Chapter 1: The Challenge of Transitioning to Strapi

The frontend team opted to replace our current storefront with Strapi, a rapidly growing headless content management system based in Paris. This transition promises significant enhancements in process management and SEO, making the project's benefits evident.

I swiftly set up the solution within our development environment using AWS CDK, adhering to our standard service architecture:

Details:

• ECS operates with Fargate
• RDS utilizes PostgreSQL
• The web layer makes GraphQL requests to Strapi for content retrieval

As we approached the production phase, I had several reservations regarding safety:

1. RDS Scalability: Would it remain responsive during peak usage, such as during advertising campaigns? Since we primarily use MongoDB Atlas, I was unsure how to manage PostgreSQL without the usual DevOps concerns. Additionally, AWS Aurora Serverless 2 didn’t seem to be a cost-efficient option for our needs.
2. Page Load Times: Our 90th percentile GraphQL request time was around 400ms, far too sluggish for basic page loads.
3. Site Vulnerability: Strapi's freemium tier lacks SSO or MFA capabilities, leaving our content only password-protected with a complexity that couldn’t be customized and no automatic lockout feature—definitely concerning!

Chapter 2: Implementing Effective Solutions

The solutions for both the page load and RDS scalability issues were straightforward. We configured caching on our Apollo Client, which operates on the web containers. Additionally, we set it to periodically load all site pages, ensuring that no single user experiences slow read times. This adjustment resulted in a relatively consistent load on PostgreSQL, only varying when the cluster scales.

To address the risk of site defacement, we utilized the capabilities of the AWS Application Load Balancer (ALB). This setup mandates authentication via our Google Workspace account unless the traffic originates from within our VPC:

I had to obscure this image extensively, but all our outbound traffic from the VPC routes through NAT gateways. This allows us to monitor our own traffic even across the public internet.

Video: Everything You Need to Know About Strapi Deployment Options

This video discusses various deployment strategies for Strapi, focusing on best practices and potential pitfalls.

Chapter 3: Reflections on the Deployment Experience

I take pride in how my team and I managed to navigate these critical security challenges during the rapid push to production.

However, this experience of operating a production workload on GraphQL was less than ideal. The slow performance was puzzling. The pg_stat_statements indicated that the query execution was swift, suggesting that the bottleneck might be within the Strapi containers themselves.

Having run numerous production workloads on PostgreSQL, I have a particular affinity for it. Yet, achieving optimal performance in a production environment remains a complex task.

I’m particularly impressed by the capabilities of the AWS ALB, especially when paired with its integrated SSO verification.

Video: How To Deploy Local Data To Strapi Cloud

This tutorial guides viewers through the process of deploying local data to Strapi's cloud environment, ensuring a seamless transition.