The AWS CDK is a software development framework from AWS with the sole purpose of making it easy to define cloud infrastructure in your favorite programming language and deploy it using AWS CloudFormation. You can easily provision many resource stacks on AWS and destroy them when you're done.

We're going to build an infrastructure and the required resources to run a flexible, scalable and cost-effective Magento webshop on top of AWS.

Prerequisites

• AWS Account & User - Get help here
• AWS CLI Installed & Configured - Get help here
• Node.js Installed - Get help here
• AWS CDK Installed & Configured - Get help here
• Python 3 Installed & Configured - Get help here

Project Architecture

• A VPC that spans two Availability Zones. Each Availability Zone is configured with a private, isolated, and a public subnet.

• In a public subnet, a bastion host to provide Secure Shell (SSH) access to the Magento web servers and the internal RDS MySQL database for troubleshooting purposes.

• AWS-managed network address translation (NAT) gateways deployed into the public subnets and configured with an Elastic IP address for outbound internet connectivity. The NAT gateways are used for internet access for all EC2 instances launched within the private network.

• An Amazon RDS for MySQL database engine deployed via Amazon RDS in the isolated subnet. If you choose Multi-AZ deployment, a synchronously replicated secondary database is deployed in the second isolated subnet. This provides high availability and built-in automated failover from the primary database.

• EC2 web server instances launched in the private subnets. Elastic Load Balancing deployed to automatically distribute traffic across the multiple web server instances.

• User data scripts to automatically install the required packages and perform the required configurations.

• Elastic Load Balancing deployed to automatically distribute traffic across the multiple web server instances.

• Auto Scaling enabled to automatically increase capacity if there is a demand spike, and to reduce capacity during low traffic times.

• A CloudFront distribution is provisioned in front of the Application Load Balancer to provide caching at edge and to require encrypted web traffic through HTTPS.

• An S3 bucket to be used by the Magento installation to store users' media content.

• A Lambda function that is triggered by media content S3 bucket create item notifications. This function uses Amazon Rekognition DetectModerationLabels API to check for inappropriate content uploaded by users.

• IAM instance roles with fine-grained permissions for access to AWS services necessary for the resources.

• Appropriate security groups for each instance or function to restrict access to only necessary protocols and ports. For example, access to HTTP server ports on Amazon EC2 web servers is limited to Elastic Load Balancing. The security groups also restrict access to Amazon RDS DB instances by web server instances.

Project Configuration

The project implements the use of CDK runtime contexts to dynamically create per-environment configurations and resources.
The project defines two dev and prod environments and resources are configured depending on that. For example, the project creates an RDS MySQL instance with minimum configuration for testing on the dev environment, and creates a powerful and highly available database on the prod environment.

Learn more about CDK runtime contexts here.

Project Repository

Here's the project repository. Please be sure to go through the README file to get started and let me know if you have any comments or feedback. Enjoy!