initial import

Author: akirasosa

.editorconfig

@@ -0,0 +1,13 @@
+root = true
+
+[*]
+charset = utf-8
+indent_style = space
+indent_size = 2
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.md]
+insert_final_newline = false
+trim_trailing_whitespace = false

.envrc.example

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+export AWS_ACCESS_KEY_ID=
+export AWS_SECRET_ACCESS_KEY=
+export AWS_DEFAULT_REGION=
+export AWS_REGION=
+
+export PROD_ROLE_ARN=
+
+export SLACK_WEBHOOK_URL=
+
+unset AWS_SESSION_TOKEN

.gitignore

@@ -0,0 +1,5 @@
+.idea
+.serverless
+node_modules
+.envrc
+*.iml

.npmignore

@@ -0,0 +1,6 @@
+# package directories
+node_modules
+jspm_packages
+
+# Serverless directories
+.serverless

.travis.yml

@@ -0,0 +1,35 @@
+---
+sudo: required
+dist: trusty
+language: node_js
+cache:
+  directories:
+    - $HOME/.yarn-cache
+    - $HOME/.cache/pip
+node_js:
+  - '4.3.2'
+
+before_install:
+  - npm install -g yarn serverless
+install:
+  - yarn install
+
+script:
+  # TODO
+  - echo "do some tests..."
+
+before_deploy:
+  # Parse branch name and determine an environment to deploy
+  - export ENV=$(echo "${TRAVIS_BRANCH}" | perl -ne "print $& if /(?<=deploy\/).*/")
+  # install aws cli
+  - sudo apt-get -y install python-pip
+  - sudo pip install awscli
+  - aws --version
+  # account number
+  - account_number=$(aws sts get-caller-identity --output text --query 'Account')
+deploy:
+  - provider: script
+    script: ./scripts/deploy.sh | sed -e "s/${account_number}/SECRET/g"
+    skip_cleanup: true
+    on:
+      branch: deploy/*

functions/notify_to_slack.js

@@ -0,0 +1,11 @@
+'use strict';
+
+const notifyToSlack = require('./notify_to_slack/index');
+
+module.exports.handle = (event, context, callback) => {
+
+  notifyToSlack(event);
+  callback(null, {});
+
+};
+

functions/notify_to_slack/index.js

@@ -0,0 +1,10 @@
+'use strict';
+
+require('dotenv').config();
+const IncomingWebhooks = require('@slack/client').IncomingWebhook;
+
+module.exports = function (obj) {
+  const wh = new IncomingWebhooks(process.env.SLACK_WEBHOOK_URL);
+
+  wh.send(JSON.stringify(obj, null, 2));
+};

functions/remove_unused_and_rotated_images.js

@@ -0,0 +1,14 @@
+'use strict';
+
+const removeUnusedAndRotatedImages = require('./remove_unused_and_rotated_images/index');
+
+module.exports.handle = (event, context, callback) => {
+
+  removeUnusedAndRotatedImages().then(() => {
+    callback(null, {});
+  }).catch(e => {
+    console.error(e);
+  });
+
+};
+

functions/remove_unused_and_rotated_images/index.js

@@ -0,0 +1,74 @@
+'use strict';
+
+const AWS = require('aws-sdk');
+const _ = require('lodash');
+
+const EC2 = new AWS.EC2();
+const AutoScaling = new AWS.AutoScaling();
+
+module.exports = function () {
+  return Promise.all([rotatedImages(), usedImageIds()])
+    .then(_.spread((rotatedImages, usedImageIds) => {
+      return _.reject(rotatedImages, image => {
+        return _.includes(usedImageIds, image.ImageId);
+      });
+    }))
+    .then(images => {
+      const promises = images.map(image => {
+        return deregisterImage(image)
+          .then(deleteSnapShot)
+      });
+      return Promise.all(promises);
+    });
+};
+
+function rotatedImages() {
+  return EC2.describeImages({
+    Filters: [
+      {
+        Name: 'tag:Rotated',
+        Values: ['true'],
+      },
+    ],
+  }).promise()
+    .then(data => data.Images);
+}
+
+function usedImageIds() {
+  return AutoScaling.describeLaunchConfigurations({}).promise()
+    .then(data => {
+      return data.LaunchConfigurations.map(lc => lc.ImageId);
+    });
+}
+
+function deregisterImage(image) {
+  return EC2.deregisterImage({
+    ImageId: image.ImageId,
+  }).promise()
+    .then(() => {
+      console.log(`deregistered ${image.ImageId}`);
+      return image;
+    })
+    // ignore error and continue
+    .catch(() => image)
+}
+
+function deleteSnapShot(image) {
+  const snapShotId = _.chain(image.BlockDeviceMappings)
+    .flatten()
+    .map(m => m.Ebs)
+    .compact()
+    .map(m => m.SnapshotId)
+    .first()
+    .value();
+
+  return EC2.deleteSnapshot({
+    SnapshotId: snapShotId,
+  }).promise()
+    .then(() => {
+      console.log(`deleted ${snapShotId}`);
+      return image;
+    })
+    .catch(() => image)
+}
+

functions/replace_web_instances.js

@@ -0,0 +1,13 @@
+'use strict';
+
+const replaceAutoScalingInstances = require('./replace_web_instances/index');
+
+module.exports.handle = (event, context, callback) => {
+
+  replaceAutoScalingInstances().then(() => {
+    callback(null, {});
+  }).catch(e => {
+    console.error(e);
+  });
+
+};

functions/replace_web_instances/index.js

@@ -0,0 +1,33 @@
+const AWS = require('aws-sdk');
+
+// AWS.config.region = process.env.AWS_DEFAULT_REGION;
+const AutoScaling = new AWS.AutoScaling();
+
+module.exports = function () {
+  return AutoScaling.describeAutoScalingGroups({
+    AutoScalingGroupNames: ['web'],
+  }).promise()
+    .then(data => data.AutoScalingGroups[0])
+    .then(validateAsgCapacity)
+    .then(multipleDesiredCapacity);
+};
+
+function validateAsgCapacity(asg) {
+  if (asg.DesiredCapacity * 2 > asg.MaxSize) {
+    throw 'Max capacity is too small so that it can not replace instances.';
+  }
+  console.log(`Current desired capacity is ${asg.DesiredCapacity}`);
+
+  return asg;
+}
+
+function multipleDesiredCapacity(asg) {
+  console.log(`Scale out to ${asg.DesiredCapacity * 2}.`);
+
+  return AutoScaling.setDesiredCapacity({
+    AutoScalingGroupName: asg.AutoScalingGroupName,
+    DesiredCapacity: asg.DesiredCapacity * 2,
+    HonorCooldown: false,
+  }).promise();
+}
+

package.json

@@ -0,0 +1,11 @@
+{
+  "dependencies": {
+    "@slack/client": "^3.6.0",
+    "dotenv": "^2.0.0",
+    "lodash": "^4.16.4"
+  },
+  "devDependencies": {
+    "aws-sdk": "^2.6.12",
+    "serverless-plugin-write-env-vars": "^1.0.1"
+  }
+}

scripts/deploy.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+set -u
+
+ENV=$1
+
+if [ "${ENV}" = "prod" ]; then
+  # reset current role if exists
+  test ! -v AWS_SESSION_TOKEN && direnv reload
+  # switch to production role
+  source scripts/switch-production-role.sh
+fi
+
+sls deploy -v --stage ${ENV}
+
+if [ "${ENV}" = "prod" ]; then
+  # reset current role if exists
+  test ! -v AWS_SESSION_TOKEN && direnv reload
+fi

scripts/switch-production-role.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+credentials=$(aws sts assume-role --role-arn ${PROD_ROLE_ARN} --role-session-name travisci)
+
+export AWS_ACCESS_KEY_ID=$(echo ${credentials} | jq --raw-output .Credentials.AccessKeyId)
+export AWS_SECRET_ACCESS_KEY=$(echo ${credentials} | jq --raw-output .Credentials.SecretAccessKey)
+export AWS_SESSION_TOKEN=$(echo ${credentials} | jq --raw-output .Credentials.SessionToken)
+
+unset credentials
+
+echo "Switched to production role."

serverless.yml

@@ -0,0 +1,41 @@
+service: micropost
+
+provider:
+  name: aws
+  runtime: nodejs4.3
+  region: ap-northeast-1
+  stage: ${opt:stage, self:custom.defaultStage}
+  iamRoleStatements:
+    - Effect: "Allow"
+      Action:
+        - "ec2:DescribeImages"
+        - "ec2:DeregisterImage"
+        - "ec2:DeleteSnapshot"
+        - "autoscaling:DescribeAutoScalingGroups"
+        - "autoscaling:SetDesiredCapacity"
+        - "autoscaling:DescribeLaunchConfigurations"
+      Resource: "*"
+
+functions:
+  notifyToSlack:
+    handler: functions/notify_to_slack.handle
+    events:
+      - sns: frontend_deployed
+      - sns: web_autoscaled
+  removeUnusedAndRotatedImages:
+    handler: functions/remove_unused_and_rotated_images.handle
+    events:
+      - sns: web_image_updated
+  replaceWebInstances:
+    handler: functions/replace_web_instances.handle
+    events:
+      - sns: backend_app_updated
+      - sns: web_image_updated
+
+custom:
+  defaultStage: stg
+  writeEnvVars:
+    SLACK_WEBHOOK_URL: ${env:SLACK_WEBHOOK_URL}
+
+plugins:
+  - serverless-plugin-write-env-vars