AWS ECS Simple NodeJS App for Netlify Github Oauth!

This Project is a boilerplate for running a secure NodeJS app for Github Oauth through ECS using Fargate with CDK.

Based on a previous app created by TylerGaw.

Full blog post here.

The application provides Oauth for a NetlifyCMS application (or any Github auth flow).

Provided with a basic WAF

Getting up and running!

Configure your aws-cli and CDK

Be sure how you know how run CDK in context

Setup domains and Route53

Register or transfer a domain using Route53.

Follow the steps to create a Hosted Zone

Tip:

Create accounts for development/testing/production

I wished to have some sub-domains for various development/testing and production environment so this tutorial helped set that up!

Setup Oauth Key and Secret in Parameter store

Create your Oauth app in Github as detailed here:

https://docs.github.com/en/developers/apps/creating-an-oauth-app

Make sure the URL you use is the same as defined in the Route53 step above

Make a note of the Client Secret and Client ID and create 2 Parameters for each respectively in the Parameter Store.

• Use String for development only, SecureString should be used in production environments*

By default this application assumes there are named GITHUB_OAUTH_CLIENTSECRET and GITHUB_OAUTH_CLIENTID.

Build the OauthApp stack

The webapp stack runs a simple NodeJS server instance with micro-service which consumes the graphql endpoint. The app is loadbalanced with its container hosted on Fargate and protected using WAF rules.

cdk deploy --profile <YOURPROFILE-ID> -c region=eu-west-1 -c domain=<YOUR.DOMAIN.COM>

The cdk.json file tells the CDK Toolkit how to execute your app.

Certificate Creation for HTTPS

Uses the CDK method DnsValidatedCertificate which authorizes your certificates without having to manually approve. This requires the previous step completed for domains in Route53.

ECS Registry, Cluster, Tasks, Service and Docker

WebappStack is deployed to ECS and the task is run based on the Dockerfile in the simple directory.

This application uses the ECS Patterns for an application load balanced fargatge service

Testing the application

TODO

CI Integration

TODO

Local Development

To run the OauthNodeApp instances locally with Docker:

1. Deploy the GraphQL stack as described above
2. Change directory to the simple application cd simple
3. Export the required variables used by the Docker instance $ export GITHUB_OAUTH_CLIENTSECRET=$(aws ssm get-parameter --name=GITHUB_OAUTH_CLIENTSECRET --profile=<YOUR-PROFILE-ID> --query "Parameter.Value") $ export GITHUB_OAUTH_CLIENTID=$(aws ssm get-parameter --name=GITHUB_OAUTH_CLIENTID --profile=<YOUR-PROFILE-ID> --query "Parameter.Value")
4. Build the docker image providing the new env variables e.g. $ docker build --build-arg GITHUB_OAUTH_CLIENTSECRET --build-arg GITHUB_OAUTH_CLIENTID .
5. Get the latest docker image id $ docker image ls
6. Run the latest image id and bind port 3000 $ docker run -p 3000:3000 <docker image id from step 5>

Useful commands

• npm run build compile typescript to js
• npm run watch watch for changes and compile
• npm run test perform the jest unit tests
• cdk deploy -c domain=<INSERT DOMAIN NAME HERE> deploy this stack to your default AWS account/region, providing a domain name
• cdk diff compare deployed stack with current state
• cdk synth emits the synthesized CloudFormation template