 
-### Get a container image to use
-   docker pull nginx
-
-### Wait until your container service has entered the “READY” state
-   aws lightsail get-container-services --service-name awscookbook
-
-### Push the container to Amazon Lightsail
-   aws lightsail push-container-image --service-name awscookbook \
-   --label awscookbook --image nginx
-
-### Create the deployment 
-   aws lightsail create-container-service-deployment \
-   --service-name awscookbook --cli-input-json file://lightsail.json
+## Clean up 
+### Delete the local image from your workstation:
 
-### View your container service again - wait for the “ACTIVE” state
-   aws lightsail get-container-services --service-name awscookbook
+`docker image rm nginx`
 
-### Now visit the URL in your browser, or use cURL on the command line:
-   curl <endpoint>
+### Delete the container service:
 
-## Clean up 
-### Delete the container service
-   aws lightsail delete-container-service --service-name awscookbook
+`aws lightsail delete-container-service --service-name awscookbook`
 
 
 
diff --git a/604-Deploy-Container-With-Copilot-CLI/README.md b/604-Deploy-Container-With-Copilot-CLI/README.md
@@ -3,19 +3,6 @@
 ### Install Copilot cli tool 
     brew install aws/tap/copilot-cli
 
-## Steps
-### Check for the existance of the ECS service-linked role 
-    aws iam list-roles --path-prefix /aws-service-role/ecs.amazonaws.com/
-
-### If neeed, create the ECS service-linked role:
-    aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com
-
-### Now use Copilot to deploy the sample NGINX Dockerfile to ECS:
-    copilot init --app web --name nginx --type 'Load Balanced Web Service' \
-    --dockerfile './Dockerfile' --port 80 --deploy
-
-### After the deployment is complete, get information on the deployed service with this command:
-    copilot svc show
 
 ## Clean up 
 ### Delete the App

diff --git a/605-Updating-Containers-With-BlueGreen/README.md b/605-Updating-Containers-With-BlueGreen/README.md
@@ -1,130 +1,80 @@
 # Updating containers with blue/green deployments
 ## Preparation 
-### In the root of the AWS Cookbook repo cd to the cdk folder for this recipe 
-    cd 405-Updating-Containers-With-BlueGreen/cdk-AWS-Cookbook-405/
 
-### Create a python virtual environment: 
-    python3 -m venv .env
+This recipe requires some “prep work” which deploys resources that you’ll build the solution on. You will use the AWS CDK to deploy these resources 
 
-### Activate the newly created python virtual environment:
-    source .env/bin/activate
+### In the root of this Chapter’s repo cd to the  “605-Updating-Containers-With-BlueGreen/cdk-AWS-Cookbook-605” directory:
+```
+cd 605-Updating-Containers-With-BlueGreen/cdk-AWS-Cookbook-605/
+test -d .venv || python3 -m venv .venv
+source .venv/bin/activate
+pip install --upgrade pip
+pip install -r requirements.txt
+cdk deploy
+```
 
-### Update some core python modules in the virtual environment
-    python -m pip install --upgrade pip setuptools wheel
+### Wait for the cdk deploy command to complete. 
 
-### Install the required python modules:
-    python -m pip install -r requirements.txt --no-dependencies
+### We created a helper.py script to let you easily create and export environment variables to make subsequent commands easier. Run the script, and copy the output to your terminal to export variables:
 
-### If this is the first time you are using the cdk, you’ll need to bootstrap with the region you are working on with the CDK Toolkit: 
-    cdk bootstrap aws://$AWS_ACCOUNT_ID/$AWS_REGION
+`python helper.py`
 
-### Deploy the cdk application (Hit “y” when prompted with “Do you wish to deploy these changes”)
-    cdk deploy
+### Navigate up to the main directory for this recipe (out of the “cdk-AWS-Cookbook-605” directory)
 
-### run helper.py to generate easy to use commands that create environment variables 
-    python helper.py
+`cd ..`
 
-### Vist the LoadBalancerDNS value in your browser, observe blue application there
-    E.g.: 
-    firefox http://fargateservicealb-925844155.us-east-1.elb.amazonaws.com/
-    or 
-    open http://$LoadBalancerDNS
-
-### Navigate to the main directory for the chapter (out of the cdk folder)
-    cd ..
-
-## Steps
-
-### Create an IAM role using the statement in the file provided
-    aws iam create-role --role-name ecsCodeDeployRole \
-    --assume-role-policy-document file://assume-role-policy.json
-
-### Attach the AWS provided managed policy for CodeDeployRoleForECS
-    aws iam attach-role-policy --role-name ecsCodeDeployRole \
-    --policy-arn arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS
-
-### Create Green Target Group 
-    aws elbv2 create-target-group --name "GreenTG" --port 80 \
-    --protocol HTTP --vpc-id $VPCId --target-type ip
-
-### Create CodeDeploy Application
-    aws deploy create-application --application-name awscookbook-405 \
-    --compute-platform ECS
-
-### Replace values in the provided codedeploy-template.json file 
-    sed -e "s/AWS_ACCOUNT_ID/${AWS_ACCOUNT_ID}/g" \
-    -e "s|ProdListenerArn|${ProdListenerArn}|g" \
-    -e "s|TestListenerArn|${TestListenerArn}|g" \
-    codedeploy-template.json > codedeploy.json
-
-### Create the deployment group
-    aws deploy create-deployment-group --cli-input-json file://codedeploy.json
-
-### Replace the task definition value in appspec.yaml
-    sed -e "s|FargateTaskGreenArn|${FargateTaskGreenArn}|g" \
-    appspec-template.yaml > appspec.yaml
-
-### copy appspec.yaml to S3
-    aws s3 cp ./appspec.yaml s3://$S3BucketName
-
-### REPLACE VALUES in deployment-template.json
-    sed -e "s|S3BucketName|${S3BucketName}|g" \
-    deployment-template.json > deployment.json
-
-### Initial a deployment to the deployment group
-    aws deploy create-deployment --cli-input-json file://deployment.json
-
-### To get the status of the deployment, observe the status in the AWS Console (Developer Tools --> CodeDeploy --> Deployment --> Click on the deployment id)
-
-### Go to the LoadBalancerDNS in your browser and observe the change to the Green deployment
 
 ## Clean up
 
 ### Delete the CodeDeploy deployment group and application:
-    aws deploy delete-deployment-group \
-    --deployment-group-name awscookbook-405-dg \
-        --application-name awscookbook-405
+```
+aws deploy delete-deployment-group \
+--deployment-group-name awscookbook-605-dg \
+--application-name awscookbook-605
 
-aws deploy delete-application --application-name awscookbook-405
+aws deploy delete-application --application-name awscookbook-605
+```
 
 ### Detach the IAM policy from and delete the role used by CodeDeploy to update your application on Amazon ECS:
-    aws iam detach-role-policy --role-name ecsCodeDeployRole \
-    --policy-arn arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS
+```
+aws iam detach-role-policy --role-name ecsCodeDeployRole \
+--policy-arn arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS
 
-    aws iam delete-role --role-name ecsCodeDeployRole 
+aws iam delete-role --role-name ecsCodeDeployRole 
+```
 
 ### Now remove the load balancer rules created by CodeDeploy during the deployment and the target group you created previously:
-    aws elbv2 delete-rule --rule-arn \
-    $(aws elbv2 describe-rules \
-    --listener-arn $ProdListenerArn \
-    --query 'Rules[?Priority==`"1"`].RuleArn' \
-    --output text)
+```
+aws elbv2 delete-rule --rule-arn \
+$(aws elbv2 describe-rules \
+--listener-arn $PROD_LISTENER_ARN \
+--query 'Rules[?Priority==`"1"`].RuleArn' \
+--output text)
 
-    aws elbv2 modify-listener --listener-arn $TestListenerArn \
-    --default-actions Type=forward,TargetGroupArn=$DefaultTargetGroupArn
+aws elbv2 modify-listener --listener-arn $TEST_LISTENER_ARN \
+--default-actions Type=forward,TargetGroupArn=$DEFAULT_TARGET_GROUP_ARN
 
-    aws elbv2 delete-target-group --target-group-arn \
-    $(aws elbv2 describe-target-groups \
-    --names "GreenTG" \
-    --query 'TargetGroups[0].TargetGroupArn' \
-    --output text)
+aws elbv2 delete-target-group --target-group-arn \
+$(aws elbv2 describe-target-groups \
+--names "GreenTG" \
+--query 'TargetGroups[0].TargetGroupArn' \
+--output text)
+```
 
-### Remove the S3 contents of the S3 Bucket to allow AWS CDK to remove it
-    aws s3 rm s3://$S3BucketName --recursive
+### Delete the Blue and Green images:
+```
+aws ecr batch-delete-image --repository-name aws-cdk/assets \
+--image-ids imageTag=$(echo $BLUE_IMAGE | cut -d : -f 2) \
+imageTag=$(echo $GREEN_IMAGE | cut -d : -f 2)
+`
 
-### Delete the Blue and Green images 
-    aws ecr batch-delete-image --repository-name aws-cdk/assets \
-    --image-ids imageTag=$(echo $BlueImage | cut -d : -f 2) \
-         imageTag=$(echo $GreenImage | cut -d : -f 2)
+### Go to the cdk-AWS-Cookbook-605 directory
+`cd cdk-AWS-Cookbook-605/`
 
-### Go to the cdk-AWS-Cookbook-405 directory
-cd cdk-AWS-Cookbook-405/
+### To clean up the environment variables, run the helper.py script in this recipe’s cdk- directory with the --unset flag, and copy the output to your terminal to export variables:
 
-### To clean up the environment variables, run the helper.py script in this recipe’s cdk- folder with the --unset flag, and copy the output to your terminal to export variables:
-    python helper.py --unset
+`python helper.py --unset`
 
-### Use the AWS CDK to destroy the resources:
-    cdk destroy (Confirm with “y” when prompted with “Are you sure you want to delete”)
+### Use the AWS CDK to destroy the resources, deactivate your Python virtual environment, and go to the root of the chapter:
 
-### Deactivate your python virtual environment:
-    deactivate
+`cdk destroy && deactivate && rm -r .venv/ && cd ../..`
diff --git a/605-Updating-Containers-With-BlueGreen/cdk-AWS-Cookbook-605/app.py b/605-Updating-Containers-With-BlueGreen/cdk-AWS-Cookbook-605/app.py
@@ -1,11 +1,11 @@
 #!/usr/bin/env python3
 
-from aws_cdk import core
+import aws_cdk as cdk
 
 from cdk_aws_cookbook_605.cdk_aws_cookbook_605_stack import CdkAwsCookbook605Stack
 
 
-app = core.App()
+app = cdk.App()
 CdkAwsCookbook605Stack(app, "cdk-aws-cookbook-605")
 
 app.synth()
diff --git a/605-Updating-Containers-With-BlueGreen/cdk-AWS-Cookbook-605/cdk.json b/605-Updating-Containers-With-BlueGreen/cdk-AWS-Cookbook-605/cdk.json
@@ -1,12 +1,8 @@
 {
   "app": "python3 app.py",
   "context": {
-    "@aws-cdk/core:enableStackNameDuplicates": "true",
-    "aws-cdk:enableDiffNoFail": "true",
-    "@aws-cdk/core:stackRelativeExports": "true",
-    "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": true,
-    "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": true,
-    "@aws-cdk/aws-kms:defaultKeyPolicies": true,
-    "@aws-cdk/aws-s3:grantWriteWithoutAcl": true
+    "@aws-cdk/aws-rds:lowercaseDbIdentifier": false,
+    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": false,
+    "@aws-cdk/core:stackRelativeExports": false
   }
 }