Fluent Commerce Logo
Docs
Sign In

Connector Deployment Cloudformation

Essential knowledge

Author:

Fluent Commerce

Changed on:

31 Jan 2024

Overview

Attached to this page is the “connectors.yaml” template which is used to create Cloudformation Stack for the Connectors API. The resulting stack deploys ECS Fargate containers that run the API and produce a public endpoint. This public endpoint is secured with an SSL certificate which is applied to the Application Load Balancer.

Key points

  • Disclaimer
  • Prerequisites
  • Manual Deployments
  • Stack Provisioned

Disclaimer

The template provided here is a sample and may not work as is for all AWS accounts. It is also important to consider your company's requirements and adapt as necessary. This is not a production-ready template.

Prerequisites

To successfully deploy the stack, certain prerequisites should be in place. These are listed below:

  • A registered domain name
  • A public DNS zone for the domain
  • At least 1 private Subnet in the VPC
  • At least 1 public Subnet in the VPC
  • Permission to pull the required docker image from a container registry

Manual Deployments

When manually deploying the template through the Cloudformation console, you need to provide several Parameters applicable to your environment.

Note: There will be a few Parameters with default values. The environment-specific ones have been enclosed in angle brackets. You can replace these with the values specific to your environment.

No alt providedNo alt provided

After successful deployment of the stack, you can get the public endpoint by going to the “Outputs” tab on the stack. It will be listed next to “ConnectorsPublicURL” logical resource name.

Stack Provisioned

  • Secrets Manager - Used for credential storage.
  • SQS Queues - Used to receive events from commercetools and internal messages of the connector.
  • S3 - Log file storage.
  • CloudWatch - Steams container logs and collects metrics from the containers running.
  • ECS - Runs the Commercetools connector containers.
  • EventBridge - Holds the configuration and triggers execution of batch operations for the connector.
  • ELB / API endpoints - Exposes the Connector to the web, explained in more detail below.

There are 3 key endpoints provided as part of the commercetools Connector:

  • Fluent Webhook (/api/v1/fluent-connect/webhook): This is required to be public, and there can't be any form of security for it; it has to be open. The webhook contains a signature that is validated by the connector to guarantee authenticity and validate the sender (Fluent OMS).
  • Scheduler Endpoint (/api/v1/fluent-connect/scheduler/add/*): This should not be public as EventBridge is the only consumer - it can be on a private VPC.
  • Spring Actuators (/actuator/**): Provides health status for the container. Although it is configured to provide minimal information, it is best to keep it private.

As the connector has a web server running, if not secured or made private, it will respond to any HTTP requests, and when the resource is not found, it returns a blank with a 404 code. It is not necessary to secure the connector with a security layer such as Spring Security. Limiting the public URLs through CloudFormation should be sufficient.

If new custom endpoints are added to the connector, then the need for a security layer needs to be reconsidered.



Fluent Commerce

Fluent Commerce

Copyright © 2024 Fluent Retail Pty Ltd (trading as Fluent Commerce). All rights reserved. No materials on this docs.fluentcommerce.com site may be used in any way and/or for any purpose without prior written authorisation from Fluent Commerce. Current customers and partners shall use these materials strictly in accordance with the terms and conditions of their written agreements with Fluent Commerce or its affiliates.

Fluent Logo