This project contains the CDK stack for deploying the Open Chat Studio infrastructure.
The rough architecture is as follows:
- RDS PostgreSQL database
- Elasticache Redis
- Elastic Container Registry (ECR)
- ECS Fargate service for the Django application
- Django web service
- This service has two containers, one to run Django migrations and the other to run the Gunicorn server. The migrations container runs first and then the Gunicorn container is started once it has completed.
- The Django service is behind an ALB and has a target group for health checks
- Celery worker service
- Celery beat service
- Django web service
In addition to the above services, this project also sets up the following:
- VPC with public and private subnets
- Load balancer for the Django service
- S3 buckets for media files
- Certificate Manager certificates for the domain
- Email identity verification for the domain
- GitHub Actions roles for the CI/CD pipeline
- Secrets Manager for storing the Django secrets
ocs_deploy/cli/*.py- Invoke tasks for deploying the CDK stacks, managing secrets etc- Run
ocs -lto see the available tasks
- Run
cdk.jsonfile tells the CDK Toolkit how to execute the appocs_deploy/directory contains the CDK stack definitions
This assumes you already have uv installed.
$ uv venv
$ uv pip install -e .
$ source .venv/bin/activate
$ ocs -l$ ocs init <env>Now edit the .env.{env name} file to set the necessary configuration.
Assumptions:
- You have an AWS Account with the necessary permissions and SSO configured
export AWS_PROFILE=XXXis set- SSO credentials are set up (
aws sso login) - You have the necessary permissions to create the resources in the account
Steps:
-
Set up the ECR repository
ocs --env <env> aws.deploy -s ecr -v
Now push the initial version of the Docker image to the registry. This is needed to create the ECS service. See https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-push-ecr-image.html
-
Set up RDS, Redis, S3
ocs --env <env> aws.deploy -s rds,redis,s3 -v
-
Set up the domains, github roles etc.
ocs --env <env> aws.deploy -s domains,github -v
- Create the DNS entries for the domain and email domain verification
- The CNAME records will be included in the stack output
-
Create the necessary secrets
ocs --env <env> secrets.create-missing
-
Set up the Django service
ocs --env <env> aws.deploy -s django -v
After the initial deploy, you can deploy any stack independently. Typically, you would only need to run the CDK deploy when changing the infrastructure. For code deploys you can use the GitHub Actions defined in the Open Chat Studio repository.
To connect to the running service, you can use the ocs connect command to run a command or get a shell:
ocs --env <env> connect # the default command is /bin/bash
ocs --env <env> connect --command "python manage.py shell"The Django services require certain environment variables to be set. These can be either non-secret or secret environment variables.
To add a non-secret environment variable:
- Add the environment variable to
.env.<env>and.env.examplefiles. - Update the
ocs_deploy.config.OCSConfigclass to include the new environment variable. - Update the
ocs_deploy/fargate.pyfile to include the new environment variable in theenv_dictmethod.
Having completed this you can update the Django service to make the new environment variable available:
ocs --env <env> aws.deploy -s djangoTo add a secret to the Secrets Manager, first add the secret name to the ocs_deploy/secrets.yml file. Then run:
ocs --env <env> secrets.set SECRET_NAME SECRET_VALUEAfter setting the secret value you can update the Django service include the new secret as an environment variable:
ocs --env <env> aws.deploy -s djangocdk lslist all stacks in the appcdk synthemits the synthesized CloudFormation templatecdk deploydeploy this stack to your default AWS account/regioncdk diffcompare deployed stack with current statecdk docsopen CDK documentation