Skip to main content
Version: 3.0.1

Deployment Operations

Vapor Configuration

Vapor Secret in Deployment Console Project

For each project, there should be a vapor secret for aws credentials to be saved to use by deployment console

After changing vapor env secret a deployment is required. redeploy from vapor does not take the vapor secret changes in to consideration.

Re-run the Github action of deployment console to affect this change.

Variable NamePossible Default ValueNotes
Key Format

AWS_CREDENTIALS_<PROJECT_NAME_IN_SNAKE_CASE_AND_UPPER_CASE>

Value Format

<AWS_ACC_ID>,<AWS_ACCESS_KEY>,<AWS_SECRET_KEY>		eg:

project name: qa-viracor

env secret:
key: AWS_CREDENTIALS_QA_VIRACOR
value: <PLACEHOLDER>

S3 Bucket Provisioning

Standard Folder Structure

Each client deployment requires an S3 bucket with the following folder structure provisioned:

{client-bucket}/
├── toPcrai/           # Monitored import folder (S3 event trigger)
├── Processing/        # Temporary folder during import
├── Problem_Files/     # Failed imports with error logs
├── LIMS_Reports/      # LIMS export destination
├── archive/           # Successfully processed files
└── calibrations/      # DXAI calibration files (chill-rabbit-calibrations bucket)

Provisioning Steps

  1. Bucket Creation: Create S3 bucket in client's AWS account

    • Naming convention: {client-name}-pcrai-{environment}
    • Region: Match Vapor deployment region (typically us-east-1)

  2. Folder Setup: Create empty folders for each standard path

    • Use S3 console or CLI: aws s3api put-object --bucket {bucket} --key {folder}/

  3. Event Notifications: Configure S3 event notification for toPcrai/ folder

    • Event type: s3:ObjectCreated:*
    • Destination: SQS queue for Lambda processing

  4. IAM Permissions: Attach bucket policy for Vapor Lambda role

    • Actions: s3:GetObject, s3:PutObject, s3:DeleteObject, s3:ListBucket
    • Resources: arn:aws:s3:::{bucket}/*

  5. Multi-Site Setup (if enabled): Create site-level subfolders

    • Each site gets its own folder with standard structure nested within

Related Requirement: REQ-SITE-001 - Provision Storage on Site Creation

DynamoDB Session Table

Auto-Provisioning via Laravel Vapor

Laravel Vapor automatically provisions and configures DynamoDB for session storage when SESSION_DRIVER=dynamodb is set in environment variables.

Table Configuration (Vapor-managed):

PropertyValue
Table Name{project}-{environment}-sessions
Primary Keyid (String)
TTL Attributeexpires (enabled)
Billing ModeOn-demand (PAY_PER_REQUEST)

Session Behavior:

  • Sessions stored as JSON documents in DynamoDB
  • TTL automatically cleans expired sessions
  • Single-device enforcement via Cognito GlobalSignOut (not DynamoDB-level)

No Manual Setup Required: Vapor handles table creation, IAM roles, and environment variable injection during deployment.

Verification: After deployment, verify session table exists:

aws dynamodb describe-table --table-name {project}-{environment}-sessions

Related Requirement: REQ-USERMGMT-011 - Manage User Sessions

Cognito User Pool Setup

Process for setting up new Cognito user pools

Create new User Pool

image3

Use default settings

image4

Choose custom attribute

image5

Add custom attributes

image6

Provide custom attribute name "UserGroup" press "Next Step" button

image7

Go to review tab and finish creating pool

image8

Create SAML provider and map custom attributes

Environment URL Changes

Design Context: Domain changes require updates across:

  • Vapor deployment manifest
  • Cloudflare DNS CNAME records
  • Cognito User Pool callback URLs
  • Laravel environment variables (APP_URL)

Deployment Checklist

Pre-Deployment Checks

CheckActionVerify
1. Code ReviewAll PRs merged and approvedGitHub PR status
2. Tests PassingCI/CD pipeline greenGitHub Actions
3. Environment VariablesAll required vars setVapor console
4. Secrets UpdatedAPI keys, credentials currentVapor secrets
5. Database MigrationsMigrations reviewedMigration files
6. BackupDatabase snapshot takenAWS RDS console

Deployment Steps

  1. Initiate Deployment

    • Use Deployment Console or vapor deploy {environment}
    • Select appropriate version tag

  2. Monitor Deployment

    • Watch Vapor console for deployment progress
    • Check Lambda function deployment status

  3. Post-Deployment Validation

    • Verify application responds: curl https://{domain}/api/health
    • Check critical paths: login, run list, import
    • Verify database connectivity via application logs

  4. Smoke Test

    • Login as test user
    • Navigate to run file list
    • Verify real-time features (Pusher) working

Rollback Procedures

Rollback via Vapor Console:

  1. Navigate to Vapor → Project → Environment → Deployments
  2. Locate the previous stable deployment
  3. Click Rollback button
  4. Confirm rollback action

Rollback via CLI:

vapor rollback {environment}

Important Notes:

  • Rollback restores code and environment variables to previous deployment state
  • Database migrations are NOT rolled back automatically
  • If migration rollback needed, run manually: php artisan migrate:rollback

Emergency Contacts:

  • For production incidents, follow incident response runbook
  • Escalate to Technical Lead if rollback fails

The following SRS requirements are implemented by the design described in this document:

RequirementDomainDescriptionRelevance
REQ-USERMGMT-009User ManagementAuthenticate UsersCognito User Pool setup directly implements federated/native authentication; SAML provider configuration enables SSO
REQ-USERMGMT-006User ManagementControl User Account StatusCognito configuration supports session termination via global sign-out capability
REQ-USERMGMT-011User ManagementManage User SessionsCognito User Pool setup provides the infrastructure for single-device session enforcement
REQ-SITE-001Site ManagementProvision Storage on Site CreationVapor/AWS configuration establishes the cloud infrastructure for S3 storage provisioning
REQ-SITE-002Site ManagementConfigure S3 Structure PreservationAWS credentials in Vapor enable S3 folder structure management described in this SDD
REQ-NFR-003Non-FunctionalConcurrent User CapacityVapor serverless deployment architecture supports the 30+ concurrent user capacity requirement
REQ-CLIENTCFG-001Client ConfigurationView and Edit Client Configuration SettingsLaravel environment variables (APP_URL) in Vapor support system-wide configuration management

Notes on Relevance

  • Authentication Infrastructure: The Cognito User Pool setup procedures (custom attributes, SAML provider mapping) are essential for implementing federated authentication (REQ-USERMGMT-009) and session management (REQ-USERMGMT-006, REQ-USERMGMT-011).

  • Cloud Storage: The AWS credentials configuration in Vapor deployment console enables the S3 storage operations required by REQ-SITE-001 and REQ-SITE-002.

  • Scalability: The serverless architecture (Laravel Vapor) described in the environment URL change procedures supports the concurrent user capacity defined in REQ-NFR-003.

  • Environment Configuration: The APP_URL and environment variable management in Vapor supports the configuration persistence behavior defined in REQ-CLIENTCFG-001.