Using the AWS CDK IRL: Part 2

Tags: , ,

A while back, I wrote a post entitled Using The AWS CDK In Real Life.  This post is a follow up to the original, so head there if you need more context.

TL;DR Running Zoneminder on AWS is pretty expensive, and probably isn’t a good idea.  If you still want to check it out, here is the Github Repo.

Here is a diagram of the original AWS infrastructure, and the corresponding files in my CDK project:


For what it’s worth, I’ll mention that the Zoneminder setup originally ran on an old laptop in my basement.  So the monthly cost was nearly free.  I guess there was some cost in power and internet usage if we really want to split hairs.  I was motivated to use the CDK for something real, so I decided to try it on AWS.  Here is how that affected my wallet:

  • Route 53, IAM, and S3 costs: less than $5
  • Application Load Balancer: $15
  • Reserved T3A.Medium Instance: $20
  • Experience: Priceless

I know my way around the CDK now, but forty dollars is way too much for me to tolerate on a monthly basis.  I’d say around ten is ideal.  My immediate reaction was to remove the ALB.  Having an industrial grade load balancer in front of my applications is definitely nice from a security standpoint, but it would be easy enough to handle SSL termination via LetsEncrypt, on the EC2 instance itself.

Luckily there is a certbot plugin for Route 53.  Certbot is a tool that automates the creation and installation of SSL certificates.  I won’t go into the details, but I accomplished that setup with some simple tweaks to my CDK code.  So I was down to between $20 and $25 per month to run this thing.  Not terrible, but still more expensive than I’d like.

Next, it was time to see if that T3A.Medium instance was really necessary.  I couldn’t see any drastic CPU spikes in the default CloudWatch metrics provided by AWS.  Assuming memory might be the issue, I discovered that the CloudWatch Agent could provide some memory consumption statistics.  Another set of tweaks to the deployment, and I was able to monitor CPU and memory usage over a period of time:


Interesting!  Neither CPU or memory seemed to spike over about forty percent over the course of the week.  How did I land on that T3A.Medium instance in the first place?  Am I a bonehead!?

The answer, of course, is that I had tried out smaller instances in the first iteration of this project, and they had all fallen on their faces under load.  Still, I added some more tweaks to my CDK code that would allow me to do a quick, poor man’s blue/green deployment.  That way I could stand up another instance of the system, and compare the two, without losing my stable environment.

Alas, those smaller instances don’t handle things any better than they did a few months ago…

And all this was somewhat apparent from the get go.  To make a long story short, Zoneminder isn’t particularly well suited to running in the cloud.  The database, application, and presentation layer are pretty tightly coupled.  So is the event server add-on that supports object detection via machine learning.  While it’s been a nice experiment, and a solid learning experience, I’m in the market for some new hardware to satisfy my home surveillance requirements.