An implementation for FIWARE Orion and Cygnus on AWS.

Related tags

Learning resource fiware-orion-on-aws
Overview

FIWARE: Orion and Cygnus on AWS

This guide will help you to deploy Fiware's Orion and Cygnus components into a serverless architecture.

What does this repository include?

  1. An AWS CDK project in charge of provisioning the basic infrastructure with a VPC Network, Security Groups and two managed Databases, one Amazon Aurora Serverless (PostgreSql) and one Amazon DocumentDB. These are represented in the following stacks:
  • Network Stack
  • DocumentDB Stack
  • Aurora Stack
  1. A docker-compose generator to provisioning AWS ECS Fargate instances, ALBs with Firewall WAF rules. This is a nodeJS script that runs after the CDK and it will automatically generate two docker-compose one for each service.

Architecture

  • First, this architechture is deployed with AWS CDK as follows.

CDK Architecture

  • Finally, the architecture is deployed with Docker Compose CLI as follows.

Docker Compose Architecture

How to use it?

1. Infrastructure

Deploy Infrastructure. Firstly, creating an AWS profile is recommended if you do not have it.

2. Configuring WAF for ALB

Security is very important and we strongly recommend that you protect your services endpoints with AWS WAF. You can add WAF for both Orion and Cygnus ALBs. You can use the included waf.json.sample file that shows the setting for denylist and allowlist. denylist is used for IPSetReferenceStatement, allowlist is used fot Rate-based rule statement

You should start by copying the sample file, then you edit your settings in your own waf.json

cp waf.json.sample waf.json

If you skip this, your endpoints will be public and this message will be showed while deploying:

[WARN] WAF Allow list is empty, this makes the service to be public

3. Deployer script

The basic infrastructure and the docker-compose generator are executed by this bash script:

$./deployer.sh <AWS_PROFILE>

After the deployment is completed, you can see these services running in you AWS account.

AWS Service Description
AWS Fargate Containers for Orion and Cygnus
Application Load Balancer (ALB) Load Balancer for Orion and Cygnus web api.
Amazon DocumentDB Database for Orion
Amazon Aurora Serverless Database for Cygnus
AWS WAF Web Application Firewall for the ALB. *

NOTE: WAF rules for the ALBs can be changed, please see this reference.

4. Start Orion and Cygnus services

4.1 Prerequisites

  1. Install docker.
  2. Create docker context for FIWARE environment. if you already have a context for orion and cygnus, you can just use it.
docker context create ecs <context-name>
? Create a Docker context using: [Use arrows to move, type to filter]
  > An existing AWS profile  <- You can use the profile you created here.
docker context use <context-name>

4.2 Deploy FIWARE Orion

docker compose -p orion -f docker/orion/docker-compose.yml up

4.3 Deploy FIWARE Cygnus

docker compose -p cygnus -f docker/cygnus/docker-compose.yml up

Testing

Loadtest for FIWARE Components provides laodtest for FIWARE.

Clean up

If you need to clean up the resources, please follow steps below.

Delete the FIWARE services

Orion: docker compose -p orion down

Cygnus: docker compose -p cygnus down

Deprovision Infrastructure

[WARN] All data will be deleted by this step.

cdk destroy --all --profile <AWS_PROFILE>

Additional Topics

MongoDB as context database for Orion

If you have a MongoDB cluster, like Atlas, you can edit the docker-compose file for orion with these options:

  • dbhost
  • rplSet
  • dbuser
  • dbpwd
command: ...
  /usr/bin/contextBroker -fg -multiservice -ngsiv1Autocast -disableFileLog -dbhost <MontoDB Atlas cluster's endpoint array including 27017 port> -rplSet <MontoDB Atlas replica set shard name> -dbuser <MontoDB Atlas user> -dbpwd <MongoDB Atlas password> -dbDisableRetryWrites -logLevel $${ORION_LOGS_LEVEL}

Replace parameter values for Orion below with ones MongoDB Atlas provided.

Useful docker compose cli command

logs

To get the application logs.

docker compose --project-name <project name> logs

ps

To get service information deployed on ECS.

docker compose --project-name <project name> ps

#Example
NAME                                          SERVICE             STATUS              PORTS
task/orion/a6033a645faa4cd89c474ba950188ff5   orion               Running             orion-alb-XXXXXXXXXX.us-east-1.elb.amazonaws.com:1026->1026/http
task/orion/d869b3ca63b241c0801c46488d3791ba   orion               Running             orion-alb-XXXXXXXXXX.us-east-1.elb.amazonaws.com:1026->1026/http

convert

To transform docker-compose.yml into a CloudFormation template.

docker compose --project-name <project name> convert

#Example
AWSTemplateFormatVersion: 2010-09-09
Resources:
  CloudMap:
    Properties:
      Description: Service Map for Docker Compose project ecs-text
      Name: ecs-text.local
      Vpc: vpc-cd1d32b6
    Type: AWS::ServiceDiscovery::PrivateDnsNamespace
  Cluster:
    Properties:
      ClusterName: ecs-text
      Tags:
        - Key: com.docker.compose.project
          Value: ecs-text
    Type: AWS::ECS::Cluster
...

Known Issues

DocumentDB vs MongoDB

License

This project is licensed under the GPL v3 License. See the LICENSE file.This library is licensed under the GPL v3 and the MIT-0 License. See the LICENSE.MIT-0 file.

Security

See CONTRIBUTING for more information.

Comments
  • Update release 1.1

    Update release 1.1

    Description of changes:

    • Fix WAF issue to block all traffic by default
    • Fix an issue that prevented Orion to deploy from docker yaml sample
    • Use internal CDK package for the deployer script
    • Refactor and format infra code
    • Package updates

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by jl4nz 0
  • Bump decode-uri-component from 0.2.0 to 0.2.2

    Bump decode-uri-component from 0.2.0 to 0.2.2

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • [Architect-fiware-orion-on-aws]

    [Architect-fiware-orion-on-aws]

    Hi, thank you for the fiware orion project on aws.

    In your diagram, I want to ask why don't you just stop the IOT Agent to manage the device? Will your devices be sent directly to the Orion Context Broker or will it require programming embedded into the device?

    opened by NguyenDOanNhan 0
  • node error occur

    node error occur

    I ran "./deployer.sh <AWS_PROFILE>" and after deploying DocumentdbStack I got the following error message:

    Provisioning AWS OK
node:internal/errors:465
	ErrorCaptureStackTrace(err);
	^

TypeError [ERR_IMPORT_ASSERTION_TYPE_MISSING]: Module "file:///home/xxx/fiware-orion-on-aws/cdk-outputs.json" needs an import assertion of type "json"
	at new NodeError (node:internal/errors:372:5)
	at validateAssertions (node:internal/modules/esm/assert:82:15)
	at defaultLoad (node:internal/modules/esm/load:24:3)
	at ESMLoader.load (node:internal/modules/esm/loader:407:26)
	at ESMLoader.moduleProvider (node:internal/modules/esm/loader:326:22)
	at new ModuleJob (node:internal/modules/esm/module_job:66:26)
	at ESMLoader.#createModuleJob (node:internal/modules/esm/loader:345:17)
	at ESMLoader.getModuleJob (node:internal/modules/esm/loader:304:34)
	at async ModuleWrap.<anonymous> (node:internal/modules/esm/module_job:82:21)
	at async Promise.all (index 2) {
  code: 'ERR_IMPORT_ASSERTION_TYPE_MISSING'
}

    Please tell me how to solve it. The version of node I'm using is 16.16.0. Node.js v18.6.0 didn't work either.

    Please let me know if you have any other information you need

    opened by kasa001 1
  • Bump minimist from 1.2.5 to 1.2.6

    Bump minimist from 1.2.5 to 1.2.6

    Bumps minimist from 1.2.5 to 1.2.6.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • There is an extra string in a command.

    There is an extra string in a command.

    https://github.com/aws-samples/fiware-orion-on-aws/blob/7d6080fc5c78a8fa51f9a1a28056c3818367f253/deployer.sh#L14

    There is an extra string in a command. "--" is no needed for cdk deploy command.

    opened by MasazI 0
Owner
AWS Samples
AWS Samples
GitHub
Under the Sea is an official AWS workshop delivered by AWS SAs and AWS Partners to help customers and partners to learn about AIOps with serverless architectures on AWS.

Under the Sea - AIOps with Serverless Workshop Under the Sea is an exciting MMORPG developed by the famous entrepreneur behind Wild Rydes, the most po

AWS Samples 4 Nov 16, 2022
A robust, secure, and easily deployable image resizing service that resizes, optimizes, and caches images on "the edge," on the fly, built on AWS Serverless technologies. Served by CloudFront via an Origin Access Identity. Executed on Lambda@Edge. Backed by S3. Protected by AWS WAF. Provisioned via CloudFormation. Deployed by the AWS SAM CLI.

Image Flex A robust, secure, and easily deployable image resizing service that resizes, optimizes, and caches images on "the edge," on the fly, built

Horace Nelson 89 Dec 20, 2022
Learn Web 2.0 and Web 3.0 Development using Next.js, Typescript, AWS CDK, AWS Serverless, Ethereum and AWS Aurora Serverless

Learn Web 2.0 Cloud and Web 3.0 Development in Baby Steps In this course repo we will learn Web 2.0 cloud development using the latest state of the ar

Panacloud Multi-Cloud Internet-Scale Modern Global Apps 89 Jan 3, 2023
MerLoc is a live AWS Lambda function development and debugging tool. MerLoc allows you to run AWS Lambda functions on your local while they are still part of a flow in the AWS cloud remote.

MerLoc MerLoc is a live AWS Lambda function development and debugging tool. MerLoc allows you to run AWS Lambda functions on your local while they are

Thundra 165 Dec 21, 2022
AWS Lambda & Serverless - Developer Guide with Hands-on Labs. Develop thousands line of aws lambda functions interact to aws serverless services with real-world hands-on labs

AWS Lambda & Serverless - Developer Guide with Hands-on Labs UDEMY COURSE WITH DISCOUNTED - Step by Step Development of this Repository -> https://www

awsrun 35 Dec 17, 2022
Grupprojekt för kurserna 'Javascript med Ramverk' och 'Agil Utveckling'

JavaScript-med-Ramverk-Laboration-3 Grupprojektet för kurserna Javascript med Ramverk och Agil Utveckling. Utvecklingsguide För information om hur utv

Svante Jonsson IT-Högskolan 3 May 18, 2022
Hemsida för personer i Sverige som kan och vill erbjuda boende till människor på flykt

Getting Started with Create React App This project was bootstrapped with Create React App. Available Scripts In the project directory, you can run: np

null 4 May 3, 2022
Kurs-repo för kursen Webbserver och Databaser

Webbserver och databaser This repository is meant for CME students to access exercises and codealongs that happen throughout the course. I hope you wi

null 14 Jan 3, 2023
A serverless AWS expense tracker API. AWS Lambda functions, API gateway, and Dynamodb are among the ingredients.

AWS-Serverless-API A serverless AWS expense tracker API. AWS Lambda functions API gateway Dynamodb Endpoints Create a new expense: Method: POST Body f

Ondiek Elijah Ochieng 1 Jul 16, 2022
A monorepo that uses the AWS Cloud Development Kit to deploy and configure nanomdm on AWS lambda.

NanoMDM on AWS This repo builds and configures a nanomdm server to run on AWS lambda. It uses the Cloud Development Kit and tries to follow best pract

Stevie Clifton 4 May 26, 2022
Lumos is an AWS Lambda visualizer and open source alternative to AWS CloudWatch.

Lumos Lambda Metrics Visualizer Table of Contents About Lumos Techologies Used Getting Started Key Lambda Metrics How to Contribute License Contributo

OSLabs Beta 36 Nov 5, 2022
An Amazon Kendra REST API CDK example with an API Gateway, including authentication with AWS Cognito and AWS X-Ray Tracing

Amazon Kendra Web Service CDK Sample Amazon Kendra has a robust JSON API for use with the AWS SDK (software development kit), but does not expose endp

AWS Samples 8 Nov 28, 2022
Everynode allows you to run any version of Node.js in AWS Lambda, in any commercial AWS region

Run Any Node.js Version in AWS Lambda Everynode allows you to run any version of Node.js in AWS Lambda, in any commercial AWS region. We add support f

Fusebit 116 Dec 15, 2022
Deploy an Architect project from GitHub Actions with keys gathered from aws-actions/configure-aws-credentials

Deploy an Architect project from GitHub Actions with keys gathered from a specific AWS IAM Role federated by an IAM OIDCProvider. CloudFormation to cr

Taylor Beseda 4 Apr 6, 2022
a stack-separated way to bringing together common AWS services useful in a fullstack application that uses AWS Amplify libraries

Fullstack CDK Helpers This project helps developers create common AWS services that are useful in creating fullstack applications. Backend services ar

Focus Otter 14 Nov 26, 2022
🥾 A simple way to do testing AWS Services and Jest or Serverless and Jest

jest-localstack-preset Install Install via yarn or npm $ yarn add https://github.com/thadeu/jest-localstack-preset.git or $ npm i https://github.com/t

thadeu 5 Oct 1, 2022
Get-A-Room example application using Domain Driven Design and Clean Architecture. Written in TypeScript and deployed to AWS with a serverless stack.

Domain Driven Microservices on AWS in Practice This project provides a Domain Driven Design & Clean Architecture-informed, multi-service event-driven

Mikael Vesavuori 5 Dec 31, 2022
An affordable and easy-to-use monitoring tool for your AWS serverless applications.

AWS Serverless Applications Monitoring Tool Table of Contents Motivation for Project Getting Started AWS End Users Installation and Setup Lambda Metri

OSLabs Beta 54 Sep 21, 2022
AWS Lambda and API Gateway, simplified for Javascript

alanajs AWS Lambda and API Gateway, simplified for JavaScript About alanajs Make setting up Lambda microservices easier than ever. alanajs is a free,

OSLabs Beta 64 Aug 1, 2022