Turnkey AWS with Paco: Managed web application with CI/CD

By Kevin Teague
Published on Feb 05, 2020

Our first Turnkey AWS with Paco introduced you to Paco and its turnkey AWS capabilities by showing you how to launch a simple WordPress site on AWS. That simple Paco starter project served as an introduction to the basics of Paco and a way to kick the tires (if you only wanted a small WordPress server on AWS, it would easier to use Amazon Lightsail).

Paco was designed to go far beyond simple solutions, though. It can handle complex multi-account, multi-region, multi-environment deployments. Paco is at its best when you want full dev/test/production environments complete with CI/CD, monitoring, backups, and all the other bells and whistles of a well-managed AWS solution.

In this post we will show you the managed-webapp-cicd Paco starter project, a much more ambitious project which builds an advanced, complete, real-world AWS solution.

This Paco starter project encapsulates core cloud management features that typically take weeks or months to build for a custom Infrastructure as Code project. Paco enables you to leverage all of those features in a ready-to-go solution.

Common concerns of applications in AWS

If you want to host a traditional EC2-based web application on AWS, you will typically provision a VPC with public and private subnets, an Application Load Balancer, an AutoScalingGroup of web servers, and an RDS database. You can create all those resources easily enough — you could write CloudFormation, use Terraform, or simply launch an ElasticBeanstalk in the AWS Console.

However, if the application has a significant number of users and has developer(s) writing new features and fixing bugs, there is a lot more needed than those core resources to produce a well-managed AWS application.

The table below shows some of the most common concerns of managing applications in AWS, what those concerns address, and AWS resources and tools to solve each one.

Bootstrap your AWS governance with Paco

The managed-webapp-cicd Paco starter project addresses all of the concerns listed above. It creates a ready-to-go Paco project that can provision and configure all of the AWS resources and code needed to support all of those concerns.

This starter project is a distillation of our work as AWS Consultants for a wide variety of companies and workloads, providing ready-to-go solutions for the most common concerns of well-governed applications in AWS.

The managed-webapp-cicd Paco starter project creates:

  • Multi-account IAM Users with cross-account Roles.
  • CloudTrail across accounts logging into a security account.
  • Dev, test and production environment cloned to separate accounts.
  • A cross-account CI/CD that can automatically deploy from a dev branch to dev environment, test branch to test environment, etc.
  • Route 53 HostedZone that is updated with Application Load Balancer records — setup dev.example.com, test.example.com and www.example.com
  • Monitoring with in-host metrics, centralized logging, alarms, log alarms and pre-built dashboards.
  • AWS Backup providing long-term backups of your production database.

For the application, we’ve included a simple Python Pyramid sample application. Unless you’re also using a Python Pyramid stack, you’ll use this as a starting point for how to customize installation and configuration for your applications stack.


Want help leveraging turnkey AWS solutions with Paco? Get in touch with Waterbear Cloud and talk to us about what we can do with growth ready automation and avoid the grunt work and get back to building your business.