Refactor deployment workflow and add S3 and CloudFront stacks for frontend infrastructure

Author: av1choudharyy

.github/workflows/deploy.yml

@@ -32,8 +32,10 @@ jobs:
           name: build-artifact
           path: dist
 
-  deploy_cdk:
+  setup:
     runs-on: ubuntu-latest
+    outputs:
+      env_name: ${{ steps.set_env.outputs.env_name }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -59,6 +61,7 @@ jobs:
         run: npm install -g aws-cdk
 
       - name: Determine Environment Name
+        id: set_env
         run: |
           if [[ $GITHUB_REF == refs/heads/main ]]; then
             ENV_NAME="production"
@@ -67,15 +70,65 @@ jobs:
           else
             ENV_NAME="dev"
           fi
-          echo "ENV_NAME=$ENV_NAME" >> $GITHUB_ENV
+          echo "env_name=$ENV_NAME" >> $GITHUB_OUTPUT
+
+  deploy_s3:
+    runs-on: ubuntu-latest
+    needs: setup
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ap-south-1
+
+      - name: Deploy S3 Stack
+        working-directory: infra
+        run: cdk deploy BeejhoFrontendS3Stack-${{ needs.setup.outputs.env_name }} --require-approval never
+
+  deploy_certificate:
+    runs-on: ubuntu-latest
+    needs: setup
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1 # Certificates must be in us-east-1 for CloudFront
+
+      - name: Deploy Certificate Stack
+        working-directory: infra
+        run: cdk deploy BeejhoFrontendCertificateStack --require-approval never
+
+  deploy_infra:
+    runs-on: ubuntu-latest
+    needs: [deploy_s3, deploy_certificate] # Ensures infra deploys only after S3 and Certificate are done
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ap-south-1
 
-      - name: Deploy CDK Stack
+      - name: Deploy Infra Stack
         working-directory: infra
-        run: cdk deploy --all -c env=${{ env.ENV_NAME }} --require-approval never
+        run: cdk deploy BeejhoFrontendStack-${{ needs.setup.outputs.env_name }} --require-approval never
 
   sync_to_s3:
     runs-on: ubuntu-latest
-    needs: [build, deploy_cdk]
+    needs: [build, deploy_s3]
     steps:
       - name: Checkout
         uses: actions/checkout@v4

infra/bin/infra.ts

@@ -1,14 +1,17 @@
 #!/usr/bin/env node
 import 'source-map-support/register';
 import * as cdk from 'aws-cdk-lib';
-import { InfraStack } from '../lib/infra-stack';
+import { InfraStack } from '../lib/cloudfront-stack';
 import { CertificateStack } from '../lib/certificate-stack';
+import { S3Stack } from '../lib/s3-stack';
 
 const app = new cdk.App();
 const env = { account: process.env.CDK_DEFAULT_ACCOUNT, region: 'us-east-1' };
 
 const envName = (app.node.tryGetContext('env') || 'dev').toLowerCase();
 
+new S3Stack(app, 'S3Stack', { env, envName, stackName: `BeejhoFrontendS3Stack-${envName}` });
+
 new CertificateStack(app, 'CertificateStack', { env, stackName: `BeejhoFrontendCertificateStack` });
 
 new InfraStack(app, 'InfraStack', { env, envName, stackName: `BeejhoFrontendStack-${envName}` });

infra/lib/infra-stack.ts infra/lib/cloudfront-stack.tsinfra/lib/infra-stack.ts renamed to infra/lib/cloudfront-stack.ts

@@ -15,16 +15,6 @@ export class InfraStack extends cdk.Stack {
   constructor(scope: Construct, id: string, props: InfraStackProps) {
     super(scope, id, props);
 
-    const bucket = new Bucket(this, 'BeejhoFrontendBucket', {
-      websiteIndexDocument: 'index.html',
-      websiteErrorDocument: 'index.html',
-      removalPolicy: cdk.RemovalPolicy.DESTROY,
-      bucketName: `beejho-frontend-${props.envName}`,
-      publicReadAccess: true,
-      blockPublicAccess: BlockPublicAccess.BLOCK_ACLS,
-      autoDeleteObjects: true,
-    });
-
     const hostedZone = HostedZone.fromLookup(this, 'BeejhoHostedZone', {
       domainName: 'beejho.in',
     });
@@ -37,6 +27,7 @@ export class InfraStack extends cdk.Stack {
       ? [`${props.envName}.beejho.in`, `www.${props.envName}.beejho.in`]
       : ['beejho.in', 'www.beejho.in'];
 
+    const bucket = Bucket.fromBucketName(this, `BeejhoFrontendBucket-${props.envName}`, `beejho-frontend-${props.envName}`);
 
     const distribution = new Distribution(this, 'BeejhoCloudFrontDistribution', {
       defaultBehavior: {

infra/lib/s3-stack.ts

@@ -0,0 +1,25 @@
+import * as cdk from 'aws-cdk-lib';
+import { Certificate, CertificateValidation } from 'aws-cdk-lib/aws-certificatemanager';
+import { HostedZone } from 'aws-cdk-lib/aws-route53';
+import { BlockPublicAccess, Bucket } from 'aws-cdk-lib/aws-s3';
+import { Construct } from 'constructs';
+
+interface S3StackProps extends cdk.StackProps {
+  envName: string;
+}
+
+export class S3Stack extends cdk.Stack {
+  constructor(scope: Construct, id: string, props: S3StackProps) {
+    super(scope, id, props);
+
+    const bucket = new Bucket(this, 'BeejhoFrontendBucket', {
+      websiteIndexDocument: 'index.html',
+      websiteErrorDocument: 'index.html',
+      removalPolicy: cdk.RemovalPolicy.DESTROY,
+      bucketName: `beejho-frontend-${props.envName}`,
+      publicReadAccess: true,
+      blockPublicAccess: BlockPublicAccess.BLOCK_ACLS,
+      autoDeleteObjects: true,
+    });
+  }
+}