def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) vpc = ec2.Vpc.from_lookup(self, 'VPC', vpc_name="VPC") security_group = ec2.SecurityGroup(self, "Ghost-DB-SG", vpc=vpc, allow_all_outbound=True) security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(3306)) rds.DatabaseInstance(self, "RDS", deletion_protection=False, removal_policy=core.RemovalPolicy.DESTROY, multi_az=False, allocated_storage=20, engine=rds.DatabaseInstanceEngine.MYSQL, engine_version="8.0.16", master_username="******", database_name="ghost", vpc=vpc, vpc_placement=vpc.select_subnets( subnet_type=ec2.SubnetType.PRIVATE), instance_class=ec2.InstanceType.of( ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MICRO), security_groups=[security_group])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) vpc = ec2.Vpc(self, 'vpc1' ) bucket_name = 'my-cdk-bucket' s3.Bucket(self, bucket_name, bucket_name=bucket_name, access_control=s3.BucketAccessControl.PUBLIC_READ_WRITE, removal_policy=RemovalPolicy.DESTROY) ec2.Volume(self, 'vol1', availability_zone='us-east-1a', size=core.Size.gibibytes(8)) sg = ec2.SecurityGroup(self, 'sg1', vpc=vpc) sg.add_ingress_rule(Peer.any_ipv4(), Port.tcp(22)) kms.Key(self, 'kms1') rds.DatabaseInstance(self, 'rds1', engine=rds.DatabaseInstanceEngine.postgres(version=PostgresEngineVersion.VER_12), master_username='******', vpc=vpc, vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC))
def _setup_oracle(self) -> None: port = 1521 database = "ORCL" schema = "TEST" oracle = rds.DatabaseInstance( self, "aws-data-wrangler-oracle-instance", instance_identifier="oracle-instance-wrangler", engine=rds.DatabaseInstanceEngine.oracle_ee(version=rds.OracleEngineVersion.VER_19_0_0_0_2021_04_R1), instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.SMALL), credentials=rds.Credentials.from_password( username=self.db_username, password=self.db_password_secret, ), port=port, vpc=self.vpc, subnet_group=self.rds_subnet_group, security_groups=[self.db_security_group], publicly_accessible=True, s3_import_role=self.rds_role, s3_export_role=self.rds_role, ) glue.Connection( self, "aws-data-wrangler-oracle-glue-connection", description="Connect to Oracle.", type=glue.ConnectionType.JDBC, connection_name="aws-data-wrangler-oracle", properties={ "JDBC_CONNECTION_URL": f"jdbc:oracle:thin://@{oracle.instance_endpoint.hostname}:{port}/{database}", # noqa: E501 "USERNAME": self.db_username, "PASSWORD": self.db_password, }, subnet=self.vpc.private_subnets[0], security_groups=[self.db_security_group], ) secrets.Secret( self, "aws-data-wrangler-oracle-secret", secret_name="aws-data-wrangler/oracle", description="Oracle credentials", generate_secret_string=secrets.SecretStringGenerator( generate_string_key="dummy", secret_string_template=json.dumps( { "username": self.db_username, "password": self.db_password, "engine": "oracle", "host": oracle.instance_endpoint.hostname, "port": port, "dbClusterIdentifier": oracle.instance_identifier, "dbname": database, } ), ), ) CfnOutput(self, "OracleAddress", value=oracle.instance_endpoint.hostname) CfnOutput(self, "OraclePort", value=str(port)) CfnOutput(self, "OracleDatabase", value=database) CfnOutput(self, "OracleSchema", value=schema)
def __init__(self, scope: core.Construct, id: str, vpc, **kwargs) -> None: super().__init__(scope, id, **kwargs) db = rds.DatabaseInstance( self, id="RDSPostgresDB", engine=rds.DatabaseInstanceEngine.POSTGRES, engine_version="11", instance_class=ec2.InstanceType.of( ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL), master_username="******", vpc=vpc, vpc_placement=ec2.SubnetSelection( subnet_type=ec2.SubnetType.ISOLATED ), multi_az=True, allocated_storage=100, storage_type=rds.StorageType.GP2, cloudwatch_logs_exports=["audit", "error", "general", "slowquery"], deletion_protection=False, delete_automated_backups=False, backup_retention=core.Duration.days(7), parameter_group=rds.ParameterGroup.from_parameter_group_name( self, id="para-group-postgres", parameter_group_name="postgres11" ) ) # Rotate the master user password every 30 days db.add_rotation_single_user() # Add alarm for high CPU cloudwatch.Alarm( self, id="HighCPU", metric=db.metric_cpu_utilization(), threshold=90, evaluation_periods=1 ) # Trigger Lambda function on instance availability events fn = _lambda.Function(self, id="PostgresAvailibilityFunction", code=_lambda.Code.from_inline("exports.handler = (event) => console.log(event);"), handler="index.handler", runtime=_lambda.Runtime.NODEJS_10_X ) availability_rule = db.on_event( "Availability", target=targets.LambdaFunction(fn)) availability_rule.add_event_pattern( detail={ "EventCategories": [ "availability" ] } )
def _setup_sqlserver(self) -> None: port = 1433 database = "test" schema = "dbo" sqlserver = rds.DatabaseInstance( self, "aws-data-wrangler-sqlserver-instance", instance_identifier="sqlserver-instance-wrangler", engine=rds.DatabaseInstanceEngine.sql_server_ex(version=rds.SqlServerEngineVersion.VER_15), instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.SMALL), credentials=rds.Credentials.from_password( username=self.db_username, password=self.db_password_secret, ), port=port, vpc=self.vpc, subnet_group=self.rds_subnet_group, security_groups=[self.db_security_group], publicly_accessible=True, s3_import_role=self.rds_role, s3_export_role=self.rds_role, ) glue.Connection( self, "aws-data-wrangler-sqlserver-glue-connection", description="Connect to SQL Server.", type=glue.ConnectionType.JDBC, connection_name="aws-data-wrangler-sqlserver", properties={ "JDBC_CONNECTION_URL": f"jdbc:sqlserver://{sqlserver.instance_endpoint.hostname}:{port};databaseName={database}", # noqa: E501 "USERNAME": self.db_username, "PASSWORD": self.db_password, }, subnet=self.vpc.private_subnets[0], security_groups=[self.db_security_group], ) secrets.Secret( self, "aws-data-wrangler-sqlserver-secret", secret_name="aws-data-wrangler/sqlserver", description="SQL Server credentials", generate_secret_string=secrets.SecretStringGenerator( generate_string_key="dummy", secret_string_template=json.dumps( { "username": self.db_username, "password": self.db_password, "engine": "sqlserver", "host": sqlserver.instance_endpoint.hostname, "port": port, "dbClusterIdentifier": sqlserver.instance_identifier, "dbname": database, } ), ), ) CfnOutput(self, "SqlServerAddress", value=sqlserver.instance_endpoint.hostname) CfnOutput(self, "SqlServerPort", value=str(port)) CfnOutput(self, "SqlServerDatabase", value=database) CfnOutput(self, "SqlServerSchema", value=schema)
def _create_backend_store(self): """ Create a RDS as a backend store for MLflow server """ # Creates a security group for AWS RDS self.sg_rds = ec2.SecurityGroup(scope=self, id="SGRDS", vpc=self.vpc, security_group_name="sg_rds") # Adds an ingress rule which allows resources in the VPC's CIDR to access the database. self.sg_rds.add_ingress_rule(peer=ec2.Peer.ipv4("10.0.0.0/24"), connection=ec2.Port.tcp(self.port)) backend_store_id = f"{self.stack_name}-{self.component_id}-backend-store" self.database = rds.DatabaseInstance( scope=self, id=backend_store_id, database_name=self.dbname, port=self.port, credentials=rds.Credentials.from_username( username=self.username, password=self.db_password_secret.secret_value ), engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_19), instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL), vpc=self.vpc, security_groups=[self.sg_rds], vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_ISOLATED), # multi_az=True, removal_policy=RemovalPolicy.DESTROY, deletion_protection=False, )
def __init__(self, scope: Construct, id: str, props, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Creates a security group for AWS RDS sg_rds = ec2.SecurityGroup(self, id="sg_rds", vpc=props['vpc'], security_group_name="sg_rds") # Adds an ingress rule which allows resources in the VPC's CIDR # to access the database. sg_rds.add_ingress_rule(peer=ec2.Peer.ipv4("10.0.0.0/16"), connection=ec2.Port.tcp(3306)) # Master username is 'admin' and database password is automatically # generated and stored in AWS Secrets Manager my_sql = rds.DatabaseInstance( self, "RDS", engine=rds.DatabaseInstanceEngine.mysql( version=rds.MysqlEngineVersion.VER_8_0_16), vpc=props['vpc'], port=3306, instance_type=ec2.InstanceType.of( ec2.InstanceClass.MEMORY4, ec2.InstanceSize.LARGE, ), removal_policy=RemovalPolicy.DESTROY, security_groups=[sg_rds])
def create_rds_instance( scope: core.Construct, stack_name: str, vpc: IVpc, config: StackConfig, ecs_cluster: ecs.Cluster, ): database = rds.DatabaseInstance( scope, f'{stack_name}-rds', vpc=vpc, engine=rds.DatabaseInstanceEngine.postgres( version=rds.PostgresEngineVersion.VER_11), port=5432, credentials=rds.Credentials.from_username(config.database_username), instance_identifier=stack_name, instance_type=ec2.InstanceType(config.database_size), database_name=config.database_name, allocated_storage=config.database_allocated_storage, multi_az=False, allow_major_version_upgrade=False, delete_automated_backups=True, deletion_protection=False, auto_minor_version_upgrade=False, backup_retention=core.Duration.days(5), enable_performance_insights=True, storage_encrypted=config.database_encrypted, vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC), ) core.CfnOutput(scope=scope, id='rdsAddress', value=database.db_instance_endpoint_address) return database
def __init__(self, scope: cdk.Construct, id: str, vpc, asg_security_groups, **kwargs) -> None: super().__init__(scope, id, **kwargs) """ Create an RDS Database: """ konstone_db = _rds.DatabaseInstance( self, "konstoneRDS", database_name="konstone_db", engine=_rds.DatabaseInstanceEngine.MYSQL, vpc=vpc, port=3306, allocated_storage=30, multi_az=False, cloudwatch_logs_exports=["audit", "error", "general", "slowquery"], instance_type=_ec2.InstanceType.of(_ec2.InstanceClass.BURSTABLE2, _ec2.InstanceSize.MICRO), removal_policy=cdk.RemovalPolicy.DESTROY, deletion_protection=False, delete_automated_backups=True, backup_retention=cdk.Duration.days(7)) # Get ASG security groups: for sg in asg_security_groups: konstone_db.connections.allow_default_port_from( sg, "Allow EC2 ASG access to RDS MySQL") # Output for DB Endpoint: output_1 = cdk.CfnOutput( self, "DatabaseConnectionCommand", value= f"mysql - h {konstone_db.db_instance_endpoint_address} -p 3306 -u mystiquemas", description="Connect to the database using this command")
def __init__(self, scope: core.Construct, id: str, vpc, asg_security_groups, **kwargs) -> None: super().__init__(scope, id, **kwargs) #Creating Database db_mysql_easy = rds.DatabaseInstance( self, "webapp-db", engine=rds.DatabaseInstanceEngine.MYSQL, instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL), vpc=vpc, multi_az=False, allocated_storage=100, storage_type=rds.StorageType.GP2, cloudwatch_logs_exports=["error", "general", "slowquery"], deletion_protection=False, delete_automated_backups=True, backup_retention=core.Duration.days(7), parameter_group=rds.ParameterGroup.from_parameter_group_name( self, "para-group-mysql", parameter_group_name="default.mysql5.7")) for asg_sg in asg_security_groups: db_mysql_easy.connections.allow_default_port_from( asg_sg, "EC2 Autoscaling Group access MySQL")
def __init__(self, scope: core.Construct, id: str, vpc, **kwargs) -> None: super().__init__(scope, id, **kwargs) db_mysql = rds.DatabaseInstance( self, "MySQL", engine=rds.DatabaseInstanceEngine.mysql( version=rds.MysqlEngineVersion.VER_5_0_30), instance_type=ec2.InstanceType("m5.4xlarge"), vpc=vpc, multi_az=False, publicly_accessible=True, allocated_storage=100, storage_type=rds.StorageType.GP2, cloudwatch_logs_exports=["audit", "error", "general", "slowquery"], deletion_protection=False, delete_automated_backups=False, backup_retention=core.Duration.days(7), parameter_group=rds.ParameterGroup.from_parameter_group_name( self, "para-group-mysql", parameter_group_name="default.mysql5.7")) db_mysql.connections.allow_default_port_from(ec2.Peer.ipv4(c9_ip), "Cloud9 MySQL Access") core.CfnOutput(self, "RDSInstanceId", value=db_mysql.instance_identifier)
def __init__(self, scope: core.Construct, id: str, vpc: IVpc, subnet_ids: list, adfs: ldap.CfnMicrosoftAD, **kwargs) -> None: super().__init__(scope, id, **kwargs) sql2ad_role = iam.Role( self, 'RDSDirectoryServicesRole', assumed_by=iam.ServicePrincipal("rds.amazonaws.com"), managed_policies=[ iam.ManagedPolicy.from_aws_managed_policy_name( "service-role/AmazonRDSDirectoryServiceAccess") ]) rds.DatabaseInstance( self, 'WebDatabase', engine=rds.DatabaseInstanceEngine.sql_server_web( version=rds.SqlServerEngineVersion.VER_15), storage_encrypted=True, instance_type=ec2.InstanceType.of(ec2.InstanceClass.STANDARD5, ec2.InstanceSize.LARGE), auto_minor_version_upgrade=True, vpc=vpc, credentials=rds.Credentials.from_username( username='******'), # passwd = admin enable_performance_insights=True, multi_az=False, domain=adfs.ref, domain_role=sql2ad_role)
def _create_rds(self): """ Create RDS for training. """ subnet_group = rds.SubnetGroup( self, "RdsSubnetGroup", description="for RDS", vpc=self.vpc, removal_policy=RemovalPolicy.DESTROY, subnet_group_name=f"{self.name_prefix}-sg-rds", vpc_subnets=self.subnet_selection) self.rds = rds.DatabaseInstance( self, f"{self.name_prefix}-database", engine=rds.DatabaseInstanceEngine.mysql( version=rds.MysqlEngineVersion.VER_8_0_16), vpc=self.vpc, port=3306, instance_type=ec2.InstanceType.of(ec2.InstanceClass["MEMORY4"], ec2.InstanceSize["LARGE"]), removal_policy=RemovalPolicy.DESTROY, deletion_protection=False, security_groups=[self.security_group], subnet_group=subnet_group)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) vpc = ec2.Vpc(self, 'VPC', nat_gateways=1) db_security_group = ec2.SecurityGroup( self, 'SecurityGroup', vpc=vpc, allow_all_outbound=False ) db_security_group.add_ingress_rule( ec2.Peer.ipv4(vpc.vpc_cidr_block), ec2.Port.tcp(self.DB_PORT), description='Allow inbound traffic from within VPC', ) rds.DatabaseInstance( self, 'RDS', database_name='{{cookiecutter.project_slug}}', master_username='******', master_user_password=core.SecretValue.ssm_secure(self.DB_PASSWORD_PARAM_NAME, '1'), engine=rds.DatabaseInstanceEngine.POSTGRES, engine_version='11.6', vpc=vpc, port=self.DB_PORT, instance_class=ec2.InstanceType.of( ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO, ), allocated_storage=20, removal_policy=core.RemovalPolicy.DESTROY, deletion_protection=False, security_groups=[db_security_group], )
def __init__(self, scope: core.Construct, construct_id: str, vpc, asg_secg, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) #RDS db rds_db = aws_rds.DatabaseInstance( self, "rdsDB", database_name="testdb", engine=aws_rds.DatabaseInstanceEngine.MYSQL, vpc=vpc, port=3306, allocated_storage=20, multi_az=False, cloudwatch_logs_exports=["error", "general", "slowquery"], instance_type=aws_ec2.InstanceType.of( aws_ec2.InstanceClass.BURSTABLE2, aws_ec2.InstanceSize.MICRO), removal_policy=core.RemovalPolicy.DESTROY, deletion_protection=False, delete_automated_backups=True, backup_retention=core.Duration.days(2)) for scg in asg_secg: rds_db.connections.allow_default_port_from(scg, "EC2 access to RDS") #rds output outpur_rdsdb = core.CfnOutput( self, "rdsDBoutput", value= f"mysql -h {rds_db.db_instance_endpoint_address} -P 3306 -u admin -p", description="Connect to rds via EC2")
def __init__(self, scope: core.Construct, id: str, props, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Creates a security group for AWS RDS sg_rds = ec2.SecurityGroup( self, id="sg_rds", vpc=props['vpc'], security_group_name="sg_rds" ) # Adds an ingress rule which allows resources in the VPC's CIDR # to access the database. sg_rds.add_ingress_rule( peer=ec2.Peer.ipv4("10.0.0.0/16"), connection=ec2.Port.tcp(3306) ) # Master data base word is automatically generated and # stored in "AWS Secrets Manager" my_sql = rds.DatabaseInstance( self, "RDS", master_username="******", engine_version="8.0.16", engine=rds.DatabaseInstanceEngine.MYSQL, vpc=props['vpc'], port=3306, instance_class=ec2.InstanceType.of( ec2.InstanceClass.MEMORY4, ec2.InstanceSize.LARGE, ), removal_policy=core.RemovalPolicy.DESTROY, security_groups=[sg_rds] )
def __init__(self, scope: core.Construct, id: str, vpc, **kwargs) -> None: super().__init__(scope, id, **kwargs) db_mysql8 = rds.DatabaseInstance( self, "MySQL8", engine=rds.DatabaseInstanceEngine.mysql( version=rds.MysqlEngineVersion.VER_8_0_21), instance_type=ec2.InstanceType("m5.4xlarge"), vpc=vpc, multi_az=False, publicly_accessible=True, allocated_storage=100, storage_type=rds.StorageType.GP2, cloudwatch_logs_exports=["error", "general", "slowquery"], deletion_protection=False, enable_performance_insights=True, delete_automated_backups=True, backup_retention=core.Duration.days(0), vpc_subnets={"subnet_type": ec2.SubnetType.PUBLIC}, parameter_group=rds.ParameterGroup.from_parameter_group_name( self, "para-group-mysql", parameter_group_name="default.mysql8.0")) db_mysql8.connections.allow_default_port_from(ec2.Peer.ipv4(c9_ip), "Cloud9 MySQL Access") core.CfnOutput(self, "MySQL8RDSInstanceId", value=db_mysql8.instance_identifier) core.CfnOutput(self, "MySQL8SecretArn", value=db_mysql8.secret.secret_arn)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) vpc = ec2.Vpc.from_lookup(self, 'VPC', vpc_name="EnvironmentStack/VPC") security_group = ec2.SecurityGroup( self, "Ghost-DB-SG", vpc=vpc, allow_all_outbound=True ) security_group.add_ingress_rule( ec2.Peer.any_ipv4(), ec2.Port.tcp(3306) ) rds.DatabaseInstance( self, "RDS", deletion_protection=False, removal_policy=core.RemovalPolicy.DESTROY, multi_az=False, allocated_storage=20, engine=rds.DatabaseInstanceEngine.mysql( version=rds.MysqlEngineVersion.VER_8_0_17 ), master_username="******", database_name="ghost", vpc=vpc, instance_type=ec2.InstanceType.of( ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MICRO), security_groups=[security_group] )
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Creates VPC vpc = ec2.Vpc(self, id) # Creates RDS Database instance = rds.DatabaseInstance( self, "RDS", database_name="covid", engine=rds.DatabaseInstanceEngine.mysql( version=rds.MysqlEngineVersion.VER_8_0_21 ), vpc=vpc, port=3306, instance_type=ec2.InstanceType.of( ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO, ), removal_policy=core.RemovalPolicy.DESTROY, deletion_protection=False, vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC), ) # Add inbound rule to RDS SG instance.connections.allow_from_any_ipv4(ec2.Port.tcp(3306), "Open to the world") # Defines Lambda layers python_etl_layer = _lambda.LayerVersion( self, "python-etl", code=_lambda.AssetCode('C:\Code\ACG Challenge – AWS ETL\python.zip')) # Defines an AWS Lambda resource my_lambda = _lambda.Function( self, 'etlhandler', runtime=_lambda.Runtime.PYTHON_3_7, code=_lambda.Code.asset('lambda'), handler='etl.extract_csv1', layers=[python_etl_layer], timeout=core.Duration.seconds(30), memory_size=(256) ) # Add Lambda Environment Variables my_lambda.add_environment("RDS_INSTANCE", instance.instance_endpoint.hostname) my_lambda.add_environment("SECRET_NAME", instance.secret.secret_full_arn) # Grant permission to lambda to access RDS Secret instance.secret.grant_read(my_lambda) # Create a Cloudwatch Event rule four_hour_rule = aws_events.Rule( self, "four_hour_rule", schedule=aws_events.Schedule.rate(core.Duration.minutes(240)), ) # Add target to Cloudwatch Event four_hour_rule.add_target(aws_events_targets.LambdaFunction(my_lambda))
def __init__(self, scope: core.Construct, **kwargs) -> None: self.deploy_env = active_environment super().__init__(scope, id=f"{self.deploy_env.value}-common-stack", **kwargs) self.custom_vpc = ec2.Vpc(self, f"vpc-{self.deploy_env.value}") self.orders_rds_sg = ec2.SecurityGroup( self, f"orders-{self.deploy_env.value}-sg", vpc=self.custom_vpc, allow_all_outbound=True, security_group_name=f"orders-{self.deploy_env.value}-sg", ) self.orders_rds_sg.add_ingress_rule( peer=ec2.Peer.ipv4("0.0.0.0/0"), connection=ec2.Port.tcp(5432) ) for subnet in self.custom_vpc.private_subnets: self.orders_rds_sg.add_ingress_rule( peer=ec2.Peer.ipv4(subnet.ipv4_cidr_block), connection=ec2.Port.tcp(5432) ) self.orders_rds_parameter_group = rds.ParameterGroup( self, f"orders-{self.deploy_env.value}-rds-parameter-group", description="Parameter group to allow CDC from RDS using DMS.", engine=rds.DatabaseInstanceEngine.postgres( version=rds.PostgresEngineVersion.VER_12_4 ), parameters={"rds.logical_replication": "1", "wal_sender_timeout": "0"}, ) self.orders_rds = rds.DatabaseInstance( self, f"orders-{self.deploy_env.value}-rds", engine=rds.DatabaseInstanceEngine.postgres( version=rds.PostgresEngineVersion.VER_12_4 ), database_name="orders", instance_type=ec2.InstanceType("t3.micro"), vpc=self.custom_vpc, instance_identifier=f"rds-{self.deploy_env.value}-orders-db", port=5432, vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC), subnet_group=rds.SubnetGroup( self, f"rds-{self.deploy_env.value}-subnet", description="place RDS on public subnet", vpc=self.custom_vpc, vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC), ), parameter_group=self.orders_rds_parameter_group, security_groups=[self.orders_rds_sg], removal_policy=core.RemovalPolicy.DESTROY, **kwargs, )
def __init__(self, scope: core.Construct, id: str, vpc: ec2.Vpc, security_group: ec2.SecurityGroup, config: dict, **kwargs) -> None: super().__init__(scope, id, **kwargs) vdb_rds_params = rds.ParameterGroup(self, id='rds-pg-vdb-cdk', family='postgres11', parameters={ 'autovacuum': '1', 'autovacuum_work_mem': '-1', 'autovacuum_max_workers': '3', 'huge_pages': 'on', 'log_min_duration_statement': '1000', 'track_counts': '1', 'maintenance_work_mem': '524288', 'shared_buffers': '262144', 'seq_page_cost': '1', 'random_page_cost': '2', 'min_wal_size': '512', 'max_wal_size': '4096', 'wal_compression': '1', 'work_mem': '262144', 'temp_file_limit': '10485760', 'effective_cache_size': '786432' }) self.vdb_rds = rds.DatabaseInstance( self, id='VdbCdk', database_name=config['DATABASE_NAME'], instance_identifier='vdb-prod-cdk', master_username=config['DATABASE_USER'], master_user_password=core.SecretValue( value=config['DATABASE_PASSWORD']), port=5432, engine=rds.DatabaseInstanceEngine.POSTGRES, engine_version='11.6', instance_class=ec2.InstanceType('t3.large'), allocated_storage=100, storage_encrypted=False, multi_az=False, storage_type=rds.StorageType.GP2, allow_major_version_upgrade=False, auto_minor_version_upgrade=False, preferred_maintenance_window='sun:02:00-sun:04:00', copy_tags_to_snapshot=True, backup_retention=core.Duration.days(7), preferred_backup_window='04:00-06:00', parameter_group=vdb_rds_params, vpc=vpc, security_groups=[security_group])
def __init__(self, scope: core.Construct, id: str, *, app_env: str, vpc: ec2.Vpc, **kwargs) -> None: super().__init__(scope, id, **kwargs) security_group_params = { 'security_group_name': f'rds-{app_env}-test-security-group', 'description': f'security group for rds test({app_env})', 'vpc': vpc, } security_group = ec2.SecurityGroup(self, 'security-group', **security_group_params) security_group.add_ingress_rule( peer=ec2.Peer.ipv4("54.125.156.2/32"), connection=ec2.Port( string_representation='random office', protocol=ec2.Protocol.TCP, from_port=5432, to_port=5432, )) password = Param.value_for_string_parameter( self, f'/{app_env}/test/DATABASE_PASSWORD') rds_params = { 'engine': rds.DatabaseInstanceEngine.POSTGRES, 'database_name': Param.value_for_string_parameter(self, f'/{app_env}/test/DATABASE_NAME'), 'master_username': Param.value_for_string_parameter(self, f'/{app_env}/test/DATABASE_USER'), 'master_user_password': core.SecretValue.plain_text(password), 'instance_class': ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MICRO), 'instance_identifier': f'{app_env}-test', 'backup_retention': core.Duration.days(7), 'delete_automated_backups': True, 'security_groups': [security_group], 'storage_type': rds.StorageType.GP2, 'allocated_storage': 20, 'engine_version': '11.5', 'vpc': vpc, } self._rds = rds.DatabaseInstance(self, 'rds', **rds_params)
def __init__(self, app: core.App, id: str, **kwargs) -> None: super().__init__(app, id, **kwargs) self.platform_resources = ImportedResources(self, self.stack_name) self.rds_security_group = aws_ec2.SecurityGroup( self, "rds-security-group", vpc=self.platform_resources.vpc, allow_all_outbound=True) self.rds_security_group.add_ingress_rule( peer=aws_ec2.Peer.ipv4(self.platform_resources.vpc.vpc_cidr_block), connection=aws_ec2.Port.tcp(3306)) my_secret = aws_secretsmanager.Secret.from_secret_name( self, "DBSecret", "support/octicketing/rds") self.rds = aws_rds.DatabaseInstance( self, "support-rds", database_name="support_db", instance_identifier='support-db', credentials=aws_rds.Credentials.from_secret(my_secret), engine=aws_rds.DatabaseInstanceEngine.mysql( version=aws_rds.MysqlEngineVersion.VER_5_6), vpc=self.platform_resources.vpc, port=3306, instance_type=aws_ec2.InstanceType.of( aws_ec2.InstanceClass.BURSTABLE3, aws_ec2.InstanceSize.MICRO, ), removal_policy=core.RemovalPolicy.DESTROY, security_groups=[self.rds_security_group], deletion_protection=False) self.db_auth_policy_stmt = aws_iam.PolicyStatement( effect=aws_iam.Effect.ALLOW, actions=["rds-db:connect"], resources=[self.rds.instance_arn]) policy_doc = aws_iam.PolicyDocument() policy_doc.add_statements(self.db_auth_policy_stmt) self.db_auth_policy = aws_iam.Policy( self, 'db-auth-policy', policy_name='RdsDbAuthPolicy', statements=[self.db_auth_policy_stmt]) self.db_auth_role = aws_iam.Role( self, "db-auth-role", role_name='RdsDbAuthRole', assumed_by=aws_iam.ServicePrincipal('ec2.amazonaws.com')) self.db_auth_role.add_to_policy(self.db_auth_policy_stmt)
def __init__(self, scope: core.Construct, environment: Environment, **kwargs) -> None: self.env = environment.value super().__init__(scope, id=f'{self.env}-common', **kwargs) self.custom_vpc = ec2.Vpc( self, f'vpc-{self.env}' ) self.orders_rds_sg = ec2.SecurityGroup( self, f'orders-{self.env}-sg', vpc=self.custom_vpc, allow_all_outbound=True, security_group_name=f'orders-{self.env}-sg', ) self.orders_rds_sg.add_ingress_rule( peer=ec2.Peer.ipv4('37.156.75.55/32'), connection=ec2.Port.tcp(5432) ) for subnet in self.custom_vpc.private_subnets: self.orders_rds_sg.add_ingress_rule( peer=ec2.Peer.ipv4(subnet.ipv4_cidr_block), connection=ec2.Port.tcp(5432) ) self.orders_rds = rds.DatabaseInstance( self, f'orders-{self.env}-rds', engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_11_2), database_name='orders', instance_type=ec2.InstanceType('t3.micro'), vpc=self.custom_vpc, instance_identifier=f'rds-{self.env}-orders-db', port=5432, vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC), subnet_group=rds.SubnetGroup( self, f'rds-{self.env}-subnet', description='place RDS on public subnet', vpc=self.custom_vpc, vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC) ), security_groups=[ self.orders_rds_sg ], removal_policy=core.RemovalPolicy.DESTROY, **kwargs )
def build(cls, *, stack): vpc_db_instance = cls() vpc_db_instance.vpc = ec2.Vpc(stack, "vpc", cidr="10.0.0.0/24" ) master_user_name = "exampleadmin" vpc_db_instance.db_security_group = ec2.SecurityGroup(stack, "dbsecuritygroup", security_group_name="DBSG", vpc=vpc_db_instance.vpc, allow_all_outbound=True ) vpc_db_instance.db_instance = rds.DatabaseInstance(stack, 'exampleinstance', master_username=master_user_name, engine=rds.DatabaseInstanceEngine.POSTGRES, instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL), vpc=vpc_db_instance.vpc, auto_minor_version_upgrade=True, database_name='exampledb', storage_encrypted=True, multi_az=False, security_groups=[vpc_db_instance.db_security_group] ) # create bastion host in public subnet with no KeyPairName (use ec2-instance-connect) vpc_db_instance.bastion_host_security_group = ec2.SecurityGroup(stack, "bastionhostsecuritygroup", security_group_name="bastionhostsecuritygroup", vpc=vpc_db_instance.vpc, allow_all_outbound=True ) vpc_db_instance.bastion_host_linux = ec2.BastionHostLinux(stack, "bastionhostSG", vpc=vpc_db_instance.vpc, instance_name="bastionhost", instance_type=ec2.InstanceType("t2.micro"), subnet_selection={ "subnet_type": ec2.SubnetType.PUBLIC }, security_group=vpc_db_instance.bastion_host_security_group ) vpc_db_instance.db_security_group.add_ingress_rule(vpc_db_instance.bastion_host_security_group, ec2.Port.tcp(5432), 'bastion host') return vpc_db_instance
def __init__(self, scope: core.Construct, id: str, vpc, asg_security_groups, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Ceate Aurora Cluster with 2 instances with CDK High Level API # Secrets Manager auto generate and keep the password, don't put password in cdk code directly # db_Aurora_cluster = rds.DatabaseCluster(self, "MyAurora", # default_database_name="MyAurora", # engine=rds.DatabaseClusterEngine.arora_mysql( # version=rds.AuroraMysqlEngineVersion.VER_5_7_12 # ) # master_user=rds.Login(username="******"), # instance_props=rds.InstanceProps( # vpc=vpc, # vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.ISOLATED), # instance_type=ec2.InstanceType(instance_type_identifier="t2.small") # ), # instances=2, # parameter_group=rds.ClusterParameterGroup.from_parameter_group_name( # self, "para-group-aurora", # parameter_group_name="default.aurora-mysql5.7" # ), # ) # for asg_sg in asg_security_groups: # db_Aurora_cluster.connections.allow_default_port_from(asg_sg, "EC2 Autoscaling Group access Aurora") # Alternatively, create MySQL RDS with CDK High Level API db_mysql_easy = rds.DatabaseInstance( self, "MySQL_DB_easy", engine=rds.DatabaseInstanceEngine.mysql( version=rds.MysqlEngineVersion.VER_5_7_30), instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL), master_username="******", vpc=vpc, multi_az=True, allocated_storage=100, storage_type=rds.StorageType.GP2, cloudwatch_logs_exports=["audit", "error", "general", "slowquery"], deletion_protection=False, delete_automated_backups=False, backup_retention=core.Duration.days(7), parameter_group=rds.ParameterGroup.from_parameter_group_name( self, "para-group-mysql", parameter_group_name="default.mysql5.7")) for asg_sg in asg_security_groups: db_mysql_easy.connections.allow_default_port_from( asg_sg, "EC2 Autoscaling Group access MySQL")
def _define_database(self): """ Defines the databases. """ version = rds.PostgresEngineVersion.VER_12_4 engine = rds.DatabaseInstanceEngine.postgres(version=version) cluster = rds.DatabaseInstance( self, 'postgresql_database', engine=engine, allocated_storage=20, # 20 GB max_allocated_storage=100, # 100 GB vpc=self.network.vpc, multi_az=True) return cluster
def create_rds(self): my_rds = rds.DatabaseInstance( self, guid('RDS-'), master_username="******", master_user_password=core.SecretValue.plain_text("password"), database_name="db1", engine=rds.DatabaseInstanceEngine.MYSQL, vpc=self.vpc, port=3306, instance_type=self.DEFAULT_EC2_TYPE, removal_policy=core.RemovalPolicy.DESTROY, deletion_protection=False, multi_az=True, max_allocated_storage=1000) return my_rds
def __init__(self, scope: cdk.Construct, construct_id: str, vpc: ec2.IVpc, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) self.instance = rds.DatabaseInstance( self, construct_id, engine=rds.DatabaseInstanceEngine.mysql( version=rds.MysqlEngineVersion.VER_8_0), vpc=vpc, database_name="metastore", removal_policy=cdk.RemovalPolicy.DESTROY, deletion_protection=False) self.instance.connections.allow_from_any_ipv4( ec2.Port.tcp(3306), "Allow mysql from anywhere")
def __init__(self, scope: core.Construct, id: str, vpc: VpcStack, **kwargs) -> None: super().__init__(scope, id, **kwargs) self.db_name = "airflow" self.rds_secret = sm.Secret( self, "airflow-rds", secret_name="airflow-rds-credentials", description="Credentials for RDS PostgreSQL.", generate_secret_string=sm.SecretStringGenerator( secret_string_template='{"username": "******"}', generate_string_key="password", password_length=16, exclude_characters='"@\\\/', exclude_punctuation=True, ), ) credentials = rds.Credentials.from_secret(self.rds_secret) postgres = rds.DatabaseInstance( self, "RDS", credentials=credentials, instance_identifier="airflow-cdk", database_name=self.db_name, engine=rds.DatabaseInstanceEngine.postgres( version=rds.PostgresEngineVersion.VER_9_6_18), vpc=vpc.instance, vpc_placement=ec2.SubnetSelection( subnet_type=ec2.SubnetType.ISOLATED), port=5432, instance_type=ec2.InstanceType.of( ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO, ), allocated_storage=20, security_groups=[vpc.postgres_sg], removal_policy=core.RemovalPolicy.DESTROY, parameter_group=rds.ParameterGroup.from_parameter_group_name( self, "para-group-postgres", parameter_group_name="default.postgres9.6"), deletion_protection=False, ) self._instance = postgres