Deployment to AWS using AWS Copilot (#811)

* TLK-1507 - AWS Copilot deployment to ECS initial commit

* TLK-1507 - AWS Copilot deployment to ECS initial commit

* TLK-1507 - AWS Copilot deployment to ECS

* TLK-1507 - AWS Copilot deployment to ECS - lint

* TLK-1507 - AWS Copilot deployment to ECS

* TLK-1507 - AWS Copilot deployment to ECS

* TLK-1507 - AWS Copilot deployment to ECS - review fixes

* TLK-1507 - AWS Copilot deployment to ECS - review fixes

* TLK-1507 - AWS Copilot deployment to ECS - review fixes

* TLK-1507 - AWS Copilot deployment to ECS - review fixes

aws_copilot_deploy/aws-api.Dockerfile

@@ -0,0 +1,48 @@
+FROM python:3.11
+
+# Keeps Python from generating .pyc files in the container
+# Turns off buffering for easier container logging
+# Force UTF8 encoding for funky character handling
+# Needed so imports function properly
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+ENV PYTHONIOENCODING=utf-8
+ENV PYTHONPATH=/workspace/src/
+# Keep the venv name and location predictable
+ENV POETRY_VIRTUALENVS_IN_PROJECT=true
+
+# "Activate" the venv manually for the context of the container
+ENV VIRTUAL_ENV=/workspace/.venv
+ENV PATH="$VIRTUAL_ENV/bin:$PATH"
+
+WORKDIR /workspace
+
+# Need to expose port in ENV to use in CMD
+ARG PORT=8000
+ENV PORT=${PORT}
+
+# Build with community packages
+ARG INSTALL_COMMUNITY_DEPS
+
+# Copy dependency files to avoid cache invalidations
+COPY ./pyproject.toml poetry.lock ./
+
+# Install poetry
+RUN pip install --no-cache-dir poetry==1.6.1
+
+# Conditional installation of dependencies
+RUN if [ "$INSTALL_COMMUNITY_DEPS" = "true" ]; then \
+      poetry install --with dev,community; \
+    else \
+      poetry install --with dev; \
+    fi
+
+COPY src/backend src/backend/
+COPY src/community src/community/
+
+# Copy environment variables optionally 
+# IMPORTANT: Can't be put in the docker-compose, will break tests
+COPY .en[v] .env
+
+EXPOSE ${PORT}
+CMD uvicorn backend.main:app --reload --host 0.0.0.0 --port ${PORT} --timeout-keep-alive 300

aws_copilot_deploy/aws-db.Dockerfile

@@ -0,0 +1 @@
+FROM postgres:14.11-alpine

aws_copilot_deploy/aws-fe.Dockerfile

@@ -0,0 +1,31 @@
+FROM node:20-alpine AS base
+
+WORKDIR /app
+
+# Install dependencies based on the preferred package manager
+COPY package.json package-lock.json ./
+RUN npm ci
+
+COPY src ./src
+COPY public ./public
+COPY next.config.mjs .
+COPY tsconfig.json .
+COPY tailwind.config.js .
+COPY postcss.config.js .
+COPY .en[v] .env
+
+# Next.js collects completely anonymous telemetry data about general usage. Learn more here: https://nextjs.org/telemetry
+# Uncomment the following line to disable telemetry at run time
+# ENV NEXT_TELEMETRY_DISABLED 1
+
+# Note: Don't expose ports here, Compose will handle that for us
+
+# Start Next.js in development mode based on the preferred package manager
+FROM base as dev
+CMD npm run dev
+
+
+# Production specifc tareget
+FROM base AS prod
+RUN npm run build
+CMD npm run start

aws_copilot_deploy/aws-nginx.Dockerfile

@@ -0,0 +1,8 @@
+FROM nginx:alpine
+
+RUN rm -f /etc/nginx/conf.d/*
+ADD aws_copilot_deploy/nginx.conf /etc/nginx/nginx.conf
+
+EXPOSE 8090
+
+CMD [ "nginx" , "-g" , "daemon off;" ]

aws_copilot_deploy/aws-terrarium.Dockerfile

@@ -0,0 +1,5 @@
+FROM ghcr.io/cohere-ai/terrarium:latest
+
+EXPOSE 8080
+
+

aws_copilot_deploy/aws_cleanup.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+set -e
+# Delete the app
+copilot app delete

aws_copilot_deploy/aws_deploy.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+set -e
+# Backend App
+copilot app init toolkit-app
+copilot env init -n dev --profile default --default-config
+copilot svc init --name toolkit-app-db --svc-type "Backend Service" --dockerfile ./aws_copilot_deploy/aws-db.Dockerfile --port 5432
+copilot svc init --name toolkit-app-terrarium --svc-type "Backend Service" --dockerfile ./aws_copilot_deploy/aws-terrarium.Dockerfile --port 8080
+copilot svc init --name toolkit-app-api --svc-type "Backend Service" --dockerfile ./aws_copilot_deploy/aws-api.Dockerfile --port 8000
+copilot svc init --name toolkit-app-fe --svc-type "Backend Service" --dockerfile ./aws_copilot_deploy/aws-fe.Dockerfile --port 4000
+copilot svc init --name toolkit-app-nginx --svc-type "Load Balanced Web Service" --dockerfile ./aws_copilot_deploy/aws-nginx.Dockerfile --port 8090
+
+copilot env deploy --name dev
+copilot svc deploy --name toolkit-app-db --env dev
+copilot svc deploy --name toolkit-app-terrarium --env dev
+copilot svc deploy --name toolkit-app-api --env dev
+copilot svc exec -a toolkit-app -e dev --name toolkit-app-api --command "alembic -c src/backend/alembic.ini upgrade head"
+copilot svc deploy --name toolkit-app-fe --env dev
+copilot svc deploy --name toolkit-app-nginx --env dev

aws_copilot_deploy/nginx.conf

@@ -0,0 +1,83 @@
+user  nginx;
+worker_processes auto;
+pid        /var/run/nginx.pid;
+
+events {
+worker_connections 768;
+# multi_accept on;
+}
+
+http {
+
+##
+# Basic Settings
+##
+
+sendfile on;
+tcp_nopush on;
+tcp_nodelay on;
+keepalive_timeout 65;
+types_hash_max_size 2048;
+client_max_body_size 50M;
+# server_tokens off;
+
+# server_names_hash_bucket_size 64;
+# server_name_in_redirect off;
+
+include /etc/nginx/mime.types;
+default_type application/octet-stream;
+
+    upstream backend {
+        server toolkit-app-api.dev.toolkit-app.local:8000;
+    }
+
+    upstream frontend {
+        server toolkit-app-fe.dev.toolkit-app.local:4000;
+    }
+
+    server {
+        listen 8090 default_server;
+        listen [::]:8090 default_server;
+
+        location /api {
+            rewrite /api/(.*) /$1  break;
+            proxy_pass         http://backend;
+            proxy_redirect     off;
+            proxy_set_header   Host $host;
+            proxy_set_header   X-Real-IP $remote_addr;
+            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Host $server_name;
+        }
+
+        location / {
+            proxy_pass         http://frontend;
+            proxy_redirect     off;
+            proxy_set_header   Host $host;
+            proxy_set_header   X-Real-IP $remote_addr;
+            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Host $server_name;
+        }
+    }
+
+##
+# SSL Settings
+##
+
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+ssl_prefer_server_ciphers on;
+
+##
+# Logging Settings
+##
+
+access_log /var/log/nginx/access.log;
+error_log /var/log/nginx/error.log;
+
+##
+# Gzip Settings
+##
+
+gzip on;
+
+include /etc/nginx/conf.d/*.conf;
+}

copilot/environments/dev/manifest.yml

@@ -0,0 +1,21 @@
+# The manifest for the "dev" environment.
+# Read the full specification for the "Environment" type at:
+#  https://aws.github.io/copilot-cli/docs/manifest/environment/
+
+# Your environment name will be used in naming your resources like VPC, cluster, etc.
+name: dev
+type: Environment
+
+# Import your own VPC and subnets or configure how they should be created.
+# network:
+#   vpc:
+#     id:
+
+# Configure the load balancers in your environment, once created.
+# http:
+#   public:
+#   private:
+
+# Configure observability for your environment resources.
+observability:
+  container_insights: false

copilot/toolkit-app-api/manifest.yml

@@ -0,0 +1,45 @@
+# The manifest for the "toolkit-app-api" service.
+# Read the full specification for the "Backend Service" type at:
+#  https://aws.github.io/copilot-cli/docs/manifest/backend-service/
+
+# Your service name will be used in naming your resources like log groups, ECS services, etc.
+name: toolkit-app-api
+type: Backend Service
+
+# Your service does not allow any traffic.
+
+# Configuration for your containers and service.
+image:
+  # Docker build arguments. For additional overrides: https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/#image-build
+  build:
+    context: .
+    args:
+      INSTALL_COMMUNITY_DEPS: false
+    dockerfile: aws_copilot_deploy/aws-api.Dockerfile
+  # Port exposed through your container to route traffic to it.
+  port: 8000
+
+cpu: 256       # Number of CPU units for the task.
+memory: 1024    # Amount of memory in MiB used by the task.
+platform: linux/x86_64     # See https://aws.github.io/copilot-cli/docs/manifest/backend-service/#platform
+count: 1       # Number of tasks that should be running in your service.
+exec: true     # Enable running commands in your container.
+
+# storage:
+  # readonly_fs: true       # Limit to read-only access to mounted root filesystems.
+
+# Optional fields for more advanced use-cases.
+#
+variables:                    # Pass environment variables as key value pairs.
+  PYTHON_INTERPRETER_URL: http://toolkit-app-terrarium.dev.toolkit-app.local:8080
+#  LOG_LEVEL: info
+
+#secrets:                      # Pass secrets from AWS Systems Manager (SSM) Parameter Store.
+#  GITHUB_TOKEN: GITHUB_TOKEN  # The key is the name of the environment variable, the value is the name of the SSM parameter.
+
+# You can override any of the values defined above by environment.
+#environments:
+#  test:
+#    count: 2               # Number of tasks to run for the "test" environment.
+#    deployment:            # The deployment strategy for the "test" environment.
+#       rolling: 'recreate' # Stops existing tasks before new ones are started for faster deployments.

copilot/toolkit-app-db/manifest.yml

@@ -0,0 +1,46 @@
+# The manifest for the "toolkit-app-db" service.
+# Read the full specification for the "Backend Service" type at:
+#  https://aws.github.io/copilot-cli/docs/manifest/backend-service/
+
+# Your service name will be used in naming your resources like log groups, ECS services, etc.
+name: toolkit-app-db
+type: Backend Service
+
+# Your service is reachable at "http://toolkit-app-db.${COPILOT_SERVICE_DISCOVERY_ENDPOINT}:5432" but is not public.
+
+# Configuration for your containers and service.
+image:
+  # Docker build arguments. For additional overrides: https://aws.github.io/copilot-cli/docs/manifest/backend-service/#image-build
+  build:
+    context: .
+    dockerfile: aws_copilot_deploy/aws-db.Dockerfile
+
+  # Port exposed through your container to route traffic to it.
+  port: 5432
+
+cpu: 256       # Number of CPU units for the task.
+memory: 1024    # Amount of memory in MiB used by the task.
+platform: linux/x86_64     # See https://aws.github.io/copilot-cli/docs/manifest/backend-service/#platform
+count: 1       # Number of tasks that should be running in your service.
+exec: true     # Enable running commands in your container.
+network:
+  connect: true # Enable Service Connect for intra-environment traffic between services.
+
+# storage:
+  # readonly_fs: true       # Limit to read-only access to mounted root filesystems.
+
+# Optional fields for more advanced use-cases.
+#
+variables:                    # Pass environment variables as key value pairs.
+  POSTGRES_USER: postgres
+  POSTGRES_PASSWORD: postgres
+
+#secrets:                      # Pass secrets from AWS Systems Manager (SSM) Parameter Store.
+#  GITHUB_TOKEN: GITHUB_TOKEN  # The key is the name of the environment variable, the value is the name of the SSM parameter.
+
+# You can override any of the values defined above by environment.
+#environments:
+#  test:
+#    count: 2               # Number of tasks to run for the "test" environment.
+#    deployment:            # The deployment strategy for the "test" environment.
+#       rolling: 'recreate' # Stops existing tasks before new ones are started for faster deployments.

copilot/toolkit-app-fe/manifest.yml

@@ -0,0 +1,46 @@
+# The manifest for the "toolkit-app-fe" service.
+# Read the full specification for the "Backend Service" type at:
+#  https://aws.github.io/copilot-cli/docs/manifest/backend-service/
+
+# Your service name will be used in naming your resources like log groups, ECS services, etc.
+name: toolkit-app-fe
+type: Backend Service
+
+# Your service is reachable at "http://toolkit-app-fe.${COPILOT_SERVICE_DISCOVERY_ENDPOINT}:4000" but is not public.
+
+# Configuration for your containers and service.
+image:
+  # Docker build arguments. For additional overrides: https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/#image-build
+  build:
+    context: ./src/interfaces/assistants_web
+    target: dev
+    dockerfile: aws_copilot_deploy/aws-fe.Dockerfile
+
+  # Port exposed through your container to route traffic to it.
+  port: 4000
+
+cpu: 2048       # Number of CPU units for the task.
+memory: 4096    # Amount of memory in MiB used by the task.
+platform: linux/x86_64  # See https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/#platform
+count: 1       # Number of tasks that should be running in your service.
+exec: true     # Enable running commands in your container.
+
+# storage:
+  # readonly_fs: true       # Limit to read-only access to mounted root filesystems.
+
+# Optional fields for more advanced use-cases.
+#
+variables:                    # Pass environment variables as key value pairs.
+  API_HOSTNAME: http://toolkit-app-api.dev.toolkit-app.local:8000
+  NEXT_PUBLIC_API_HOSTNAME: /api
+  NEXT_PUBLIC_GOOGLE_DRIVE_CLIENT_ID: ''
+  NEXT_PUBLIC_GOOGLE_DRIVE_DEVELOPER_KEY: ''
+#secrets:                      # Pass secrets from AWS Systems Manager (SSM) Parameter Store.
+#  GITHUB_TOKEN: GITHUB_TOKEN  # The key is the name of the environment variable, the value is the name of the SSM parameter.
+
+# You can override any of the values defined above by environment.
+#environments:
+#  test:
+#    count: 2               # Number of tasks to run for the "test" environment.
+#    deployment:            # The deployment strategy for the "test" environment.
+#       rolling: 'recreate' # Stops existing tasks before new ones are started for faster deployments.