Deploy CDK project

Save changes and compile the project.

Run cdk diff to take a look at the changes that are going to be deployed.

cdk diff

The output should look like this:

Stack NorthwindCdkStack
IAM Statement Changes
┌───┬───────────────────────────────────────────────┬────────┬─────────────────────────────────────────┬───────────────────────────────────────────────┬───────────┐
│   │ Resource                                      │ Effect │ Action                                  │ Principal                                     │ Condition │
├───┼───────────────────────────────────────────────┼────────┼─────────────────────────────────────────┼───────────────────────────────────────────────┼───────────┤
│ + │ ${NorthwindContainerRegistry.Arn}             │ Allow  │ ecr:BatchCheckLayerAvailability         │ AWS:${NorthwindService/TaskDef/ExecutionRole} │           │
│   │                                               │        │ ecr:BatchGetImage                       │                                               │           │
│   │                                               │        │ ecr:GetDownloadUrlForLayer              │                                               │           │
├───┼───────────────────────────────────────────────┼────────┼─────────────────────────────────────────┼───────────────────────────────────────────────┼───────────┤
│ + │ ${NorthwindService/TaskDef/ExecutionRole.Arn} │ Allow  │ sts:AssumeRole                          │ Service:ecs-tasks.amazonaws.com               │           │
├───┼───────────────────────────────────────────────┼────────┼─────────────────────────────────────────┼───────────────────────────────────────────────┼───────────┤
│ + │ ${NorthwindService/TaskDef/TaskRole.Arn}      │ Allow  │ sts:AssumeRole                          │ Service:ecs-tasks.amazonaws.com               │           │
├───┼───────────────────────────────────────────────┼────────┼─────────────────────────────────────────┼───────────────────────────────────────────────┼───────────┤
│ + │ ${NorthwindService/TaskDef/web/LogGroup.Arn}  │ Allow  │ logs:CreateLogStream                    │ AWS:${NorthwindService/TaskDef/ExecutionRole} │           │
│   │                                               │        │ logs:PutLogEvents                       │                                               │           │
├───┼───────────────────────────────────────────────┼────────┼─────────────────────────────────────────┼───────────────────────────────────────────────┼───────────┤
│ + │ *                                             │ Allow  │ ecr:GetAuthorizationToken               │ AWS:${NorthwindService/TaskDef/ExecutionRole} │           │
└───┴───────────────────────────────────────────────┴────────┴─────────────────────────────────────────┴───────────────────────────────────────────────┴───────────┘
IAM Policy Changes
┌───┬──────────────────────────────────────┬─────────────────────────────────────────────────┐
│   │ Resource                             │ Managed Policy ARN                              │
├───┼──────────────────────────────────────┼─────────────────────────────────────────────────┤
│ + │ ${NorthwindService/TaskDef/TaskRole} │ arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess │
└───┴──────────────────────────────────────┴─────────────────────────────────────────────────┘
Security Group Changes
┌───┬───────────────────────────────────────────────────┬─────┬────────────┬───────────────────────────────────────────────────┐
│   │ Group                                             │ Dir │ Protocol   │ Peer                                              │
├───┼───────────────────────────────────────────────────┼─────┼────────────┼───────────────────────────────────────────────────┤
│ + │ ${NorthwindDatabaseSecurityGroup.GroupId}         │ In  │ TCP 5432   │ ${NorthwindService/Service/SecurityGroup.GroupId} │
├───┼───────────────────────────────────────────────────┼─────┼────────────┼───────────────────────────────────────────────────┤
│ + │ ${NorthwindService/LB/SecurityGroup.GroupId}      │ In  │ TCP 80     │ Everyone (IPv4)                                   │
│ + │ ${NorthwindService/LB/SecurityGroup.GroupId}      │ Out │ TCP 80     │ ${NorthwindService/Service/SecurityGroup.GroupId} │
├───┼───────────────────────────────────────────────────┼─────┼────────────┼───────────────────────────────────────────────────┤
│ + │ ${NorthwindService/Service/SecurityGroup.GroupId} │ In  │ TCP 80     │ ${NorthwindService/LB/SecurityGroup.GroupId}      │
│ + │ ${NorthwindService/Service/SecurityGroup.GroupId} │ Out │ Everything │ Everyone (IPv4)                                   │
└───┴───────────────────────────────────────────────────┴─────┴────────────┴───────────────────────────────────────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Resources
[+] AWS::EC2::SecurityGroupIngress NorthwindDatabaseSecurityGroup/from NorthwindCdkStackNorthwindServiceSecurityGroup0D80B376:5432 NorthwindDatabaseSecurityGroupfromNorthwindCdkStackNorthwindServiceSecurityGroup0D80B376543269DAFC69
[+] AWS::ECS::Cluster NorthwindCluster NorthwindCluster3B481F84
[+] AWS::ElasticLoadBalancingV2::LoadBalancer NorthwindService/LB NorthwindServiceLB5B45FAA0
[+] AWS::EC2::SecurityGroup NorthwindService/LB/SecurityGroup NorthwindServiceLBSecurityGroup581D7D3B
[+] AWS::EC2::SecurityGroupEgress NorthwindService/LB/SecurityGroup/to NorthwindCdkStackNorthwindServiceSecurityGroup0D80B376:80 NorthwindServiceLBSecurityGrouptoNorthwindCdkStackNorthwindServiceSecurityGroup0D80B3768043881346
[+] AWS::ElasticLoadBalancingV2::Listener NorthwindService/LB/PublicListener NorthwindServiceLBPublicListenerCF4A4DEC
[+] AWS::ElasticLoadBalancingV2::TargetGroup NorthwindService/LB/PublicListener/ECSGroup NorthwindServiceLBPublicListenerECSGroup5397D08F
[+] AWS::IAM::Role NorthwindService/TaskDef/TaskRole NorthwindServiceTaskDefTaskRole89B171EB
[+] AWS::ECS::TaskDefinition NorthwindService/TaskDef NorthwindServiceTaskDef833B8ED7
[+] AWS::Logs::LogGroup NorthwindService/TaskDef/web/LogGroup NorthwindServiceTaskDefwebLogGroupC06E064B
[+] AWS::IAM::Role NorthwindService/TaskDef/ExecutionRole NorthwindServiceTaskDefExecutionRole7A827227
[+] AWS::IAM::Policy NorthwindService/TaskDef/ExecutionRole/DefaultPolicy NorthwindServiceTaskDefExecutionRoleDefaultPolicyC3AA9D52
[+] AWS::ECS::Service NorthwindService/Service/Service NorthwindService660CB69E
[+] AWS::EC2::SecurityGroup NorthwindService/Service/SecurityGroup NorthwindServiceSecurityGroup88F9781F
[+] AWS::EC2::SecurityGroupIngress NorthwindService/Service/SecurityGroup/from NorthwindCdkStackNorthwindServiceLBSecurityGroup01CA610E:80 NorthwindServiceSecurityGroupfromNorthwindCdkStackNorthwindServiceLBSecurityGroup01CA610E80EA1EE45C
[+] AWS::ApplicationAutoScaling::ScalableTarget NorthwindService/Service/TaskCount/Target NorthwindServiceTaskCountTarget55C41E97
[+] AWS::ApplicationAutoScaling::ScalingPolicy NorthwindService/Service/TaskCount/Target/CpuScaling NorthwindServiceTaskCountTargetCpuScaling54F33146

Outputs
[+] Output NorthwindService/LoadBalancerDNS NorthwindServiceLoadBalancerDNS2EB414C3: {"Value":{"Fn::GetAtt":["NorthwindServiceLB5B45FAA0","DNSName"]}}
[+] Output NorthwindService/ServiceURL NorthwindServiceServiceURLEECC8721: {"Value":{"Fn::Join":["",["http://",{"Fn::GetAtt":["NorthwindServiceLB5B45FAA0","DNSName"]}]]}}

As you can see there are 17 new resources that will be created.

Next deploy the updates using cdk deploy command.

cdk deploy

First it will show you long list of IAM statement changes, IAM policy changes and database security group changes. Please confirm by choosing Y.

Once it’s deployed, you will see the following:

NorthwindCdkStack: deploying...
NorthwindCdkStack: creating CloudFormation changeset...
 0/19 | 11:31:31 AM | CREATE_IN_PROGRESS   | AWS::Logs::LogGroup                         | NorthwindService/TaskDef/web/LogGroup (NorthwindServiceTaskDefwebLogGroupC06E064B)
  
  ..........

 17/19 | 11:34:59 AM | CREATE_COMPLETE      | AWS::ApplicationAutoScaling::ScalableTarget | NorthwindService/Service/TaskCount/Target (NorthwindServiceTaskCountTarget55C41E97)
 17/19 | 11:35:04 AM | CREATE_IN_PROGRESS   | AWS::ApplicationAutoScaling::ScalingPolicy  | NorthwindService/Service/TaskCount/Target/CpuScaling (NorthwindServiceTaskCountTargetCpuScaling54F33146)
 17/19 | 11:35:04 AM | CREATE_IN_PROGRESS   | AWS::ApplicationAutoScaling::ScalingPolicy  | NorthwindService/Service/TaskCount/Target/CpuScaling (NorthwindServiceTaskCountTargetCpuScaling54F33146) Resource creation Initiated
 18/19 | 11:35:04 AM | CREATE_COMPLETE      | AWS::ApplicationAutoScaling::ScalingPolicy  | NorthwindService/Service/TaskCount/Target/CpuScaling (NorthwindServiceTaskCountTargetCpuScaling54F33146)

 ✅  NorthwindCdkStack

Outputs:
NorthwindCdkStack.NorthwindServiceServiceURLEECC8721 = http://North-North-19ECBF9T2105W-538194145.eu-west-1.elb.amazonaws.com
NorthwindCdkStack.ContainerRegistry = 404486542784.dkr.ecr.eu-west-1.amazonaws.com/northwind
NorthwindCdkStack.CodeRepository = https://git-codecommit.eu-west-1.amazonaws.com/v1/repos/Northwind
NorthwindCdkStack.PostgreSQLEndpointAddress = northwind-postgresql.cluster-cyhlwzws5aoz.eu-west-1.rds.amazonaws.com
NorthwindCdkStack.NorthwindServiceLoadBalancerDNS2EB414C3 = North-North-19ECBF9T2105W-538194145.eu-west-1.elb.amazonaws.com

Stack ARN:
arn:aws:cloudformation:eu-west-1:404486542784:stack/NorthwindCdkStack/f78fb1c0-8ed1-11ea-8a83-0a0af0d573f8

Copy URL from the stack output above http://North-North-19ECBF9T2105W-538194145.eu-west-1.elb.amazonaws.com and open in your browser.

Go to Products page. Nuget

Congratulations!

You application is now running in the fleet of AWS Fargate containers behind Application Load Balancer.

On the AWS Console page, click on the ECS link under the Compute section (or search for ECS). There you can take a deeper look at the created ECS cluster, service and task.

ECS