def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, *kwargs)
vpc = ec2.Vpc(
self, "MyVpc",
max_azs=2
)
asg = autoscaling.AutoScalingGroup(
self, "MyFleet",
instance_type=ec2.InstanceType("t2.micro"),
machine_image=ecs.EcsOptimizedAmi(),
associate_public_ip_address=True,
update_type=autoscaling.UpdateType.REPLACING_UPDATE,
desired_capacity=3,
vpc=vpc,
vpc_subnets={ 'subnet_type': ec2.SubnetType.PUBLIC },
)
cluster = ecs.Cluster(
self, 'EcsCluster',
vpc=vpc
)
cluster.add_auto_scaling_group(asg)
cluster.add_capacity("DefaultAutoScalingGroup",
instance_type=ec2.InstanceType("t2.micro"))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
ZachECSName= self.__class__.__name__
vpc = ec2.Vpc(
self, ZachECSName+"Vpc",
max_azs=2
)
asg = autoscaling.AutoScalingGroup(
self, ZachECSName+"SCG" ,
instance_type=ec2.InstanceType("t3a.nano"),
machine_image=ecs.EcsOptimizedAmi(),
associate_public_ip_address=True,
update_type=autoscaling.UpdateType.REPLACING_UPDATE,
desired_capacity=3,
vpc=vpc,
vpc_subnets={'subnetType': ec2.SubnetType.PUBLIC}
)
cluster = ecs.Cluster(
self, ZachECSName+"Cluster",
vpc=vpc
)
cluster.add_auto_scaling_group(asg)
cluster.add_capacity(ZachECSName+"AutoScalingGroup",
instance_type=ec2.InstanceType("t3a.nano"))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# import default VPC
#vpc = aws_ec2.Vpc.from_lookup(self, 'VPC', is_default=True)
vpc = aws_ec2.Vpc(self, 'EKS-CDK-VPC', cidr='10.0.0.0/16', nat_gateways=1)
# create an admin role
eks_admin_role = aws_iam.Role(self, 'AdminRole',
assumed_by=aws_iam.AccountPrincipal(
account_id=self.account)
)
# create the cluster
cluster = aws_eks.Cluster(self, 'cluster',
masters_role=eks_admin_role,
vpc=vpc,
default_capacity=0,
version='1.14',
output_cluster_name=True
)
cluster.add_capacity('ondemand', instance_type=aws_ec2.InstanceType('t3.large'),
max_capacity=1,
bootstrap_options=aws_eks.BootstrapOptions(
kubelet_extra_args='--node-labels myCustomLabel=od'
)
)
cluster.add_capacity('spot', instance_type=aws_ec2.InstanceType('t3.large'),
max_capacity=1,
spot_price='0.1094',
bootstrap_options=aws_eks.BootstrapOptions(
kubelet_extra_args='--node-labels myCustomLabel=spot'
)
)
def __init__(self, scope: Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# This resource alone will create a private/public subnet in each AZ as well as nat/internet gateway(s)
vpc = ec2.Vpc(self, "VPC")
# To create number of Batch Compute Environment
count = 3
batch_ce = []
# For loop to create Batch Compute Environments
for i in range(count):
name = "MyBatchARM64Env" + str(i)
batch_environment = batch.ComputeEnvironment(
self,
name,
compute_resources=batch.ComputeResources(
type=batch.ComputeResourceType.SPOT,
bid_percentage=75,
instance_types=[
ec2.InstanceType("a1.medium"),
ec2.InstanceType("a1.large")
],
image=ecs.EcsOptimizedImage.amazon_linux2(
ecs.AmiHardwareType.ARM),
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE_WITH_NAT),
vpc=vpc))
batch_ce.append(
batch.JobQueueComputeEnvironment(
compute_environment=batch_environment, order=i))
# Create AWS Batch Job Queue and associate all Batch CE.
self.batch_queue = batch.JobQueue(self,
"JobQueueArm64",
compute_environments=batch_ce)
# Create Job Definition to submit job in batch job queue.
batch_jobDef = batch.JobDefinition(
self,
"MyJobDefArm64",
job_definition_name="CDKJobDefArm64",
container=batch.JobDefinitionContainer(
image=ecs.ContainerImage.from_registry(
"public.ecr.aws/amazonlinux/amazonlinux:latest"),
command=["sleep", "60"],
memory_limit_mib=512,
vcpus=1),
)
# Output resources
CfnOutput(self, "BatchJobQueue", value=self.batch_queue.job_queue_name)
CfnOutput(self,
"JobDefinition",
value=batch_jobDef.job_definition_name)
def __init__(self, scope: core.Construct, id: str, vpc, bastion, config,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
prj_name = self.node.try_get_context("project_name")
env_name = self.node.try_get_context("env")
name = config['ec2']['name']
key = config['ec2']['ssh_key']
ubuntu_ami = ec2.GenericLinuxImage(
{"ap-southeast-1": "ami-028be27cf930f7a43"})
# Create security group for webapp instances
webapp_sg = ec2.SecurityGroup(self,
'webapp-sg',
vpc=vpc,
security_group_name=prj_name + env_name +
'-webapp-sg',
description="SG for webapp Instances",
allow_all_outbound=True)
webapp_sg.add_ingress_rule(
peer=ec2.Peer.ipv4(f"{bastion.instance_private_ip}/32"),
connection=ec2.Port.tcp(22),
description='Allow all bastion instance to SSH')
for subnet in vpc.public_subnets:
webapp_sg.add_ingress_rule(
peer=ec2.Peer.ipv4(subnet.ipv4_cidr_block),
connection=ec2.Port.tcp(80),
description=
'Allow ELB public subnets to access webapp instances')
# Create launch template and attach to autoscaling group
webapp_launch_template = ec2.LaunchTemplate(
self,
'launch-template',
detailed_monitoring=False,
ebs_optimized=False,
instance_type=ec2.InstanceType("t3.small"),
launch_template_name=f"{name}-launch-template",
key_name=f"{key}",
machine_image=ubuntu_ami,
security_group=webapp_sg)
self.webapp_asg = autoscaling.AutoScalingGroup(
self,
'webapp-asg',
vpc=vpc,
auto_scaling_group_name=prj_name + env_name + '-webapp-asg',
instance_type=ec2.InstanceType("t3.small"),
machine_image=ubuntu_ami,
min_capacity=1,
max_capacity=1,
desired_capacity=1,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE))
def __init__(self, scope: core.Construct, name: str, vpc: ec2.IVpc, **kwargs) -> None:
super().__init__(scope, name, **kwargs)
cluster = eks.Cluster(
self, 'jenkins-workshop-eks-control-plane',
vpc=vpc,
default_capacity=0
)
asg_worker_nodes = cluster.add_capacity(
'worker-node',
instance_type=ec2.InstanceType('t3.medium'),
desired_capacity=2,
)
asg_jenkins_slave = cluster.add_capacity(
'worker-node-jenkins-slave',
instance_type=ec2.InstanceType('t3.medium'),
desired_capacity=1,
bootstrap_options=eks.BootstrapOptions(
kubelet_extra_args='--node-labels jenkins=slave --register-with-taints jenkins=slave:NoSchedule',
docker_config_json=read_docker_daemon_resource('kubernetes_resources/docker-daemon.json')
)
)
asg_jenkins_slave.add_to_role_policy(iam.PolicyStatement(
actions=[
'ecr:CompleteLayerUpload',
'ecr:InitiateLayerUpload',
'ecr:PutImage',
'ecr:UploadLayerPart'
],
resources=["*"]
)
)
asg_worker_nodes.connections.allow_from(
asg_jenkins_slave,
ec2.Port.all_traffic()
)
asg_jenkins_slave.connections.allow_from(
asg_worker_nodes,
ec2.Port.all_traffic()
)
eks_master_role = iam.Role(
self, 'AdminRole',
assumed_by=iam.ArnPrincipal(get_eks_admin_iam_username())
)
cluster.aws_auth.add_masters_role(eks_master_role)
helm_tiller_rbac = eks.KubernetesResource(
self, 'helm-tiller-rbac',
cluster=cluster,
manifest=read_k8s_resource('kubernetes_resources/helm-tiller-rbac.yaml')
)
def __init__(self, scope: core.Construct, id: str, props, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = props['vpc']
internal_sg = props['internal_sg']
bastion_sg = props['bastion_sg']
# Bastion用Linux
bastion_linux = ec2.Instance(
self, 'BastionLinux',
instance_type=ec2.InstanceType('t3.micro'),
machine_image=ec2.MachineImage.latest_amazon_linux(
generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2),
key_name=self.node.try_get_context('key_name'),
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
security_group=internal_sg
)
bastion_linux.role.add_managed_policy(
iam.ManagedPolicy.from_aws_managed_policy_name('AmazonSSMManagedInstanceCore'))
bastion_linux.add_security_group(bastion_sg)
# Bastion用Windows
bastion_windows = ec2.Instance(
self, 'BastionWindows',
instance_type=ec2.InstanceType('t3.large'),
machine_image=ec2.MachineImage.latest_windows(
version=ec2.WindowsVersion.WINDOWS_SERVER_2016_JAPANESE_FULL_BASE),
key_name=self.node.try_get_context('key_name'),
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
security_group=internal_sg
)
bastion_windows.role.add_managed_policy(
iam.ManagedPolicy.from_aws_managed_policy_name('AmazonSSMManagedInstanceCore'))
bastion_windows.add_security_group(bastion_sg)
# Radius用EC2ホスト
radius_host = ec2.Instance(
self, 'RadiusHost',
instance_type=ec2.InstanceType('t3.small'),
machine_image=ec2.MachineImage.latest_amazon_linux(
generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2),
key_name=self.node.try_get_context('key_name'),
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE),
security_group=internal_sg
)
radius_host.role.add_managed_policy(
iam.ManagedPolicy.from_aws_managed_policy_name('AmazonSSMManagedInstanceCore'))
self.output_props = props.copy()
def create_eks(self, vpc):
# create eks cluster with amd nodegroup
cluster = eks.Cluster(
self,
"EKS",
vpc=vpc,
version=eks.KubernetesVersion.V1_18,
default_capacity_instance=ec2.InstanceType("m5.large"),
default_capacity=1)
# add arm/graviton nodegroup
cluster.add_nodegroup_capacity(
"graviton",
desired_size=1,
instance_type=ec2.InstanceType("m6g.large"),
nodegroup_name="graviton",
node_role=cluster.default_nodegroup.role)
# add secret access to eks node role
cluster.default_nodegroup.role.add_managed_policy(
iam.ManagedPolicy.from_aws_managed_policy_name(
"SecretsManagerReadWrite"))
# create service account
sa = cluster.add_service_account("LBControllerServiceAccount",
name="aws-load-balancer-controller",
namespace="kube-system")
sa_annotated = self.add_helm_annotation(cluster, sa)
# create policy for the service account
statements = []
with open('backend/iam_policy.json') as f:
data = json.load(f)
for s in data["Statement"]:
statements.append(iam.PolicyStatement.from_json(s))
policy = iam.Policy(self, "LBControllerPolicy", statements=statements)
policy.attach_to_role(sa.role)
# add helm charts
ingress = cluster.add_helm_chart(
"LBIngress",
chart="aws-load-balancer-controller",
release="aws-load-balancer-controller",
repository="https://aws.github.io/eks-charts",
namespace="kube-system",
values={
"clusterName": cluster.cluster_name,
"serviceAccount.name": "aws-load-balancer-controller",
"serviceAccount.create": "false"
})
ingress.node.add_dependency(sa_annotated)
return cluster
def __init__(self, scope: core.Construct, construct_id: str, vpc: ec2.Vpc,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
# The code that defines your stack goes here
env_name = self.node.try_get_context("env")
eks_role = iam.Role(
self,
"eksadmin",
assumed_by=iam.ServicePrincipal(service='ec2.amazonaws.com'),
role_name='eks-cluster-role',
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
managed_policy_name='AdministratorAccess')
])
eks_instance_profile = iam.CfnInstanceProfile(
self,
'instanceprofile',
roles=[eks_role.role_name],
instance_profile_name='eks-cluster-role')
cluster = eks.Cluster(
self,
'prod',
cluster_name='ie-prod-snow-common',
version=eks.KubernetesVersion.V1_19,
vpc=vpc,
vpc_subnets=[
ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE)
],
default_capacity=0,
masters_role=eks_role)
nodegroup = cluster.add_nodegroup_capacity(
'eks-nodegroup',
instance_types=[
ec2.InstanceType('t3.large'),
ec2.InstanceType('m5.large'),
ec2.InstanceType('c5.large')
],
disk_size=50,
min_size=2,
max_size=2,
desired_size=2,
subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE),
remote_access=eks.NodegroupRemoteAccess(
ssh_key_name='ie-prod-snow-common'),
capacity_type=eks.CapacityType.SPOT)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
hensu = var()
for subnetInfo in hensu.subnetInfoArray:
subnetCfg = ec2.SubnetConfiguration(name=subnetInfo[0],
subnet_type=subnetInfo[1],
cidr_mask=subnetInfo[2])
hensu.subnetCfgArray.append(subnetCfg)
myVPC = self.createVpc(hensu.vpcCidr, hensu.vpcName,
hensu.enableDnsSupport, hensu.maxAZs,
hensu.natGateways, hensu.subnetCfgArray)
mySecurityGroup = self.createSg(hensu.sgName, myVPC)
for sgInfo in hensu.sgInfoArray:
self.addSg(mySecurityGroup, sgInfo[0], sgInfo[1], sgInfo[2],
sgInfo[3], sgInfo[4])
# subnet を指定しないとデフォルトのサブネットにインスタンスを作成してしまうので指定の必要がある
for public_subnet in myVPC.public_subnets:
myPublicInstance = self.createInstance(
id=hensu.PublicInstanceName,
image_id=hensu.PublicInstanceAmiId,
instance_type=ec2.InstanceType(
hensu.PublicInstanceType).to_string(),
subnet_id=public_subnet.subnet_id,
security_group_ids=[mySecurityGroup.security_group_id],
)
# isolated には sg をかけないのでコメント扱い
for isolated_subnet in myVPC.isolated_subnets:
myIsolatedInstance = self.createInstance(
id=hensu.IsolatedInstanceName,
image_id=hensu.IsolatedInstanceAmiId,
instance_type=ec2.InstanceType(
hensu.IsolatedInstanceType).to_string(),
subnet_id=isolated_subnet.subnet_id,
#security_group_ids=[mySecurityGroup.security_group_id]
)
self.outputCfn("myPublicInstance_attr_public_ip",
myPublicInstance.attr_public_ip)
self.outputCfn("myPublicInstance_attr_private_ip",
myPublicInstance.attr_private_ip)
self.outputCfn("myIsolatedInstance_attr_private_ip",
myIsolatedInstance.attr_private_ip)
def __init__(self, scope: core.Construct, id: str, vpc: ec2.IVpc, config: dict, region: str, **kwargs):
super().__init__(scope, id, **kwargs)
self._region = region
### EC2 Server for Jenkins
image = ec2.GenericLinuxImage(
{
region: config["ami_id"],
},
)
self._role = iam.Role(self, "InstanceRole", assumed_by=iam.ServicePrincipal("ec2.amazonaws.com"))
for policy in config["iam_role_policies"]:
self._role.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name(policy))
subnet = vpc.select_subnets(subnet_type=ec2.SubnetType.PRIVATE).subnets[0]
subnet_selection = ec2.SubnetSelection(subnets=[subnet])
self.security_group = ec2.SecurityGroup(
self, "EC2SG",
vpc=vpc
)
self._instance = ec2.Instance(
self, "EC2",
instance_type=ec2.InstanceType(config["instance_type"]),
machine_image=image,
vpc=vpc,
vpc_subnets=subnet_selection,
role=self._role,
security_group=self.security_group
)
core.CfnOutput(self, "CodeServerInstanceID", value=self._instance.instance_id)
def __init__(self,
scope: core.Construct,
id: str,
vpc: ec2.Vpc,
sg: ec2.ISecurityGroup,
stage={},
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
prefix_name = f'{stage["vpc_prefix"]}-{stage["stage_name"]}-{self.node.try_get_context("customer")}'
bastion_host = ec2.Instance(
self,
f'{prefix_name}-public-bastion',
instance_type=ec2.InstanceType('t3.micro'),
machine_image=ec2.AmazonLinuxImage(
edition=ec2.AmazonLinuxEdition.STANDARD,
generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
virtualization=ec2.AmazonLinuxVirt.HVM,
storage=ec2.AmazonLinuxStorage.GENERAL_PURPOSE),
vpc=vpc,
key_name=stage["key_name"],
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
security_group=sg)
core.Tags.of(bastion_host).add("Name", f'{prefix_name}-public-bastion')
core.CfnOutput(self, 'my-bastion-id', value=bastion_host.instance_id)
def setup_emqx(self, N, vpc, zone, sg, key):
self.emqx_vms = []
for n in range(0, N):
name = "emqx-%d" % n
vm = ec2.Instance(self, id = name,
instance_type = ec2.InstanceType(instance_type_identifier=emqx_ins_type),
machine_image = linux_ami,
user_data = ec2.UserData.custom(user_data),
security_group = sg,
key_name = key,
vpc = vpc,
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE),
)
self.emqx_vms.append(vm)
r53.ARecord(self, id = name + '.int.emqx',
record_name = name + '.int.emqx',
zone = zone,
target = r53.RecordTarget([vm.instance_private_ip])
)
# tagging
if self.user_defined_tags:
core.Tags.of(vm).add(*self.user_defined_tags)
core.Tags.of(vm).add('service', 'emqx')
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
self.vpc = ec2.Vpc(self, "VPC",
cidr='10.10.0.0/16',
max_azs=6,
subnet_configuration=[
ec2.SubnetConfiguration(
subnet_type=ec2.SubnetType.PRIVATE,
name='Private',
cidr_mask=19
),
ec2.SubnetConfiguration(
subnet_type=ec2.SubnetType.PUBLIC,
name='Public',
cidr_mask=20
),
ec2.SubnetConfiguration(
subnet_type=ec2.SubnetType.PRIVATE,
name='Spare',
cidr_mask=20,
reserved=True
)
])
core.CfnOutput(self, "Output", value=self.vpc.vpc_id)
self.bastion = ec2.BastionHostLinux(self, id,
vpc = self.vpc,
instance_name = 'bastione',
instance_type = ec2.InstanceType('t3.micro'),
machine_image = ec2.AmazonLinuxImage(),
subnet_selection = ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
)
core.CfnOutput(self, 'bastion-id', value=self.bastion.instance_id)
def __init__(self, scope: core.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
#import vpc info
vpc = aws_ec2.Vpc.from_lookup(self, "vpc", vpc_id="vpc-1f39b977")
#import user-data scripts
with open("userdata_scripts/setup.sh", mode="r") as file:
user_data = file.read()
#get latest ami from any region
aws_linux_ami = aws_ec2.MachineImage.latest_amazon_linux(
generation=aws_ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
edition=aws_ec2.AmazonLinuxEdition.STANDARD,
storage=aws_ec2.AmazonLinuxStorage.EBS,
virtualization=aws_ec2.AmazonLinuxVirt.HVM)
#ec2
test_server = aws_ec2.Instance(
self,
"ec2id",
instance_type=aws_ec2.InstanceType(
instance_type_identifier="t2.micro"),
instance_name="TestServer01",
machine_image=aws_linux_ami,
vpc=vpc,
vpc_subnets=aws_ec2.SubnetSelection(
subnet_type=aws_ec2.SubnetType.PUBLIC),
key_name="SAA-C01",
user_data=aws_ec2.UserData.custom(user_data))
#add custom ebs for ec2
test_server.instance.add_property_override(
"BlockDeviceMappings", [{
"DeviceName": "/dev/sdb",
"Ebs": {
"VolumeSize": "10",
"VolumeType": "io1",
"Iops": "100",
"DeleteOnTermination": "true"
}
}])
#allow web traffic
test_server.connections.allow_from_any_ipv4(
aws_ec2.Port.tcp(80), description="allow web traffic")
# add permission to instances profile
test_server.role.add_managed_policy(
aws_iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonSSMManagedInstanceCore"))
test_server.role.add_managed_policy(
aws_iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonS3ReadOnlyAccess"))
output_server_ip = core.CfnOutput(self,
"serverip01",
description="test server ip",
value=test_server.instance_public_ip)
def __init__(self, scope: core.Construct, id: str, vpc, config,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
prj_name = self.node.try_get_context("project_name")
env_name = self.node.try_get_context("env")
name = config['ec2']['name']
key = config['ec2']['ssh_key']
ubuntu_ami = ec2.GenericLinuxImage(
{"ap-southeast-1": "ami-028be27cf930f7a43"})
# Create bastion host
self.bastion = ec2.Instance(
self,
'Instance',
instance_type=ec2.InstanceType("t3.small"),
instance_name=f"{name}-bastion",
key_name=f"{key}",
machine_image=ubuntu_ami,
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE),
)
self.bastion.apply_removal_policy(core.RemovalPolicy.DESTROY)
self.bastion.connections.allow_from_any_ipv4(
port_range=ec2.Port.tcp(22),
description='Allow public SSH connections')
self.bastion.connections.allow_from_any_ipv4(
port_range=ec2.Port.icmp_ping(),
description='Allow public ICMP ping')
core.CfnOutput(self,
f'{name}-private-ip',
value=self.bastion.instance_private_ip)
def __init__(self, scope: core.Construct, id: str, vpc, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
prj_name = self.node.try_get_context("project_name")
env_name = self.node.try_get_context("env")
rds_sg = ec2.SecurityGroup(self,
'rds-sg',
vpc=vpc,
security_group_name=prj_name + env_name +
'-rds-sg',
description="SG for RDS",
allow_all_outbound=True)
for subnet in vpc.private_subnets:
rds_sg.add_ingress_rule(
peer=ec2.Peer.ipv4(subnet.ipv4_cidr_block),
connection=ec2.Port.tcp(3306),
description='Allow all private subnet to access RDS')
db_mysql = rds.DatabaseCluster(
self,
'mysql',
default_database_name=prj_name + env_name,
engine=rds.DatabaseClusterEngine.aurora_mysql(
version=rds.AuroraMysqlEngineVersion.VER_5_7_12),
instances=1,
instance_props=rds.InstanceProps(
vpc=vpc,
instance_type=ec2.InstanceType(
instance_type_identifier="t3.small"),
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE)),
removal_policy=core.RemovalPolicy.DESTROY)
def __init__(self, scope: core.Construct, id: str, vpc, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
snapshot_id = ssm.StringParameter.value_for_string_parameter(
self, "graviton_rds_lab_snapshot")
g2_db_mysql8 = rds.DatabaseInstanceFromSnapshot(
self,
"GravitonMySQL",
engine=rds.DatabaseInstanceEngine.mysql(
version=rds.MysqlEngineVersion.VER_8_0_21),
instance_type=ec2.InstanceType("m6g.4xlarge"),
snapshot_identifier=snapshot_id,
vpc=vpc,
multi_az=False,
publicly_accessible=True,
allocated_storage=100,
storage_type=rds.StorageType.IO1,
iops=5000,
cloudwatch_logs_exports=["error", "general", "slowquery"],
enable_performance_insights=True,
deletion_protection=False,
delete_automated_backups=True,
backup_retention=core.Duration.days(0),
vpc_subnets={"subnet_type": ec2.SubnetType.PUBLIC},
parameter_group=rds.ParameterGroup.from_parameter_group_name(
self,
"para-group-mysql",
parameter_group_name="default.mysql8.0"))
g2_db_mysql8.connections.allow_default_port_from(
ec2.Peer.ipv4(c9_ip), "Cloud9 MySQL Access")
core.CfnOutput(self,
"G2MySQL8RDSInstanceId",
value=g2_db_mysql8.instance_identifier)
def __init__(self, scope: core.Construct, id: str, vpc, sg, redissg,
kmskey, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
rdskey = kms.Key.from_key_arn(self, "rdskey", key_arn=kmskey)
db_mysql = rds.DatabaseCluster(
self,
"Dev_MySQL",
default_database_name="msadev",
engine=rds.DatabaseClusterEngine.AURORA_MYSQL,
engine_version="5.7.12",
master_user=rds.Login(username="******"),
instance_props=rds.InstanceProps(
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.ISOLATED),
instance_type=ec2.InstanceType(
instance_type_identifier="t3.medium")),
instances=1,
parameter_group=rds.ClusterParameterGroup.
from_parameter_group_name(
self,
"paramter-group-msadev",
parameter_group_name="default.aurora-mysql5.7"),
kms_key=rdskey)
sgId = ec2.SecurityGroup.from_security_group_id(self, "sgid", sg)
redis_sg = ec2.SecurityGroup.from_security_group_id(
self, "redissgid", redissg)
db_mysql.connections.allow_default_port_from(sgId,
"Access from Bastion")
db_mysql.connections.allow_default_port_from(redis_sg,
"Access from Redis")
def __init__(self, scope: cdk.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
with open("../iac-test-key.pub") as f:
public_key = f.read()
vpc = ec2.Vpc.from_lookup(self, "default_vpc", is_default=True)
security_group = ec2.SecurityGroup(
self,
"test_sg",
vpc=vpc,
allow_all_outbound=True,
)
security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(22))
image = ec2.AmazonLinuxImage()
instance = ec2.Instance(
self,
"test_instance",
machine_image=image,
instance_type=ec2.InstanceType("t2.micro"),
key_name="app_key-d2f12cf",
vpc=vpc,
security_group=security_group,
)
public_ip = cdk.CfnOutput(self,
"public_ip",
value=instance.instance_public_ip)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, *kwargs)
vpc = ec2.Vpc(
self, "MyVpc",
max_azs=2
)
cluster = ecs.Cluster(
self, 'Ec2Cluster',
vpc=vpc
)
cluster.add_capacity("DefaultAutoScalingGroup",
instance_type=ec2.InstanceType("t2.micro"))
ecs_service = ecs_patterns.NetworkLoadBalancedEc2Service(
self, "Ec2Service",
cluster=cluster,
memory_limit_mib=512,
task_image_options={
'image': ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample")
}
)
core.CfnOutput(
self, "LoadBalancerDNS",
value=ecs_service.load_balancer.load_balancer_dns_name
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = ec2.Vpc(self, "EKS_Kafka_PocClusterVPC")
private_subnets = [snet_id.subnet_id for snet_id in vpc.private_subnets]
bngi = msk.CfnCluster.BrokerNodeGroupInfoProperty(instance_type="kafka.m5.large",
client_subnets=private_subnets)
msk_cluster = msk.CfnCluster(self, "EKS_KafkaPocMSKCluster",
broker_node_group_info=bngi,
cluster_name="EKSKafkaPOCMKSCluster",
kafka_version="2.3.1",
number_of_broker_nodes=3)
eks_admin_role = iam.Role(self, "EKS_Kafka_PocCluster-AdminRole",
assumed_by=iam.AccountPrincipal(account_id=self.account))
eks_cluster = eks.Cluster(self, "EKS_Kafka_PocEKSCluster",
cluster_name="EKS_Kafka_PocCluster",
masters_role=eks_admin_role,
kubectl_enabled=True,
version="1.15",
vpc=vpc)
eks_cluster.add_capacity("worker", instance_type=ec2.InstanceType("t3.large"),
min_capacity=1, max_capacity=10)
def __init__(self, scope: core.Construct, id: str, props,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = props['vpc_dr']
internal_sg = props['internal_sg_dr']
bastion_sg = props['bastion_sg_dr']
# Bastion用EC2ホスト
bastion_windows = ec2.Instance(
self,
'Bastion',
instance_type=ec2.InstanceType('t3.large'),
machine_image=ec2.MachineImage.latest_windows(
version=ec2.WindowsVersion.
WINDOWS_SERVER_2016_JAPANESE_FULL_BASE),
key_name=self.node.try_get_context('key_name'),
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
security_group=internal_sg)
bastion_windows.role.add_managed_policy(
iam.ManagedPolicy.from_aws_managed_policy_name(
'AmazonSSMManagedInstanceCore'))
bastion_windows.add_security_group(bastion_sg)
self.output_props = props.copy()
def __init__(self, scope: core.Construct, id: str, vpc, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
db_mysql = rds.DatabaseInstance(
self,
"MySQL",
engine=rds.DatabaseInstanceEngine.mysql(
version=rds.MysqlEngineVersion.VER_5_0_30),
instance_type=ec2.InstanceType("m5.4xlarge"),
vpc=vpc,
multi_az=False,
publicly_accessible=True,
allocated_storage=100,
storage_type=rds.StorageType.GP2,
cloudwatch_logs_exports=["audit", "error", "general", "slowquery"],
deletion_protection=False,
delete_automated_backups=False,
backup_retention=core.Duration.days(7),
parameter_group=rds.ParameterGroup.from_parameter_group_name(
self,
"para-group-mysql",
parameter_group_name="default.mysql5.7"))
db_mysql.connections.allow_default_port_from(ec2.Peer.ipv4(c9_ip),
"Cloud9 MySQL Access")
core.CfnOutput(self,
"RDSInstanceId",
value=db_mysql.instance_identifier)
def __init__(self, scope: Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, *kwargs)
vpc = ec2.Vpc(self, "MyVpc", max_azs=2)
cluster = ecs.Cluster(self, 'Ec2Cluster', vpc=vpc)
asg = autoscaling.AutoScalingGroup(
self,
"DefaultAutoScalingGroup",
instance_type=ec2.InstanceType("t2.micro"),
machine_image=ecs.EcsOptimizedImage.amazon_linux2(),
vpc=vpc,
)
capacity_provider = ecs.AsgCapacityProvider(self,
"AsgCapacityProvider",
auto_scaling_group=asg)
cluster.add_asg_capacity_provider(capacity_provider)
ecs_service = ecs_patterns.NetworkLoadBalancedEc2Service(
self,
"Ec2Service",
cluster=cluster,
memory_limit_mib=512,
task_image_options={
'image':
ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample")
})
CfnOutput(self,
"LoadBalancerDNS",
value=ecs_service.load_balancer.load_balancer_dns_name)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = _ec2.Vpc.from_lookup(self, "importedVPC", vpc_id="vpc-d0a193aa")
# Read BootStrap Script
with open("bootstrap_scripts/install_httpd.sh", mode="r") as file:
user_data = file.read()
# WebServer Instance 001
web_server = _ec2.Instance(
self,
"WebServer001Id",
instance_type=_ec2.InstanceType(
instance_type_identifier="t2.micro"),
instance_name="WebServer001",
machine_image=_ec2.MachineImage.generic_linux(
{"us-east-1": "ami-0fc61db8544a617ed"}),
vpc=vpc,
vpc_subnets=_ec2.SubnetSelection(
subnet_type=_ec2.SubnetType.PUBLIC),
user_data=_ec2.UserData.custom(user_data))
output_1 = core.CfnOutput(
self,
"webServer001Ip",
description="WebServer Public Ip Address",
value=f"http://{web_server.instance_public_ip}")
# Allow Web Traffic to WebServer
web_server.connections.allow_from_any_ipv4(
_ec2.Port.tcp(80), description="Allow Web Traffic")
def __init__(self, scope: core.Construct, id: str, vpc, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
amzn_linux = ec2.MachineImage.latest_amazon_linux(
generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX,
edition=ec2.AmazonLinuxEdition.STANDARD,
virtualization=ec2.AmazonLinuxVirt.HVM,
storage=ec2.AmazonLinuxStorage.GENERAL_PURPOSE)
linux = ec2.MachineImage.generic_linux(
{"ap-south-1": "ami-0b9d66ddb2a9f47d1"})
data = open("./scripts/userdata/userdata.sh", "rb").read()
user_data = ec2.UserData.for_linux()
user_data.add_commands(str(data, 'utf-8'))
self.auto_scaling_group = autoscaling.AutoScalingGroup(
self,
"FirstASG",
instance_type=ec2.InstanceType('t2.micro'),
machine_image=ec2.AmazonLinuxImage(
generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2),
vpc=vpc,
user_data=user_data,
desired_capacity=6,
key_name="ap-south-1",
min_capacity=1,
vpc_subnets=ec2.SubnetSelection(
availability_zones=["ap-south-1a", "ap-south-1b"]))
def __init__(self, scope: core.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
#vpc
ecs_vpc = aws_ec2.Vpc(self, "EcsVpc", max_azs=2, nat_gateways=1)
#ecs cluster
ecs_cluster = aws_ecs.Cluster(self, "EcsCluster", vpc=ecs_vpc)
#ecs cluster capacity
ecs_cluster.add_capacity(
"ecsClusterASGgroup",
instance_type=aws_ec2.InstanceType("t2.micro"))
#ecs attached to load balancer
ecs_elb_service = aws_ecs_patterns.ApplicationLoadBalancedEc2Service(
self,
"EcsElb",
cluster=ecs_cluster,
memory_reservation_mib=512,
task_image_options={
"image": aws_ecs.ContainerImage.from_registry("httpd"),
"environment": {
"ENVIRONMENT": "PROD"
}
})
#ecs elb url output
ecs_output = core.CfnOutput(
self,
"ecsOutput",
value=f"{ecs_elb_service.load_balancer.load_balancer_dns_name}",
description="elb url")
def create_asg(self, vpc):
asg = autoscaling.AutoScalingGroup(
self,
'SingleInstanceAsg',
vpc=vpc,
machine_image=ecs.EcsOptimizedAmi(),
instance_type=ec2.InstanceType('t2.micro'),
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
associate_public_ip_address=True,
# We only need 1 instance in the ASG
max_capacity=1,
desired_capacity=1,
)
security_group = ec2.SecurityGroup(
self,
'GhostSg',
vpc=vpc,
)
# Allow ingress traffic to port 80
security_group.add_ingress_rule(
peer=ec2.Peer.any_ipv4(),
connection=ec2.Port.tcp(80),
)
# Allow NFS traffic for mounting EFS volumes
security_group.add_ingress_rule(peer=ec2.Peer.ipv4('10.0.0.0/16'),
connection=ec2.Port.tcp(2049))
asg.add_security_group(security_group)
return asg
def setup_etcd(self, vpc, zone, sg, key):
for n in range(0, 3):
# cdk bug?
(cloud_user_data, )= ec2.UserData.for_linux(),
cloud_user_data.add_commands('apt update',
'apt install -y etcd-server etcd-client',
"echo ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd%d.int.emqx:2380 >> /etc/default/etcd" % n,
'echo ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380 >> /etc/default/etcd',
'echo ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 >> /etc/default/etcd',
"echo ETCD_ADVERTISE_CLIENT_URLS=http://etcd%d.int.emqx:2379 >> /etc/default/etcd" % n,
"echo ETCD_NAME=infra%d >> /etc/default/etcd" % n,
'echo ETCD_INITIAL_CLUSTER_STATE=new >> /etc/default/etcd',
'echo ETCD_INITIAL_CLUSTER_TOKEN=emqx-cluster-1 >> /etc/default/etcd',
'echo ETCD_INITIAL_CLUSTER="infra0=http://etcd0.int.emqx:2380,infra1=http://etcd1.int.emqx:2380,infra2=http://etcd2.int.emqx:2380" >> /etc/default/etcd',
'systemctl restart etcd'
)
ins = ec2.Instance(self, id = "etsd.%d" % n,
instance_type=ec2.InstanceType(instance_type_identifier="t3a.nano"),
machine_image=linux_ami,
user_data=cloud_user_data,
security_group = sg,
key_name=key,
vpc = vpc
)
r53.ARecord(self, id = "etcd%d.int.emqx" % n,
record_name = "etcd%d.int.emqx" % n,
zone = zone,
target = r53.RecordTarget([ins.instance_private_ip])
)
if self.user_defined_tags:
core.Tags.of(ins).add(*self.user_defined_tags)
core.Tags.of(ins).add('service', 'etcd')
