Deployment process and change control

# Deployment process and change control ## Using CodeBuild and CodeDeploy with a proxy If we put in a proxy, ML could authorize that IP address and the proxy server can be placed in a secured VPC and the application can be configured to use that proxy as the API base URL? Maybe we can use API Gateway? Inspiration? https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-as-simple-proxy-for-http.html VPC CodeBuild Can CodeBuild be put in a certain VPC? Marnee to figure out how CodeBuild works with VPCs Collaborate through SLACK? ## Current manual process 1. Build and run tests in my development environment 2. If tests pass and everything looks ready to deploy 1. Setup AWS Secrets Manager secrets as needed for target environment (done by AWS admin) 1. Run publish script for target environment on local machine 2. Zip up published files 3. Login to LogMeIn 4. Login to server 5. Login to databse with SSMS 6. Stop application in IIS 7. Make database schema changes as needed 8. Map drive between server and local drive 9. Copy zip file to server 10. Make a backup of current application files 11. Unzip published files to target directory 12. Make configuration changes as needed 13. Start IIS > Note: this does not include installing updates to the .NET Runtime if needed. > Note: If there is more than one server hosting the target environment's application then I need to repeat steps 6-12 for each server **What can we do to automate this and make it a repeatable and audited process?** Earlier it was suggested that I try using BitBucket connected to an AWS service (CodeBuild, CodeDeploy, or CodePipeline). The reason this won't work is because those systems create virtual machines. When the integration tests run, they will fail because they will not be able to connect to the Micrologic API because it is firewalled off. > *Is there a way to handle this or get around it?* ## Recommended automation tools and methods **TeamCity** * Setup TeamCity on a server in the same network as the target environments. We can deploy this with an AMI and setup the dependencies as needed. * I like TeamCity because I am very familiar with how it works. It is not very different from CodeBuild * We can use TeamCity to pull code, build, run tests, and produce the published files that need to be deployed to the target environments. * TeamCity can be configured to use AWS CodeDeploy to deploy to the target environments * The TeamCity server can be configured with a static IP address and permitted to make requests to the Micrologic API staging environment so it can run the integration tests against the API **Why we can't use BitBucket or AWS CodeBuild** * BitBucket and CodeBuild can't connect to Micrologic to run tests. The API is firewalled for security purposes