def __init__(
self,
scope: Construct,
id: str,
context: "Context",
team_context: "TeamContext",
parameters: Dict[str, Any],
) -> None:
super().__init__(
scope=scope,
id=id,
stack_name=id,
env=Environment(account=context.account_id, region=context.region),
)
Tags.of(scope=cast(IConstruct, self)).add(
key="Env", value=f"orbit-{context.name}")
_logger.info(f"Plugin parameters: {parameters}")
# just showing how to create resource. Do not forget to update the IAM policy or make sure the attached policy
# for the team is allowing the creation and destruction of the resource.
ssm_parameter: str = f"/orbit/{context.name}/{team_context.name}/hello-plugin"
ssm.StringParameter(
scope=self,
id="param",
string_value="testing plugin hello world",
parameter_name=ssm_parameter,
)
def __init__(self, scope: Construct, id: str, context: "Context",
team_context: "TeamContext", parameters: Dict[str,
Any]) -> None:
super().__init__(
scope=scope,
id=id,
stack_name=id,
env=Environment(account=context.account_id, region=context.region),
)
Tags.of(scope=cast(IConstruct, self)).add(
key="Env", value=f"orbit-{context.name}")
if team_context.eks_pod_role_arn is None:
raise ValueError("Pod Role arn required")
team_role = iam.Role.from_role_arn(
scope=self,
id="team-role",
role_arn=team_context.eks_pod_role_arn,
mutable=True)
team_role.attach_inline_policy(policy=iam.Policy(
scope=self,
id="emr_on_eks",
policy_name="emr_on_eks",
statements=[
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=[
"emr-containers:StartJobRun",
"emr-containers:ListJobRuns",
"emr-containers:DescribeJobRun",
"emr-containers:CancelJobRun",
"emr-containers:TagResource",
],
resources=[parameters.get("virtual_arn", "*")],
),
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=[
"logs:*",
],
resources=[
f"arn:aws:logs:{context.region}:{context.account_id}:log-group:/orbit/emr/*",
f"arn:aws:logs:{context.region}:{context.account_id}:log-group:/orbit/emr/*:log-stream:*",
],
),
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=[
"emr-containers:Get*",
"emr-containers:Describe*",
"emr-containers:List*",
"elasticmapreduce:CreatePersistentAppUI",
"elasticmapreduce:DescribePersistentAppUI",
"elasticmapreduce:GetPersistentAppUIPresignedURL",
],
resources=["*"],
),
],
))
def main():
# ------------------------------
# Validate Config Values
# ------------------------------
if 'region' in config.deadline_client_linux_ami_map:
raise ValueError('Deadline Client Linux AMI map is required but was not specified.')
# ------------------------------
# Application
# ------------------------------
app = App()
if 'CDK_DEPLOY_ACCOUNT' not in os.environ and 'CDK_DEFAULT_ACCOUNT' not in os.environ:
raise ValueError('You must define either CDK_DEPLOY_ACCOUNT or CDK_DEFAULT_ACCOUNT in the environment.')
if 'CDK_DEPLOY_REGION' not in os.environ and 'CDK_DEFAULT_REGION' not in os.environ:
raise ValueError('You must define either CDK_DEPLOY_REGION or CDK_DEFAULT_REGION in the environment.')
env = Environment(
account=os.environ.get('CDK_DEPLOY_ACCOUNT', os.environ.get('CDK_DEFAULT_ACCOUNT')),
region=os.environ.get('CDK_DEPLOY_REGION', os.environ.get('CDK_DEFAULT_REGION'))
)
sep_props = sep_stack.SEPStackProps(
docker_recipes_stage_path=os.path.join(os.path.dirname(os.path.realpath(__file__)), os.pardir, 'stage'),
worker_machine_image=MachineImage.generic_linux(config.deadline_client_linux_ami_map),
create_resource_tracker_role=config.create_resource_tracker_role,
)
service = sep_stack.SEPStack(app, 'SEPStack', props=sep_props, env=env)
app.synth()
def __init__(self, scope: Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
source_artifact = codepipeline.Artifact()
cloud_assembly_artifact = codepipeline.Artifact()
github_token_secret_name = os.getenv('GITHUB_TOKEN', '')
pipeline = CdkPipeline(
self,
"Pipeline",
pipeline_name="SharedPipeline",
cloud_assembly_artifact=cloud_assembly_artifact,
source_action=codepipeline_actions.GitHubSourceAction(
action_name="GitHub",
output=source_artifact,
oauth_token=SecretValue.secrets_manager(
github_token_secret_name),
trigger=codepipeline_actions.GitHubTrigger.POLL,
owner="srethira",
repo="cdk-pipeline-shared"),
synth_action=SimpleSynthAction(
source_artifact=source_artifact,
cloud_assembly_artifact=cloud_assembly_artifact,
install_command=
"npm install -g aws-cdk && pip install -r requirements.txt",
# build_command="mvn package",
synth_command="cdk synth",
copy_environment_variables=["GITHUB_TOKEN"]))
pipeline.add_application_stage(
SharedStage(self,
'Testing',
env=Environment(account="462864815626",
region="us-west-1")))
# Do this as many times as necessary with any account and region
# Account and region may be different from the pipeline's.
pipeline.add_application_stage(
SharedStage(self,
'Prod',
env=Environment(account="462864815626",
region="us-west-2")))
def __init__(
self,
scope: Construct,
id: str,
context: "Context",
) -> None:
self.scope = scope
self.id = id
self.context = context
super().__init__(
scope=scope,
id=id,
stack_name=id,
env=Environment(account=self.context.account_id,
region=self.context.region),
)
Tags.of(scope=cast(IConstruct, self)).add(
key="Env", value=f"orbit-{self.context.name}")
if self.context.networking.vpc_id is None:
raise ValueError("self.context.networking.vpc_id is None.")
if self.context.networking.availability_zones is None:
raise ValueError(
"self.context.networking.availability_zones is None.")
self.i_vpc = ec2.Vpc.from_vpc_attributes(
scope=self,
id="vpc",
vpc_id=self.context.networking.vpc_id,
availability_zones=self.context.networking.availability_zones,
)
self.role_eks_cluster = self._create_role_cluster()
self.role_eks_env_nodegroup = self._create_env_nodegroup_role()
self.role_fargate_profile = self._create_role_fargate_profile()
self.role_cluster_autoscaler = self._create_cluster_autoscaler_role()
if self.context.user_pool_id:
self.context.cognito_users_url = orbit_cognito.get_users_url(
user_pool_id=self.context.user_pool_id,
region=self.context.region)
cognito_pool_arn: str = orbit_cognito.get_pool_arn(
user_pool_id=self.context.user_pool_id,
region=self.context.region,
account=self.context.account_id)
self.user_pool: cognito.UserPool = self._get_user_pool(
user_pool_arn=cognito_pool_arn)
else:
raise Exception("Missing Cognito User Pool ID ('user_pool_id') ")
self.user_pool_client = self._create_user_pool_client()
self.identity_pool = self._create_identity_pool()
self.token_validation_lambda = self._create_token_validation_lambda()
self.eks_service_lambda = self._create_eks_service_lambda()
self.cluster_pod_security_group = self._create_cluster_pod_security_group(
)
self.context_parameter = self._create_manifest_parameter()
self._create_post_authentication_lambda()
def convert_to_cdk_constructs(
raw_config: Dict[str, Any]) -> Dict[str, Any]:
"""
Converts raw config to CDK specific constructs when required.
This method can be used when overwriting the classmethod construct of
an inherited class in order to preserve the conversions of the parent
class.
"""
raw_build_environment = raw_config.pop('build_environment')
build_environment = Environment(**raw_build_environment)
raw_config.update(build_environment=build_environment)
return raw_config
def __init__(self, scope: Construct, id: str, context: "Context",
parameters: Dict[str, Any]) -> None:
super().__init__(
scope=scope,
id=id,
stack_name=id,
env=Environment(account=context.account_id, region=context.region),
)
Tags.of(scope=cast(IConstruct, self)).add(
key="Env", value=f"orbit-{context.name}")
_logger.debug(
"Passing Plugin CDK Stack parameters to the Nested stack Cfn parameters"
)
NestedCfnStack(self, id="custom-cfn-stack", parameters=parameters)
def convert_to_cdk_constructs(raw_config: Dict[str, Any]) -> Dict[str, Any]:
"""
Converts raw config to CDK specific constructs when required.
This method can be used when overwriting the classmethod construct of
an inherited class in order to preserved the conversions of the parent
class.
"""
raw_env = raw_config.pop('env')
raw_removal_policy = raw_config.pop('removal_policy')
env = Environment(**raw_env)
removal_policy = RemovalPolicy[raw_removal_policy]
raw_config.update(environment=env, removal_policy=removal_policy)
return raw_config
def __init__(self, scope: Construct, id: str, deploy_envs: list,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
cicd_params = self.node.try_get_context('CICDParameters')
connection_arn = cicd_params.get('ConnectionArn')
repo = cicd_params.get("RepositoryName")
branch = cicd_params.get("RepositoryBranch")
if connection_arn in [None, '', '<CONNECTION_ARN>']:
raise ValueError(
'"ConnectionArn" must be set in "cdk.json" to create CICD pipelines'
)
if repo in [None, '', '<REPOSITORY_NAME>']:
raise ValueError(
'"RepositoryName" must be set in "cdk.json" to create CICD pipelines'
)
if branch in [None, '', '<REPOSITORY_BRANCH>']:
raise ValueError(
'"RepositoryBranch" must be set in "cdk.json" to create CICD pipelines'
)
pipeline = CodePipeline(
self,
'AnalyticsPipeline',
synth=CodeBuildStep(
'Synth',
input=CodePipelineSource.connection(
repo_string=repo,
branch=branch,
connection_arn=connection_arn),
commands=[
'cd refarch/aws-native', 'pip install -r requirements.txt',
'which npx', 'npm install -g aws-cdk', 'cdk synth'
],
primary_output_directory='refarch/aws-native/cdk.out'),
cross_account_keys=True,
)
for env in deploy_envs:
pipeline.add_stage(stage=PipelineStage(
self,
'AnalyticsPipelineStage',
env=Environment(account=env.account, region=env.region)))
def __init__(self, scope: Construct, id: str, context: "Context",
team_context: "TeamContext", parameters: Dict[str,
Any]) -> None:
super().__init__(
scope=scope,
id=id,
stack_name=id,
env=Environment(account=context.account_id, region=context.region),
)
Tags.of(scope=cast(IConstruct, self)).add(
key="Env", value=f"orbit-{context.name}")
# Collecting required parameters
team_space_props: Dict[str, Any] = {
"account_id":
context.account_id,
"region":
context.region,
"partition":
core.Aws.PARTITION,
"env_name":
context.name,
"teamspace_name":
team_context.name,
"lake_role_name":
f"orbit-{context.name}-{team_context.name}-role",
"vpc_id":
context.networking.vpc_id,
"subnet_ids": [
s.subnet_id for s in context.networking.public_subnets +
context.networking.isolated_subnets +
context.networking.private_subnets
],
"team_security_group_id":
team_context.team_security_group_id,
"team_kms_key_arn":
team_context.team_kms_key_arn,
}
self._redshift_clusters = RedshiftClusters(
self,
id="redshift-clusters-for-teamspace",
team_space_props=team_space_props,
plugin_params=parameters,
)
def __init__(self, scope: constructs.Construct, stack_id: str) -> None:
environment = Environment(account=environ["CDK_DEFAULT_ACCOUNT"],
region=environ["CDK_DEFAULT_REGION"])
super().__init__(scope, stack_id, env=environment)
env_name = environment_name()
storage = Storage(self, "storage", env_name=env_name)
Staging(self, "staging")
lambda_layers = LambdaLayers(self, "lambda-layers", env_name=env_name)
processing = Processing(
self,
"processing",
botocore_lambda_layer=lambda_layers.botocore,
env_name=env_name,
storage_bucket=storage.storage_bucket,
validation_results_table=storage.validation_results_table,
)
API(
self,
"api",
botocore_lambda_layer=lambda_layers.botocore,
datasets_table=storage.datasets_table,
env_name=env_name,
state_machine=processing.state_machine,
state_machine_parameter=processing.state_machine_parameter,
sqs_queue=processing.message_queue,
sqs_queue_parameter=processing.message_queue_name_parameter,
storage_bucket=storage.storage_bucket,
validation_results_table=storage.validation_results_table,
)
if self.node.try_get_context("enableLDSAccess"):
LDS(self,
"lds",
env_name=env_name,
storage_bucket=storage.storage_bucket)
def main():
# ------------------------------
# Application
# ------------------------------
app = App()
if 'CDK_DEPLOY_ACCOUNT' not in os.environ and 'CDK_DEFAULT_ACCOUNT' not in os.environ:
raise ValueError('You must define either CDK_DEPLOY_ACCOUNT or CDK_DEFAULT_ACCOUNT in the environment.')
if 'CDK_DEPLOY_REGION' not in os.environ and 'CDK_DEFAULT_REGION' not in os.environ:
raise ValueError('You must define either CDK_DEPLOY_REGION or CDK_DEFAULT_REGION in the environment.')
env = Environment(
account=os.environ.get('CDK_DEPLOY_ACCOUNT', os.environ.get('CDK_DEFAULT_ACCOUNT')),
region=os.environ.get('CDK_DEPLOY_REGION', os.environ.get('CDK_DEFAULT_REGION'))
)
# ------------------------------
# Service Tier
# ------------------------------
sep_props = sep_stack.SEPStackProps(
docker_recipes_stage_path=os.path.join(os.path.dirname(os.path.realpath(__file__)), os.pardir, 'stage'),
)
service = sep_stack.SEPStack(app, 'SEPStack', props=sep_props, env=env)
app.synth()
def main():
app = App()
if 'CDK_DEPLOY_ACCOUNT' not in os.environ and 'CDK_DEFAULT_ACCOUNT' not in os.environ:
raise ValueError(
'You must define either CDK_DEPLOY_ACCOUNT or CDK_DEFAULT_ACCOUNT in the environment.'
)
if 'CDK_DEPLOY_REGION' not in os.environ and 'CDK_DEFAULT_REGION' not in os.environ:
raise ValueError(
'You must define either CDK_DEPLOY_REGION or CDK_DEFAULT_REGION in the environment.'
)
env = Environment(
account=os.environ.get('CDK_DEPLOY_ACCOUNT',
os.environ.get('CDK_DEFAULT_ACCOUNT')),
region=os.environ.get('CDK_DEPLOY_REGION',
os.environ.get('CDK_DEFAULT_REGION')))
farm_props = base_farm_stack.BaseFarmStackProps(
deadline_version=config.deadline_version,
accept_aws_thinkbox_eula=config.accept_aws_thinkbox_eula)
farm_stack = base_farm_stack.BaseFarmStack(app,
'BaseFarmStack',
props=farm_props,
env=env)
compute_stack_props = compute_stack.ComputeStackProps(
deadline_version=config.deadline_version,
image_recipe_version=config.image_recipe_version,
render_queue=farm_stack.render_queue,
vpc=farm_stack.vpc)
compute_stack.ComputeStack(app,
'ComputeStack',
props=compute_stack_props,
env=env)
app.synth()
)
task_definition.add_container(
'Container',
image=ContainerImage.from_asset(
getcwd(),
file='Dockerfile',
repository_name='jqbx-bot',
exclude=['cdk.out']
),
command=['pipenv', 'run', 'python', '-u', '-m', 'src.main'],
environment={
'SPOTIFY_USER_ID': environ.get('SPOTIFY_USER_ID'),
'JQBX_ROOM_ID': environ.get('JQBX_ROOM_ID'),
'JQBX_BOT_DISPLAY_NAME': environ.get('JQBX_BOT_DISPLAY_NAME'),
'JQBX_BOT_IMAGE_URL': environ.get('JQBX_BOT_IMAGE_URL'),
'DATA_SERVICE_BASE_URL': environ.get('DATA_SERVICE_BASE_URL')
},
logging=AwsLogDriver(
stream_prefix='jqbx-bot',
log_group=LogGroup(self, 'LogGroup')
)
)
cluster = Cluster(self, '%sCluster' % _id)
FargateService(self, '%sService' % _id, cluster=cluster, task_definition=task_definition, desired_count=1)
if __name__ == '__main__':
app = App()
MainStack(app, 'JqbxBot', env=Environment(region=environ.get('AWS_DEFAULT_REGION')))
app.synth()
def main():
# ------------------------------
# Validate Config Values
# ------------------------------
if not config.ubl_certificate_secret_arn and config.ubl_licenses:
raise ValueError(
'UBL certificates secret ARN is required when using UBL but was not specified.'
)
if not config.ubl_licenses:
print('No UBL licenses specified. UBL Licensing will not be set up.')
if not config.key_pair_name:
print(
'EC2 key pair name not specified. You will not have SSH access to the render farm.'
)
if 'region' in config.deadline_client_linux_ami_map:
raise ValueError(
'Deadline Client Linux AMI map is required but was not specified.')
# ------------------------------
# Application
# ------------------------------
app = App()
if 'CDK_DEPLOY_ACCOUNT' not in os.environ and 'CDK_DEFAULT_ACCOUNT' not in os.environ:
raise ValueError(
'You must define either CDK_DEPLOY_ACCOUNT or CDK_DEFAULT_ACCOUNT in the environment.'
)
if 'CDK_DEPLOY_REGION' not in os.environ and 'CDK_DEFAULT_REGION' not in os.environ:
raise ValueError(
'You must define either CDK_DEPLOY_REGION or CDK_DEFAULT_REGION in the environment.'
)
env = Environment(
account=os.environ.get('CDK_DEPLOY_ACCOUNT',
os.environ.get('CDK_DEFAULT_ACCOUNT')),
region=os.environ.get('CDK_DEPLOY_REGION',
os.environ.get('CDK_DEFAULT_REGION')))
# ------------------------------
# Network Tier
# ------------------------------
network = network_tier.NetworkTier(app, 'NetworkTier', env=env)
# ------------------------------
# Security Tier
# ------------------------------
security = security_tier.SecurityTier(app, 'SecurityTier', env=env)
# ------------------------------
# Storage Tier
# ------------------------------
if config.deploy_mongo_db:
storage_props = storage_tier.StorageTierMongoDBProps(
vpc=network.vpc,
database_instance_type=InstanceType.of(InstanceClass.MEMORY5,
InstanceSize.LARGE),
root_ca=security.root_ca,
dns_zone=network.dns_zone,
accept_sspl_license=config.accept_sspl_license,
key_pair_name=config.key_pair_name)
storage = storage_tier.StorageTierMongoDB(app,
'StorageTier',
props=storage_props,
env=env)
else:
storage_props = storage_tier.StorageTierDocDBProps(
vpc=network.vpc,
database_instance_type=InstanceType.of(InstanceClass.MEMORY5,
InstanceSize.LARGE),
)
storage = storage_tier.StorageTierDocDB(app,
'StorageTier',
props=storage_props,
env=env)
# ------------------------------
# Service Tier
# ------------------------------
service_props = service_tier.ServiceTierProps(
database=storage.database,
file_system=storage.file_system,
vpc=network.vpc,
docker_recipes_stage_path=os.path.join(
os.path.dirname(os.path.realpath(__file__)), os.pardir, 'stage'),
ubl_certs_secret_arn=config.ubl_certificate_secret_arn,
ubl_licenses=config.ubl_licenses,
root_ca=security.root_ca,
dns_zone=network.dns_zone)
service = service_tier.ServiceTier(app,
'ServiceTier',
props=service_props,
env=env)
# ------------------------------
# Compute Tier
# ------------------------------
deadline_client_image = MachineImage.generic_linux(
config.deadline_client_linux_ami_map)
compute_props = compute_tier.ComputeTierProps(
vpc=network.vpc,
render_queue=service.render_queue,
worker_machine_image=deadline_client_image,
key_pair_name=config.key_pair_name,
usage_based_licensing=service.ubl_licensing,
licenses=config.ubl_licenses)
_compute = compute_tier.ComputeTier(app,
'ComputeTier',
props=compute_props,
env=env)
app.synth()
from os import environ
from aws_cdk.core import App, Environment
from smol_cdk.stack import SmolCdkStack
app = App()
SmolCdkStack(
app,
"SmolCdkStack",
env=Environment(
account=environ["CDK_ACCOUNT"], region=environ.get("CDK_REGION", "us-west-2")
),
)
app.synth()
from aws_cdk.core import Stack, Construct, Environment
from aws_cdk import aws_ecs, aws_ec2, aws_ecs_patterns
AWS_ENV = Environment(account='805580953652', region='us-west-2')
VPC_ID = 'vpc-5903d820'
class CdkStack(Stack):
def __init__(self, scope: Construct, id: str):
super().__init__(scope, id)
# The code that defines your stack goes here
vpc = aws_ec2.Vpc(self, 'vpc')
cluster = aws_ecs.Cluster(self, 'cluster', vpc=vpc)
# task_definition = aws_ecs.FargateTaskDefinition(self, 'NodeTask')
# log_driver = aws_ecs.LogDriver.aws_logs(stream_prefix="NodeAppContainerLog")
# container = task_definition.add_container('NodeApp',
# image=aws_ecs.ContainerImage.from_asset("nodejsapp"), logging=log_driver)
# port_mapping = aws_ecs.PortMapping(container_port=8080)
# container.add_port_mappings(port_mapping)
#
# aws_ecs.FargateService(self, 'service',
# cluster=cluster,
# task_definition=task_definition,
# desired_count=5)
aws_ecs_patterns.LoadBalancedFargateService(
self,
'NodeApp',
cluster=cluster,
desired_count=5,
#!/usr/bin/env python3
import os
from aws_cdk import core
from aws_cdk.core import Stack, Construct, Environment
from ops.infra_stack import InfraStack
from ops.fargate_stack import FargateStack, CdkPyCrossStackFargateStack
app = core.App()
ACCOUNT = app.node.try_get_context('account') or os.environ.get(
'CDK_DEFAULT_ACCOUNT', 'unknown')
REGION = app.node.try_get_context('region') or os.environ.get(
'CDK_DEFAULT_REGION', 'unknown')
AWS_ENV = Environment(region=REGION, account=ACCOUNT)
baseStack = InfraStack(app, "VpcStack", env=AWS_ENV)
vpcId = core.Fn.import_value("exportedId")
# fargateCluster = FargateStack(app, "FargateStack",
# vpcId=core.Token.as_list(core.Fn.import_value('ExportedVpcId'))[0],
# env=AWS_ENV
# )
secFargate = CdkPyCrossStackFargateStack(app,
"fargate-nginx",
vpc=baseStack.vpc,
env=AWS_ENV)
core.Tag.add(baseStack, 'Name', 'demo')
app.synth()
#!/usr/bin/env python3
#pylint: disable=invalid-name
from boto3 import session, client
import os
from aws_cdk.core import App, Environment
from tenant_management_cdk.service_stack.tenant_env_consts import get_stack_name
from tenant_management_cdk.service_stack.tenant_stack import TenantStack
region = session.Session().region_name
account = client('sts').get_caller_identity()['Account']
app = App()
tenants_stack = TenantStack(
app, get_stack_name(),
env=Environment(account=os.environ.get("AWS_DEFAULT_ACCOUNT", account), region=os.environ.get("AWS_DEFAULT_REGION", region)))
## When we run this file it will
## transform the code into a CFN template
app.synth()
def main():
# ------------------------------
# Validate Config Values
# ------------------------------
if not config.config.key_pair_name:
print(
'EC2 key pair name not specified. You will not have SSH access to the render farm.'
)
# ------------------------------
# Application
# ------------------------------
app = App()
if 'CDK_DEPLOY_ACCOUNT' not in os.environ and 'CDK_DEFAULT_ACCOUNT' not in os.environ:
raise ValueError(
'You must define either CDK_DEPLOY_ACCOUNT or CDK_DEFAULT_ACCOUNT in the environment.'
)
if 'CDK_DEPLOY_REGION' not in os.environ and 'CDK_DEFAULT_REGION' not in os.environ:
raise ValueError(
'You must define either CDK_DEPLOY_REGION or CDK_DEFAULT_REGION in the environment.'
)
env = Environment(
account=os.environ.get('CDK_DEPLOY_ACCOUNT',
os.environ.get('CDK_DEFAULT_ACCOUNT')),
region=os.environ.get('CDK_DEPLOY_REGION',
os.environ.get('CDK_DEFAULT_REGION')))
# ------------------------------
# Network Tier
# ------------------------------
network = network_tier.NetworkTier(app, 'NetworkTier', env=env)
# ------------------------------
# Security Tier
# ------------------------------
security = security_tier.SecurityTier(app, 'SecurityTier', env=env)
# ------------------------------
# Service Tier
# ------------------------------
service_props = service_tier.ServiceTierProps(
vpc=network.vpc,
availability_zones=config.config.availability_zones_standard,
root_ca=security.root_ca,
dns_zone=network.dns_zone,
deadline_version=config.config.deadline_version,
accept_aws_thinkbox_eula=config.config.accept_aws_thinkbox_eula)
service = service_tier.ServiceTier(app,
'ServiceTier',
props=service_props,
env=env)
# ------------------------------
# Compute Tier
# ------------------------------
deadline_client_image = MachineImage.generic_linux(
config.config.deadline_client_linux_ami_map)
compute_props = compute_tier.ComputeTierProps(
vpc=network.vpc,
availability_zones=config.config.availability_zones_local,
render_queue=service.render_queue,
worker_machine_image=deadline_client_image,
key_pair_name=config.config.key_pair_name,
)
_compute = compute_tier.ComputeTier(app,
'ComputeTier',
props=compute_props,
env=env)
app.synth()
def __init__(
self,
scope: Construct,
id: str,
context: "Context",
team_context: "TeamContext",
parameters: Dict[str, Any],
) -> None:
super().__init__(
scope=scope,
id=id,
stack_name=id,
env=Environment(account=context.account_id, region=context.region),
)
Tags.of(scope=cast(IConstruct, self)).add(
key="Env", value=f"orbit-{context.name}")
repo: codecommit.Repository = codecommit.Repository(
scope=self,
id="repo",
repository_name=f"orbit-{context.name}-{team_context.name}",
)
if team_context.eks_pod_role_arn is None:
raise ValueError("Pod Role arn required")
team_role = iam.Role.from_role_arn(
scope=self,
id="team-role",
role_arn=team_context.eks_pod_role_arn,
mutable=True,
)
team_role.attach_inline_policy(policy=iam.Policy(
scope=self,
id="codecommit",
policy_name="codecommit",
statements=[
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=[
"codecommit:CreateBranch",
"codecommit:DeleteCommentContent",
"codecommit:ListPullRequests",
"codecommit:UpdatePullRequestApprovalRuleContent",
"codecommit:PutFile",
"codecommit:GetPullRequestApprovalStates",
"codecommit:CreateCommit",
"codecommit:ListTagsForResource",
"codecommit:BatchDescribeMergeConflicts",
"codecommit:GetCommentsForComparedCommit",
"codecommit:DeletePullRequestApprovalRule",
"codecommit:GetCommentReactions",
"codecommit:GetComment",
"codecommit:UpdateComment",
"codecommit:MergePullRequestByThreeWay",
"codecommit:CreatePullRequest",
"codecommit:UpdatePullRequestApprovalState",
"codecommit:GetPullRequestOverrideState",
"codecommit:PostCommentForPullRequest",
"codecommit:GetRepositoryTriggers",
"codecommit:UpdatePullRequestDescription",
"codecommit:GetObjectIdentifier",
"codecommit:BatchGetPullRequests",
"codecommit:GetFile",
"codecommit:GetUploadArchiveStatus",
"codecommit:MergePullRequestBySquash",
"codecommit:GetDifferences",
"codecommit:GetRepository",
"codecommit:GetMergeConflicts",
"codecommit:GetMergeCommit",
"codecommit:PostCommentForComparedCommit",
"codecommit:GitPush",
"codecommit:GetMergeOptions",
"codecommit:AssociateApprovalRuleTemplateWithRepository",
"codecommit:PutCommentReaction",
"codecommit:GetTree",
"codecommit:BatchAssociateApprovalRuleTemplateWithRepositories",
"codecommit:GetReferences",
"codecommit:GetBlob",
"codecommit:DescribeMergeConflicts",
"codecommit:UpdatePullRequestTitle",
"codecommit:GetCommit",
"codecommit:OverridePullRequestApprovalRules",
"codecommit:GetCommitHistory",
"codecommit:GetCommitsFromMergeBase",
"codecommit:BatchGetCommits",
"codecommit:TestRepositoryTriggers",
"codecommit:DescribePullRequestEvents",
"codecommit:UpdatePullRequestStatus",
"codecommit:CreatePullRequestApprovalRule",
"codecommit:UpdateDefaultBranch",
"codecommit:GetPullRequest",
"codecommit:PutRepositoryTriggers",
"codecommit:UploadArchive",
"codecommit:ListAssociatedApprovalRuleTemplatesForRepository",
"codecommit:MergeBranchesBySquash",
"codecommit:ListBranches",
"codecommit:GitPull",
"codecommit:BatchGetRepositories",
"codecommit:GetCommentsForPullRequest",
"codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories",
"codecommit:CancelUploadArchive",
"codecommit:GetFolder",
"codecommit:PostCommentReply",
"codecommit:MergeBranchesByFastForward",
"codecommit:CreateUnreferencedMergeCommit",
"codecommit:EvaluatePullRequestApprovalRules",
"codecommit:MergeBranchesByThreeWay",
"codecommit:GetBranch",
"codecommit:DisassociateApprovalRuleTemplateFromRepository",
"codecommit:MergePullRequestByFastForward",
"codecommit:DeleteFile",
"codecommit:DeleteBranch",
],
resources=[repo.repository_arn],
),
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=[
"codecommit:ListRepositoriesForApprovalRuleTemplate",
"codecommit:CreateApprovalRuleTemplate",
"codecommit:UpdateApprovalRuleTemplateName",
"codecommit:GetApprovalRuleTemplate",
"codecommit:ListApprovalRuleTemplates",
"codecommit:DeleteApprovalRuleTemplate",
"codecommit:ListRepositories",
"codecommit:UpdateApprovalRuleTemplateContent",
"codecommit:UpdateApprovalRuleTemplateDescription",
],
resources=["*"],
),
],
))
# auto scale the, uh, autoscaling group
asg.scale_on_cpu_utilization("ScaleCPU", target_utilization_percent=80)
# emit some output values, largely for console use
CfnOutput(self,
"LB",
export_name="LB",
value=lb.load_balancer_dns_name)
CfnOutput(self,
"HTTP",
export_name="HTTP",
value="http://{}/".format(HOSTNAME))
CfnOutput(self,
"HTTPS",
export_name="HTTPS",
value="https://{}/".format(HOSTNAME))
CfnOutput(self,
"TCP",
export_name="TCP",
value="tcp://{}:{}/".format(HOSTNAME, NOT_WEB))
CfnOutput(self, "Cert", export_name="Cert", value=cert.certificate_arn)
env = Environment(account=os.environ["CDK_DEFAULT_ACCOUNT"],
region=os.environ["CDK_DEFAULT_REGION"])
app = App()
demo = DemoStack(app, NAME, env=env)
app.synth()
def __init__(self, scope: Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
source_artifact = codepipeline.Artifact()
cloud_assembly_artifact = codepipeline.Artifact()
github_token_secret_name = os.getenv('GITHUB_TOKEN', '')
pipeline = CdkPipeline(
self,
"Pipeline",
pipeline_name="MyAppPipeline",
cloud_assembly_artifact=cloud_assembly_artifact,
source_action=codepipeline_actions.GitHubSourceAction(
action_name="GitHub",
output=source_artifact,
oauth_token=SecretValue.secrets_manager(
github_token_secret_name),
trigger=codepipeline_actions.GitHubTrigger.POLL,
owner="srethira",
repo="cdk-pipeline-ecs",
branch="master"),
# Current limitation: generate CodeBuild reports within @aws-cdk/cdk-pipelines
# https://github.com/aws/aws-cdk/issues/10464
synth_action=SimpleSynthAction(
source_artifact=source_artifact,
cloud_assembly_artifact=cloud_assembly_artifact,
# enable privileged mode for docker-in-docker (for asset bundling)
environment=dict(privileged=True),
install_command="pipeline/bin/install.sh",
build_command="python -m unittest test/test_*",
synth_command="cdk synth",
copy_environment_variables=["GITHUB_TOKEN"]))
# Do this as many times as necessary with any account and region for testing
# Account and region may be different from the pipeline's.
test = ApplicationStage(self,
'Testing',
env=Environment(account="462864815626",
region="us-west-1"))
test_stage = pipeline.add_application_stage(test)
test_stage.add_actions(
ShellScriptAction(
action_name='validate',
commands=['curl -Ssf $ENDPOINT_URL/container'],
use_outputs=dict(ENDPOINT_URL=pipeline.stack_output(
test.load_balancer_address))))
test_stage.add_actions(
ShellScriptAction(action_name='integration',
commands=['python -m unittest test/test_*'],
additional_artifacts=[source_artifact]))
# Do this as many times as necessary with any account and region for prod
prod = ApplicationStage(self,
'Prod',
env=Environment(account="462864815626",
region="us-west-2"))
prod_stage = pipeline.add_application_stage(prod)
prod_stage.add_actions(
ShellScriptAction(
action_name='validate',
commands=['curl -Ssf $ENDPOINT_URL/container'],
use_outputs=dict(ENDPOINT_URL=pipeline.stack_output(
prod.load_balancer_address))))
prod_stage.add_actions(
ShellScriptAction(action_name='integration',
commands=['python -m unittest test/test_*'],
additional_artifacts=[source_artifact]))
def __init__(
self,
scope: Construct,
id: str,
context: "Context",
team_name: str,
team_policies: List[str],
image: Optional[str],
) -> None:
self.scope = scope
self.id = id
self.context: "Context" = context
self.team_name: str = team_name
self.team_policies: List[str] = team_policies
self.image: Optional[str] = image
super().__init__(
scope=scope,
id=id,
stack_name=id,
env=Environment(account=self.context.account_id,
region=self.context.region),
)
Tags.of(scope=cast(IConstruct, self)).add(
key="Env", value=f"orbit-{self.context.name}")
Tags.of(scope=cast(IConstruct, self)).add(key="TeamSpace",
value=self.team_name)
if self.context.networking.vpc_id is None:
raise ValueError("self.context.networking.vpc_id is None!")
self.i_vpc = ec2.Vpc.from_vpc_attributes(
scope=self,
id="vpc",
vpc_id=self.context.networking.vpc_id,
availability_zones=cast(
List[str], self.context.networking.availability_zones),
)
self.i_isolated_subnets = Ec2Builder.build_subnets(
scope=self, subnet_manifests=context.networking.isolated_subnets)
self.i_private_subnets = Ec2Builder.build_subnets(
scope=self, subnet_manifests=context.networking.private_subnets)
administrator_arns: List[str] = [
] # A place to add other admins if needed for KMS
admin_principals = iam.CompositePrincipal(
*[iam.ArnPrincipal(arn) for arn in administrator_arns],
iam.ArnPrincipal(f"arn:aws:iam::{self.context.account_id}:root"),
)
self.team_kms_key: kms.Key = kms.Key(
self,
id="kms-key",
removal_policy=core.RemovalPolicy.RETAIN,
enabled=True,
enable_key_rotation=True,
policy=iam.PolicyDocument(statements=[
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=["kms:*"],
resources=["*"],
principals=[cast(iam.IPrincipal, admin_principals)],
)
]),
)
self.team_security_group: ec2.SecurityGroup = Ec2Builder.build_team_security_group(
scope=self,
context=context,
team_name=self.team_name,
vpc=self.i_vpc)
self.policies: List[str] = self.team_policies
if self.context.scratch_bucket_arn:
self.scratch_bucket: s3.Bucket = cast(
s3.Bucket,
s3.Bucket.from_bucket_attributes(
scope=self,
id="scratch_bucket",
bucket_arn=self.context.scratch_bucket_arn,
bucket_name=self.context.scratch_bucket_arn.split(":::")
[1],
),
)
else:
raise Exception(
"Scratch bucket was not provided in Manifest ('ScratchBucketArn')"
)
self.role_eks_pod = IamBuilder.build_team_role(
scope=self,
context=self.context,
team_name=self.team_name,
policy_names=self.policies,
scratch_bucket=cast(s3.IBucket, self.scratch_bucket),
team_kms_key=self.team_kms_key,
)
shared_fs_name: str = f"orbit-{context.name}-{self.team_name}-shared-fs"
if context.shared_efs_fs_id is None:
raise Exception(
"Shared EFS File system ID was not provided in Manifest ('SharedEfsFsId')"
)
if context.shared_efs_sg_id is None:
raise Exception(
"Shared EFS File system security group ID was not provided in Manifest ('SharedEfsSgId')"
)
self.shared_fs: efs.FileSystem = cast(
efs.FileSystem,
efs.FileSystem.from_file_system_attributes(
scope=self,
id=shared_fs_name,
file_system_id=context.shared_efs_fs_id,
security_group=ec2.SecurityGroup.from_security_group_id(
scope=self,
id="team_sec_group",
security_group_id=context.shared_efs_sg_id),
),
)
self.efs_ap: efs.AccessPoint = EfsBuilder.build_file_system_access_point(
scope=self, team_name=team_name, shared_fs=self.shared_fs)
team_ssm_parameter_name: str = f"/orbit/{context.name}/teams/{self.team_name}/team"
self.context_parameter: ssm.StringParameter = ssm.StringParameter(
scope=self,
id=team_ssm_parameter_name,
string_value=json.dumps({
"EfsId":
self.shared_fs.file_system_id,
"EfsApId":
self.efs_ap.access_point_id,
"EksPodRoleArn":
self.role_eks_pod.role_arn,
"ScratchBucket":
self.scratch_bucket.bucket_name,
"TeamKmsKeyArn":
self.team_kms_key.key_arn,
"TeamSecurityGroupId":
self.team_security_group.security_group_id,
}),
type=ssm.ParameterType.STRING,
description="Orbit Workbench Team Context.",
parameter_name=team_ssm_parameter_name,
simple_name=False,
tier=ssm.ParameterTier.INTELLIGENT_TIERING,
)
ssm_profile_name = f"/orbit/{self.context.name}/teams/{self.team_name}/user/profiles"
self.user_profiles: ssm.StringParameter = ssm.StringParameter(
scope=self,
id=ssm_profile_name,
string_value="[]",
type=ssm.ParameterType.STRING,
description="Team additional profiles created by the team users",
parameter_name=ssm_profile_name,
simple_name=False,
tier=ssm.ParameterTier.INTELLIGENT_TIERING,
)
def __init__(self, scope: Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
repo = codecommit.Repository.from_repository_name(
self, "ImportedRepo", "cdk-pipeline-demo")
test_account = self.node.try_get_context("testAccount")
prod_account = self.node.try_get_context("prodAccount")
source_artifact = codepipeline.Artifact()
cloud_assembly_artifact = codepipeline.Artifact()
pipeline = CdkPipeline(
self,
"LambdaPipeline",
pipeline_name="MyLambdaPipeline",
cloud_assembly_artifact=cloud_assembly_artifact,
source_action=codepipeline_actions.CodeCommitSourceAction(
action_name="CodeCommit",
repository=repo,
output=source_artifact),
# Current limitation: generate CodeBuild reports within @aws-cdk/cdk-pipelines
# https://github.com/aws/aws-cdk/issues/10464
synth_action=SimpleSynthAction(
source_artifact=source_artifact,
cloud_assembly_artifact=cloud_assembly_artifact,
# enable privileged mode for docker-in-docker (for asset bundling)
environment=dict(privileged=True),
install_command="pipeline/bin/install.sh",
synth_command="cdk synth",
))
# Do this as many times as necessary with any account and region for testing
# Account and region may be different from the pipeline's.
test = ApplicationStage(self,
'Test',
env=Environment(
account=test_account["account"],
region=test_account["region"]))
test_stage = pipeline.add_application_stage(test)
test_stage.add_actions(
ShellScriptAction(
action_name='validate',
commands=[
'curl -X POST -H "Content-Type: application/json" -d "{\"option\":\"date\",\"period\":\"today\"}" $ENDPOINT_URL/'
],
use_outputs=dict(
ENDPOINT_URL=pipeline.stack_output(test.gateway_url))))
# Do this as many times as necessary with any account and region for prod
prod = ApplicationStage(self,
'Prod',
env=Environment(
account=prod_account["account"],
region=prod_account["region"]))
prod_stage = pipeline.add_application_stage(prod)
prod_stage.add_actions(
ShellScriptAction(
action_name='validate',
commands=[
'curl -X POST -H "Content-Type: application/json" -d "{\"option\":\"date\",\"period\":\"today\"}" $ENDPOINT_URL/container'
],
use_outputs=dict(
ENDPOINT_URL=pipeline.stack_output(prod.gateway_url))))
import os
from aws_cdk.core import Stack, Construct, Environment
from aws_cdk import aws_apigateway, aws_route53, aws_route53_targets, aws_certificatemanager, aws_ec2
# we need default values here since aws-cdk-examples build synthesizes the app
ACCOUNT=os.environ.get('AWS_ACCOUNT', '701571471198')
REGION=os.environ.get('AWS_REGION', 'ap-southeast-1')
VPC_ID = os.environ.get('AWS_VPC_ID', 'vpc-04f6bf98089c883b4')
ZONE_NAME = os.environ.get('AWS_ZONE_NAME', 'aws.job4u.io')
ZONE_ID = os.environ.get('AWS_ZONE_ID', 'Z18LLN6ULFZKNH')
ZONE_CERT = os.environ.get('AWS_ZONE_CERT', 'arn:aws:acm:ap-southeast-1:701571471198:certificate/12049ee9-d585-44b4-bd06-00190aa5cca7')
AWS_ENV = Environment(account=ACCOUNT, region=REGION)
class BaseStack(Stack):
"""
A base CDK stack class for all stacks defined in our fun little company.
"""
def __init__(self, scope: Construct, id: str, **kwargs):
super().__init__(scope, id, env=AWS_ENV, **kwargs)
# lookup our pre-created VPC by ID
self._vpc = aws_ec2.Vpc.from_lookup(self, "vpc", vpc_id=VPC_ID)
@property
def base_vpc(self) -> aws_ec2.IVpc:
"""
:return: The walters co. vpc
"""
return self._vpc
import json
from aws_cdk import (
core,
aws_codepipeline as codepipeline,
aws_codepipeline_actions as cpactions,
aws_codecommit as codecommit,
aws_iam as iam,
pipelines,
)
from aws_cdk.core import Environment, Stack, Construct, Stage
from aws_cdk.aws_codebuild import BuildEnvironment, ComputeType, LinuxBuildImage
from .s3_cloudfront_construct import S3StaticSiteConstruct
_env_non_prod = Environment(account="xxxxx", region="us-east-1")
_env_sandbox = core.Environment(account="xxxxx", region="us-east-1")
class ApplicationStage(Stage):
def __init__(self, scope: Construct, id: str, stage: str, env: Environment,
**kwargs):
super().__init__(scope, id, **kwargs)
stack = AppStack(self, id, stage, env=env)
self.sourceBucketName = stack.sourceBucketName
class AppStack(Stack):
def __init__(self, scope: Construct, construct_id: str, stage: str,
**kwargs) -> None:
#!/usr/bin/env python3 import os.path from aws_cdk.core import App, Stack, Environment from infra.exports import create_layers src_root_dir = os.path.join(os.path.dirname(__file__)) default_env = Environment(region="us-east-2") app = App() infra_stack = Stack(app, 'DroidAnlyz', env=default_env) create_layers(infra_stack) app.synth()
from kodexa_stacks.cluster import KodexaStack
app = core.App()
# Update this line to add your IAM username (ie. "kodexa") to
# the system administrators group for the cluster
iam_user = None
# This is the size of the initial node group for the cluster
default_capacity = 3
# If you want to use an existing VPC you can provide the VPC ID
# here (for example vpc-063ee4e387458dd5d).
# Note that if you are going to provide a VPC ID you will also have
# to provide the account (your AWS account ID) and the region
vpc_id = None # or example 'vpc-063ee4e387458dd5d'
account = None # or example '045323014440'
region = None # or example 'us-east-1'
# The instance type to use for the node group
default_instance_type = 't3a.large'
vpc_stack = KodexaStack(app,
"primary",
iam_user=iam_user,
default_capacity=default_capacity,
vpc_id=vpc_id,
default_instance_type=default_instance_type,
env=Environment(account=account, region=region))
app.synth()
#!/usr/bin/env python3
import os
from aws_cdk.core import Environment
from apps.platform import Platform
platform_account_env = Environment(
account=os.getenv("AWS_ACCOUNT_ID", "360064003702"),
region=os.getenv("AWS_DEFAULT_REGION", "eu-west-1"),
)
users_account_env = Environment(
account=os.getenv("AWS_BASTION_ACCOUNT_ID", platform_account_env.account),
region=os.getenv("AWS_DEFAULT_REGION", platform_account_env.region),
)
app = Platform(platform_account_env=platform_account_env, users_account_env=users_account_env)
app.synth()
