Integrate with AWS (Compass) – Connected AWS environments
Integrate with AWS (Compass) – Connect AWS environment(s)
Integrate with AWS (Compass) – Import AWS resource(s)
Integrate with AWS (Compass) – AWS metadata labels and dashboard deep links
Integrate with AWS (Compass) – Application Manager console as dashboard deep link target
Integrate with AWS (Compass) – Compliant resource with child resources
Integrate with AWS (Compass) – Noncompliant resource with audit link
Integrate with AWS (Compass) – AWS Config console as audit link target
We have been following the launch and evolution of the Compass platform with great interest from day one, not the least because its architecture seems to align with our own requirements and ideas on how to build a custom developer portal to manage the ever sprawling distributed microservices that result from our team's preference for serverless architectures.
We particularly enjoy Compass' excellent extensibility atop Forge and evolving deep integration with the entire Atlassian toolchain. The platform is actively reshaping how we manage the AWS backend services for our own Atlassian app portfolio, and Codegeist has been the perfect opportunity to publish an app to share some of those capabilities and learn from other AWS user's feedback.
What it does
Integrate with AWS allows you to link and track your Amazon Web Services (AWS) resources right from your DevOps workflows in Compass – you can connect one or more AWS environments (an account/region combination) via a CloudFormation based onboarding process, and once connected, it currently allows you to:
- Import AWS resources as Compass components
- Search AWS backed components via AWS metadata like account, region, and resource type
- Follow contextual deep links to AWS resources and dashboards
- Inspect AWS resource details and track resource health and compliance
How we built it
The app backend is implemented on AWS via a serverless and primarily event-driven architecture based on Amazon API Gateway (HTTP), Amazon DynamoDB, Amazon EventBridge, AWS Lambda, and AWS Step Functions. We are leveraging the Cloud Development Kit (CDK) to orchestrate the provisioning of the various CloudFormation stacks.
The app frontend is implemented on Forge and uses the Forge GraphQL Toolkit to drive the relevant Compass DevOps APIs for component import and synchronization.
Challenges we ran into
We remain constrained by the current limits of UI Kit, which prevents us from providing more dynamic and reactive UIs as well as an easier to digest information layout, for example, on the 'AWS resources' component page. Notably it remains impossible to inline images, which would allow us to use more AWS Architecture Icons for link composition to great effect. While the achieved design seems sufficient for the current Compass audience, it might not be ideal for more demanding users of commercial Jira or Confluence apps.
We also had trouble with links on the component overview page because the smart link alike behavior of the built-in link renderer does not work with the authenticated AWS console. Neither icons nor link titles had been rendered, resulting in fairly unappealing links that made it hard to identify the link target. Fortunately this has been mostly addressed by the recent component overview redesign, all links now render with proper titles in the sidebar. We will work with the Compass team to hopefully also get the icons show up down the road.
Accomplishments that we're proud of
We are quite happy about the fully automated onboarding process via AWS CloudFormation stacks that works identical no matter whether you connect a single account and region, or possibly hundreds, as sometimes encountered in Enterprise scenarios. This has been made possible by the completely serverless and primarily event-driven approach so that the app is scalable and quickly evolvable from day one.
What we learned
We continue to learn our ways around ever growing distributed architectures, which remains a significant challenge despite the quickly evolving DevOps practices and serverless toolkit. The Compass platform provides a great opportunity to evolve our practices in parallel to building out custom tooling and automation that matches our processes.
Compass' extensibility is excellent, and it really shows that the project has been built on Forge from day one. Most notably the Compass team has been super helpful and responsive with addressing a few issues we encountered along the way.
What's next for Integrate with AWS (Compass)
While the onboarding process is fully automated, there is room for improvement in terms of speeding up the process in general and providing feedback more quickly to the user in particular. More importantly, we want to fully utilize all capabilities of the evolving Compass platform, and we are currently exploring how to enrich the integration with AWS events and metrics, for example:
- Ingestion of AWS service events into the Compass activity stream - notable candidates are AWS Config configuration and compliance change events, AWS Tagging events, and of course CloudFormation deployment events for AWS resources associated with a Compass component
- Ingestion of applicable AWS resource metrics, and ideally providing sensible default scorecards for AWS workloads like 'AWS compliance score' (AWS Config), 'AWS security score' (AWS Security Hub), 'AWS resiliency score' (AWS Resiliency Hub), and 'AWS well-architected score' (AWS Well-Architected Tool)
Once these events and metrics are in place, we also want to ingest deployment events from CodeBuild, CodeDeploy, CodePipeline, and other applicable services. However, for separation of concerns, this will likely be offered via a separate 'Develop with AWS (Compass)' app to complement our upcoming Develop with AWS (Jira) solution.
- From a related angle, the current features of 'Integrate with AWS (Compass)' could also be complemented with similar capabilities in future sibling apps for other Atlassian products, for example, an 'AWS resources' gadget for Jira dashboards and an 'AWS resources' macro in Confluence.
We'd love to get your feedback! Let us know which AWS integrations for Compass would simplify the management of your distributed architecture via a comment below.