Skip to content

Bonus 1

In this section you will create a public DNS name for the application. It's a CNAME pointing towards your newly created Application Load Balancer.

Add ALB Address to Route 53 Public DNS

  1. Import aws_route53 as route53 from aws_cdk
  2. Get the hosted zone route53.HostedZone.from_lookup()
    • ID = apprentice-0-hz
    • domain_name = aws-devops.polarsquad.training
  3. Create CNAME record route53.CnameRecord()
    • ID = apprentice-0-cname
    • domain_name = <alb-object>.load_balancer_dns_name
    • zone = <hosted zone object>
    • record_name = <username>

Now apply the changes and check if it works: \ http://<username>.aws-devops.polarsquad.training

Help 
from aws_cdk import aws_route53 as route53

hz = route53.HostedZone.from_lookup(self,'apprentice-0-hz', domain_name="aws-devops.polarsquad.training")
cname = route53.CnameRecord(
    self,
    'apprentice-0-cname',
    domain_name=alb.load_balancer_dns_name,
    zone=hz,
    record_name="apprentice-0"
)

Create Certificate for SSL connection

  1. Import aws_certificatemanager as acm from aws_cdk
  2. Create certificate acm.Certificate()
    • ID = <username>-crt
    • domain_name = <username>.aws-devops.polarsquad.training
    • validation = acm.CertificateValidation.from_dns(hosted_zone=<hosted_zone_object>)
  3. Remove ALB HTTP Listener
  4. Create new SSL Listener <alb_object>.add_listener()
    • ID = alb-ssl-listener-<username>
    • port = 443
    • certificate_arns = [<certificate_object>.certificate_arn]
  5. Create ALB Redirect <alb_object>.add_redirect()
    • source_port = 80
    • source_protocol = elbv2.ApplicationProtocol.HTTP
    • target_port= 443
    • target_protocol = elbv2.ApplicationProtocol.HTTPS
  6. Create SSL Listener Target <alb_ssl_listener_target>.add_targets()
    • ID = tg-ssl-<username>
    • port = 80
    • health_check = <alb_health_check_object>
    • targets = [<frontend_service_object]

Now apply the changes and check if it works: \ https://<username>.aws-devops.polarsquad.training

Help 
from aws_cdk import aws_certificatemanager as acm

cert = acm.Certificate(
    self,
    'apprentice-0-certificate',
    domain_name="apprentice-0.aws-devops.polarsquad.training",
    validation=acm.CertificateValidation.from_dns(hosted_zone=<hosted zone object>)
)

alb_listener_ssl = <alb_object>.add_listener(
    'alb-listener-apprentice-0-ssl',
    port=443,
    certificate_arns=[cert.certificate_arn]
)
alb.add_redirect(
    source_port=80,
    source_protocol=elbv2.ApplicationProtocol.HTTP,
    target_port=443,
    target_protocol=elbv2.ApplicationProtocol.HTTPS
)
alb_listener_ssl.add_targets(
    'tg-apprentice-0-ssl',
    port=80,
    health_check=alb_health_check,
    targets=[frontend_service]
)