Solution components - Multi-Region Infrastructure Deployment

Solution components

AWS CloudFormation change sets

The Multi-Region Infrastructure Deployment solution uses AWS CloudFormation change sets to enable you to preview the stage stack in the primary AWS Region and review how the proposed changes might impact your running resources.

CI/CD pipeline

This solution deploys a continuous integration/continuous delivery (CI/CD) pipeline in the primary Region. The pipeline retrieves the CloudFormation template using the values provided in the solution’s template parameters GitHub Repo, GitHub Branch, and Template Path.

GitHub repository

This solution uses the customer provided GitHub repository to store the CloudFormation template that defines the infrastructure for your application. The pipeline uses a GitHub Webhook to automatically detect changes to the source GitHub repository, which will trigger the pipeline to run again.

CloudFormation custom resource

This solution uses an AWS CloudFormation custom resource to create an Amazon Simple Storage Service (Amazon S3) bucket in the secondary Region. This enables artifacts to be deployed to the primary and secondary Region.

CloudFormation template filter

When a change is pushed to the GitHub repository the pipeline is automatically triggered. An AWS Lambda function filters the commits so that only changes to the customer’s CloudFormation template are pushed through the pipeline. Without this filter, any non-CloudFormation template changes in a commit would cause the AWS CodePipeline to attempt to deploy unchanged AWS CloudFormation templates over existing infrastructure.

CloudFormation change set validation

This solution uses AWS CodeBuild projects to run cfn-lint and cfn-nag scans on the AWS CloudFormation template that is to be deployed. If any errors are found, the release is stopped and the error will be available in the AWS CodeBuild console.

CodePipeline deployment stages

An AWS CodePipeline deployment stage creates an AWS CloudFormation change set using the template that is pushed through the pipeline, then, a an AWS CloudFormation execute change set deploys the template changes into the primary or secondary Region.

The CodePipeline consists of three deployment stages:

  • Stage: This environment is used to perform application integration tests to further validate the changes being deployed before moving to later stages of the pipeline. Manual approval is required before this solution can progress to later deployment stages.

  • Primary: This environment represents your production infrastructure in the primary AWS Region.

  • Secondary: This environment represents your production infrastructure in the secondary Region.

CloudFormation rollback change

When a manual approval request to deploy infrastructure changes to the primary and secondary AWS CloudFormation stacks is rejected, this solution automatically rolls back the changes on the stage AWS CloudFormation stack.

CloudFormation drift detection

Changes to AWS CloudFormation resources that are made outside of the AWS service can complicate stack update or deletion operations, resulting in drift. When any drifts occur with the AWS CloudFormation stack in either the primary or secondary regions, an AWS Lambda function sends an Amazon Simple Notification Service (Amazon SNS) notification. For information about drift detection, see Detecting unmanaged configuration changes to stacks and resources in the AWS CloudFormation User Guide.

Lambda functions

This solution uses the following AWS Lambda functions: StageArtifactCreator, StageArtifactPutter, and RollbackChange. The StageArtifactCreator Lambda function creates the AWS CodePipeline artifact for the stage AWS CloudFormation stack in an Amazon Simple Storage Service (Amazon S3) bucket. The stage AWS CloudFormation stack uses the artifact to deploy itself. The StageArtifactPutter Lambda function creates or updates AWS Systems Manager parameters, which include Amazon S3 paths and the stage AWS CloudFormation stack parameters. The StageArtifactCreator Lambda function uses the parameters to create the stage AWS CloudFormation stack so that it is the same as the primary AWS CloudFormation stack. The RollbackChange Lambda function uses the parameter to roll back the changes in the stage AWS CloudFormation stack.