Conversation
AshCorr
added
the
maintenance
AshCorr
force-pushed
the
ash/CDK2
branch
12 times, most recently
from
ba4f26d to
411fefb
Compare
AshCorr
commented
Feb 5, 2026
| PROD: IdentityGateway-euwest-1-PROD.template.json | ||
| amiEncrypted: true | ||
| templateParameters: | ||
| VpcId: /account/vpc/primary/id |
Member
Author
There was a problem hiding this comment.
This needs to be set for the first deployment to overwrite the existing VpcId parameter. CDK unfortunately doesn't seem to let us use an alternative name.
AshCorr
commented
Feb 5, 2026
| bucketSsmLookup: true | ||
| bucketSsmKey: /account/services/identity.artifact.bucket | ||
| prefixStack: false | ||
| asgMigrationInProgress: true |
Member
Author
There was a problem hiding this comment.
Riffraff gets angry when theres 2 ASG's with the same Stack, Stage, App tags unless you set this flag to tell it that its ok!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this change?
Spins up a separate stack of Gateway thats definied by CDK rather than Cloudformation. This allows us to take advantage of some newer features DevX have developed like standardized alarms and logging.
It also brings us closer to the organizations goal to migrate slowly to CDK from YAML.
This PR will provision 2 domains which will be accessed by fastly:
This follows the pattern used by Gatehouse https://github.com/guardian/gatehouse/blob/3e7ad9fdf34b3d9dc559fc7b5a5d9abf499ded79/cdk/bin/cdk.ts#L17. Eventually, we'll switch Fastly to point to the new origin domain and then tear down the old stack.
How has this change been tested?
Deployed to CODE and updated the Fastly VCL to point to the new Origin.
Rollback Steps
Annoyingly, after this PR is deployed it can't be automatically rolled back due to changes in the Cloudformation parameters & deletion protection on the Load Balancer
mainon riff-raff