Suggestions for documentation / getting started guide improvements

[michaelmoussa]

I ran into a few hiccups while working through the Developer Guide, and I wanted to share in hopes it helps someone out or can get added to the documentation.

Despite the bumps, this project was incredibly helpful and spared me from having to grok all of the manual setup docs, so thanks!

1. In Your first RFDK app under the Define a Deadline render farm section, the line images.forRenderQueue(), in one of the TypeScript examples should be images: images.forRenderQueue(),. Unlike with the other arguments, TypeScript can't infer the key name because this one is passed as the result of a function call rather than a named variable.
2. Both Working with the RFDK in Python and Working with the RFDK in TypeScript can probably be removed. Neither say anything that isn't already in Your first RFDK app.
3. In Connecting to the Render Farm under Connecting With AWS Client VPN, I suggest adding both splitTunnel: true and dnsServers: ['rfdk-vpc-cidr-plus-2'], // e.g. '10.0.0.2' to the props list when creating the CfnClientVpnEndpoint. The splitTunnel setting will make it so only traffic intended for resources within the VPC gets routed through the VPN (which some users may prefer). The dnsServers will let the client VPN use the private hosted zone in Route 53 that CDK creates, which will allow renderqueue.aws-rfdk.com to resolve to the internal application load balancer sitting in front of the render queue server.
4. Lower down in that same Connecting With AWS Client VPN section where we create the CfnClientVpnAuthorizationRule, the // for example, replace target_network-cidr-block with 10.100.0.0/16 should say 10.0.0.0/16.
   • 10.100.0.0/16 corresponds to a HostMin of 10.100.0.1 and HostMax of 10.100.255.254; however, the three private subnets created in my VPC had CIDR ranges of 10.0.96.0/19, 10.0.128.0/19, and 10.0.160.0/19 (which aren't in that range), so it wouldn't actually have access to the WorkerFleet, RenderQueue, etc.
5. In Connecting Deadline Client to your render farm under Your first RFDK app, references to port 8080 for accessing the remote server should be port 4433 instead.
6. I wasn't able to find anything in the documentation explaining how to obtain the certificate needed to connect to the remote repository using client applications like Deadline Monitor. I eventually found it in AWS Secrets Manager under the description X.509 Certificate for HelloRfdkStack/RenderQueue/RootCA, saved the decrypted value in a local RootCA.crt file, and then used it to connect with Deadline Monitor, send test jobs using Deadline Command, and verify reachability using curl --cacert /path/to/RootCA.crt https://renderqueue.aws-rfdk.com:4433, but it would have been very helpful to have a simple aws secretsmanager get-secret-value {...} > /path/to/RootCA.crt command somewhere before the instructions on how to connect to the render farm.

Hope this helps!

---

This is a 📕 documentation issue

[jusiskin]

Hi @michaelmoussa. Thanks for taking the time to document these issues and highlighting both the stumbling point and providing suggested fixes. We greatly value this contribution.

We have added this to our backlog. We'll reach out here if we need anything clarified, but from my read of this it looks to be in great shape.