A presentation delivered to the Melbourne AWS Meetup on the May 24, 2018 . Discusses the implementation of the new AWS Containers sub-generator, which allows JHipster applications to be deployed on Amazon ECS, leveraging Fargate.

1. JHipster
on AWS
A tale of shiny things
Gerard Gigliotti

2. ● Started life as an opinionated code generator, for generating Spring
Boot + Angular Web Applications (now React as well):
● Moved into an opinionated development platform to generate,
develop and deploy Microservices:
What is JHipster?
+ =

3. All things client side

4. All things server side

5. All things deployment side

6. Current JHipster MicroService View of the World

7. Future JHipster MicroService View of the World

8. Enter… AWS

9. Existing AWS Generator
● Based on Elastic Beanstalk, using the Tomcat as the deployment
option. Everything else had moved to Docker.
● Used the AWS API to deploy, without extensive error handling. If it
fails halfway through…
● Easy to make mistakes with input. Limited validation before execute.
● No clear understanding of what it actually does to your account.
● Not really supported by anyone, and hadn’t been updated in years.

10. Shiny New Toys
● AWS Announced Fargate support in late November 2017.
● What is Fargate?
○ Allows you to run containers without having to manage servers.
○ At the time was only available in us-west-1, with all the other cool kids.
○ On-demand pricing model *

11. Elastic Container Service 101
Container Definition
Task Definition
Service
Cluster

12. Generator
Implementation

13. Our Goal
● Docker based.
● Leverage AWS Native where possible.
● Turnkey deployment. Similar to the Heroku Generator.
● Avoid analysis paralysis with questions asked.
● Pre-populate with data based on a user’s AWS account. VPC IDs,
Subnets etc…
● Monolith option to start with.
● CloudFormation.

14. High Level Design

15. Generator Flow Chart
Start, pre-populate data
from Account
Deployment
Questions
More
Questions
?
Retrieve More Data
Inject Spring Cloud
Templates
Deploy?
Compile + Package
Project
Run CF Part #1
Upload Docker
Image to ECR
Generate CF
Run CF Part #2
End, Bezos Profit
Yes
No
Yes
No

16. Issues
Opportunities

17. Yeoman
● JHipster was originally a
yeoman-generator, but is now a
standalone CLI, which uses yeoman
underneath.
● Wanted to align with the existing
codebase as much as possible.
● Getting our head around the Yeoman
context took a while.
● this.async used heavily as some kind of
punishment.
● Understanding the Yeoman runtime
context is important.

18. CloudFormation
● Spinning up the stack is slow (mainly due
to Aurora). Small Aurora instance on
Sunday night took ~8 minutes to spin up.
● Went with a nested-stack approach,
allowing you to deploy multiple
applications at the same time.
● Split the script into two phases, using
Conditions to toggle the service on and
off.
● CloudFormation files defined in EJS.

19. Fargate Costs $$$$?
● Current pricing model primarily targeted at infrequent (ie, not
continuously running) processes.
● Price per vCPU is $0.00001406 per second ($0.0506 per hour) and
per GB memory is $0.00000353 per second ($0.0127 per hour).
● Assuming that 1 vCPU is the same between Fargate and EC2...
● Fargate Pricing: 1 vCPU + 2GB running all month
○ ($0.0506 * 24 * 31) + ($0.0127 * 24 * 31) = 37.6464 + 9.4488 = $47.0952 a
month
● EC2 Pricing
○ ($0.023 * 24 * 31) = $17.112 a month.
● However if you’re allergic to any kind of system management, that
might look like a bargain.

20. Secure Access to Aurora Part 1
● Password for database access. Can use IAM with Aurora with MySQL
compatibility, but doesn't work with Aurora with Postgres.
● General things you shouldn’t do:
○ Bake them into the CloudFormation file.
○ Expose via Environment Variables in the Task Definition.
● Decided on AWS Systems Manager (SSM) SecureString to store the
password. Unfortunately not directly supported by CloudFormation.
● Our Solution: Asks for the database password once, stores it in SSM.
When needed for subsequent executions of the CloudFormation
script, it reads it back in.

21. Secure Access to Aurora Part 2
● How to get the password into Spring?
● Spring Cloud:
○ Has an AWS Spring Cloud Connector, but doesn’t support SSM.
○ However, does introduce a BootStrap Application Context.
● Wires in a new PropertySourceLocator object which retrieves any
properties set via AWSSimpleSystemsManagement. Makes the
properties available via existing Spring PropertySource mechanism.
● From an IAM perspective, the task has a role which allows access to
the SSM Secure String.

22. Fargate != Lambda
● Although you don’t have to worry about servers, AWS does, and you
can see it.
● Startup time for a JHipster task approximately 40 seconds. Seems to
take longer if the cluster is new.

23. Can’t Get Host Address
This doesn’t work by default in a container running in Fargate.

24. Random Tidbits
● Can’t delete an Elastic Container Registry if there are images in it.
● Initially we were going to deploy a VPC as part of the generator.
Decided against that due to complexity. Supports default VPC (for
the lazy), and a basic two-tier model.
● Even with a CLI, it’s still good to show loading behaviour.

25. Demo
Blurry Screenshots

26. Generator Questions

27. Logging Example

28. Roadmap

29. Things to come...
● Ability to delete the stack from the cli.
● Ability to deploy to EC2 Instances & Fargate.
● Microservice support; waiting on EKS.
○ Existing Kubernetes generator is heavily used, but not as turn-key as I
would like.
● HTTPS support would be great...

30. All the Links
Main Site: http://www.jhipster.tech/
Source Code: https://github.com/jhipster/generator-jhipster
AWS Guide: https://www.jhipster.tech/aws/
CI/CD Talk:
https://gerard.gigliotti.com.au/putting-the-fun-into-function
ing-ci-cd-ae7adb19ea17

31. Fin

32. PARIS
BORDEAUX
NANTES
WASHINGTON, DC
NEW-YORK
RICHMOND, VA
MARRAKECH
MELBOURNE
contact@ippon.fr
www.ippon.fr
www.ippon-hosting.com
www.ippon-digital.fr
@ippontech
01 46 12 48 48