feat: Fully switch to GuCDK instead of YAML.

[AshCorr]

What does this change?

Switch fully over to GuCDK instead of YAML.

This allows us to use Guardian standard patterns/configs and brings us more inline with Department recommendations.

For this Migration I've kept most of the defaults specified by the GuNodeApp pattern. Below lists all of the following changes impacted by using GuNodeApp:

• AutoScalingGroup
  • HealthCheckGracePeriod reduced from 300 seconds to 120 seconds. Gateway starts fairly quickly so we don't need more than the default 120 seconds.
  • AutoScaling metrics enabled. Has a minimal cost impact from recording a few more cloudwatch metrics.
• LoadBalancer
  • Deletion protection enabled. Load Balancers are stateful so it would be pretty bad if it was deleted.
  • Enable dropping invalid headers. Amazon defines Invalid Headers as headers that dont match the regex [-A-Za-z0-9]+ (only alphanumeric characters and hyphens allowed) which shouldn't apply to any of our headers (will double check before merging)
  • Reduced deregistration delay from 45 seconds to 30. This controls how long AWS will wait for connections to drain from an instance before removing it from the loadbalancer, since Gateway doesn't do any kind of polling most connections open and close within a few seconds, so a long delay is unecessary.
• Security Groups
  • Remove inbound/outbound rules for port 443 between the Load Balancer and the EC2 instance. Gateway uses port 9233 for HTTP traffic.

How to test

Deploy to CODE.

[github-actions]

Deploy build 10233 of identity:identity-gateway to CODE

All deployment options

• Deploy build 10233 of identity:identity-gateway to CODE
• Deploy parts of build 10233 to CODE by previewing it first
• What's on CODE right now?

---

From guardian/actions-riff-raff.