def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = ec2.Vpc.from_lookup(self, 'VPC', vpc_name="VPC")
security_group = ec2.SecurityGroup(self,
"Ghost-DB-SG",
vpc=vpc,
allow_all_outbound=True)
security_group.add_ingress_rule(ec2.Peer.any_ipv4(),
ec2.Port.tcp(3306))
rds.DatabaseInstance(self,
"RDS",
deletion_protection=False,
removal_policy=core.RemovalPolicy.DESTROY,
multi_az=False,
allocated_storage=20,
engine=rds.DatabaseInstanceEngine.MYSQL,
engine_version="8.0.16",
master_username="******",
database_name="ghost",
vpc=vpc,
vpc_placement=vpc.select_subnets(
subnet_type=ec2.SubnetType.PRIVATE),
instance_class=ec2.InstanceType.of(
ec2.InstanceClass.BURSTABLE3,
ec2.InstanceSize.MICRO),
security_groups=[security_group])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = ec2.Vpc(self,
'vpc1'
)
bucket_name = 'my-cdk-bucket'
s3.Bucket(self,
bucket_name,
bucket_name=bucket_name,
access_control=s3.BucketAccessControl.PUBLIC_READ_WRITE,
removal_policy=RemovalPolicy.DESTROY)
ec2.Volume(self, 'vol1', availability_zone='us-east-1a', size=core.Size.gibibytes(8))
sg = ec2.SecurityGroup(self,
'sg1',
vpc=vpc)
sg.add_ingress_rule(Peer.any_ipv4(), Port.tcp(22))
kms.Key(self, 'kms1')
rds.DatabaseInstance(self,
'rds1',
engine=rds.DatabaseInstanceEngine.postgres(version=PostgresEngineVersion.VER_12),
master_username='******',
vpc=vpc,
vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC))
def _setup_oracle(self) -> None:
port = 1521
database = "ORCL"
schema = "TEST"
oracle = rds.DatabaseInstance(
self,
"aws-data-wrangler-oracle-instance",
instance_identifier="oracle-instance-wrangler",
engine=rds.DatabaseInstanceEngine.oracle_ee(version=rds.OracleEngineVersion.VER_19_0_0_0_2021_04_R1),
instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.SMALL),
credentials=rds.Credentials.from_password(
username=self.db_username,
password=self.db_password_secret,
),
port=port,
vpc=self.vpc,
subnet_group=self.rds_subnet_group,
security_groups=[self.db_security_group],
publicly_accessible=True,
s3_import_role=self.rds_role,
s3_export_role=self.rds_role,
)
glue.Connection(
self,
"aws-data-wrangler-oracle-glue-connection",
description="Connect to Oracle.",
type=glue.ConnectionType.JDBC,
connection_name="aws-data-wrangler-oracle",
properties={
"JDBC_CONNECTION_URL": f"jdbc:oracle:thin://@{oracle.instance_endpoint.hostname}:{port}/{database}", # noqa: E501
"USERNAME": self.db_username,
"PASSWORD": self.db_password,
},
subnet=self.vpc.private_subnets[0],
security_groups=[self.db_security_group],
)
secrets.Secret(
self,
"aws-data-wrangler-oracle-secret",
secret_name="aws-data-wrangler/oracle",
description="Oracle credentials",
generate_secret_string=secrets.SecretStringGenerator(
generate_string_key="dummy",
secret_string_template=json.dumps(
{
"username": self.db_username,
"password": self.db_password,
"engine": "oracle",
"host": oracle.instance_endpoint.hostname,
"port": port,
"dbClusterIdentifier": oracle.instance_identifier,
"dbname": database,
}
),
),
)
CfnOutput(self, "OracleAddress", value=oracle.instance_endpoint.hostname)
CfnOutput(self, "OraclePort", value=str(port))
CfnOutput(self, "OracleDatabase", value=database)
CfnOutput(self, "OracleSchema", value=schema)
def __init__(self, scope: core.Construct, id: str, vpc, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
db = rds.DatabaseInstance(
self,
id="RDSPostgresDB",
engine=rds.DatabaseInstanceEngine.POSTGRES,
engine_version="11",
instance_class=ec2.InstanceType.of(
ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL),
master_username="******",
vpc=vpc,
vpc_placement=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.ISOLATED
),
multi_az=True,
allocated_storage=100,
storage_type=rds.StorageType.GP2,
cloudwatch_logs_exports=["audit", "error", "general", "slowquery"],
deletion_protection=False,
delete_automated_backups=False,
backup_retention=core.Duration.days(7),
parameter_group=rds.ParameterGroup.from_parameter_group_name(
self,
id="para-group-postgres",
parameter_group_name="postgres11"
)
)
# Rotate the master user password every 30 days
db.add_rotation_single_user()
# Add alarm for high CPU
cloudwatch.Alarm(
self,
id="HighCPU",
metric=db.metric_cpu_utilization(),
threshold=90,
evaluation_periods=1
)
# Trigger Lambda function on instance availability events
fn = _lambda.Function(self,
id="PostgresAvailibilityFunction",
code=_lambda.Code.from_inline("exports.handler = (event) => console.log(event);"),
handler="index.handler",
runtime=_lambda.Runtime.NODEJS_10_X
)
availability_rule = db.on_event(
"Availability",
target=targets.LambdaFunction(fn))
availability_rule.add_event_pattern(
detail={
"EventCategories": [
"availability"
]
}
)
def _setup_sqlserver(self) -> None:
port = 1433
database = "test"
schema = "dbo"
sqlserver = rds.DatabaseInstance(
self,
"aws-data-wrangler-sqlserver-instance",
instance_identifier="sqlserver-instance-wrangler",
engine=rds.DatabaseInstanceEngine.sql_server_ex(version=rds.SqlServerEngineVersion.VER_15),
instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.SMALL),
credentials=rds.Credentials.from_password(
username=self.db_username,
password=self.db_password_secret,
),
port=port,
vpc=self.vpc,
subnet_group=self.rds_subnet_group,
security_groups=[self.db_security_group],
publicly_accessible=True,
s3_import_role=self.rds_role,
s3_export_role=self.rds_role,
)
glue.Connection(
self,
"aws-data-wrangler-sqlserver-glue-connection",
description="Connect to SQL Server.",
type=glue.ConnectionType.JDBC,
connection_name="aws-data-wrangler-sqlserver",
properties={
"JDBC_CONNECTION_URL": f"jdbc:sqlserver://{sqlserver.instance_endpoint.hostname}:{port};databaseName={database}", # noqa: E501
"USERNAME": self.db_username,
"PASSWORD": self.db_password,
},
subnet=self.vpc.private_subnets[0],
security_groups=[self.db_security_group],
)
secrets.Secret(
self,
"aws-data-wrangler-sqlserver-secret",
secret_name="aws-data-wrangler/sqlserver",
description="SQL Server credentials",
generate_secret_string=secrets.SecretStringGenerator(
generate_string_key="dummy",
secret_string_template=json.dumps(
{
"username": self.db_username,
"password": self.db_password,
"engine": "sqlserver",
"host": sqlserver.instance_endpoint.hostname,
"port": port,
"dbClusterIdentifier": sqlserver.instance_identifier,
"dbname": database,
}
),
),
)
CfnOutput(self, "SqlServerAddress", value=sqlserver.instance_endpoint.hostname)
CfnOutput(self, "SqlServerPort", value=str(port))
CfnOutput(self, "SqlServerDatabase", value=database)
CfnOutput(self, "SqlServerSchema", value=schema)
def _create_backend_store(self):
"""
Create a RDS as a backend store for MLflow server
"""
# Creates a security group for AWS RDS
self.sg_rds = ec2.SecurityGroup(scope=self, id="SGRDS", vpc=self.vpc, security_group_name="sg_rds")
# Adds an ingress rule which allows resources in the VPC's CIDR to access the database.
self.sg_rds.add_ingress_rule(peer=ec2.Peer.ipv4("10.0.0.0/24"), connection=ec2.Port.tcp(self.port))
backend_store_id = f"{self.stack_name}-{self.component_id}-backend-store"
self.database = rds.DatabaseInstance(
scope=self,
id=backend_store_id,
database_name=self.dbname,
port=self.port,
credentials=rds.Credentials.from_username(
username=self.username, password=self.db_password_secret.secret_value
),
engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_19),
instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL),
vpc=self.vpc,
security_groups=[self.sg_rds],
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_ISOLATED),
# multi_az=True,
removal_policy=RemovalPolicy.DESTROY,
deletion_protection=False,
)
def __init__(self, scope: Construct, id: str, props, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Creates a security group for AWS RDS
sg_rds = ec2.SecurityGroup(self,
id="sg_rds",
vpc=props['vpc'],
security_group_name="sg_rds")
# Adds an ingress rule which allows resources in the VPC's CIDR
# to access the database.
sg_rds.add_ingress_rule(peer=ec2.Peer.ipv4("10.0.0.0/16"),
connection=ec2.Port.tcp(3306))
# Master username is 'admin' and database password is automatically
# generated and stored in AWS Secrets Manager
my_sql = rds.DatabaseInstance(
self,
"RDS",
engine=rds.DatabaseInstanceEngine.mysql(
version=rds.MysqlEngineVersion.VER_8_0_16),
vpc=props['vpc'],
port=3306,
instance_type=ec2.InstanceType.of(
ec2.InstanceClass.MEMORY4,
ec2.InstanceSize.LARGE,
),
removal_policy=RemovalPolicy.DESTROY,
security_groups=[sg_rds])
def create_rds_instance(
scope: core.Construct,
stack_name: str,
vpc: IVpc,
config: StackConfig,
ecs_cluster: ecs.Cluster,
):
database = rds.DatabaseInstance(
scope,
f'{stack_name}-rds',
vpc=vpc,
engine=rds.DatabaseInstanceEngine.postgres(
version=rds.PostgresEngineVersion.VER_11),
port=5432,
credentials=rds.Credentials.from_username(config.database_username),
instance_identifier=stack_name,
instance_type=ec2.InstanceType(config.database_size),
database_name=config.database_name,
allocated_storage=config.database_allocated_storage,
multi_az=False,
allow_major_version_upgrade=False,
delete_automated_backups=True,
deletion_protection=False,
auto_minor_version_upgrade=False,
backup_retention=core.Duration.days(5),
enable_performance_insights=True,
storage_encrypted=config.database_encrypted,
vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
)
core.CfnOutput(scope=scope,
id='rdsAddress',
value=database.db_instance_endpoint_address)
return database
def __init__(self, scope: cdk.Construct, id: str, vpc, asg_security_groups,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
""" Create an RDS Database: """
konstone_db = _rds.DatabaseInstance(
self,
"konstoneRDS",
database_name="konstone_db",
engine=_rds.DatabaseInstanceEngine.MYSQL,
vpc=vpc,
port=3306,
allocated_storage=30,
multi_az=False,
cloudwatch_logs_exports=["audit", "error", "general", "slowquery"],
instance_type=_ec2.InstanceType.of(_ec2.InstanceClass.BURSTABLE2,
_ec2.InstanceSize.MICRO),
removal_policy=cdk.RemovalPolicy.DESTROY,
deletion_protection=False,
delete_automated_backups=True,
backup_retention=cdk.Duration.days(7))
# Get ASG security groups:
for sg in asg_security_groups:
konstone_db.connections.allow_default_port_from(
sg, "Allow EC2 ASG access to RDS MySQL")
# Output for DB Endpoint:
output_1 = cdk.CfnOutput(
self,
"DatabaseConnectionCommand",
value=
f"mysql - h {konstone_db.db_instance_endpoint_address} -p 3306 -u mystiquemas",
description="Connect to the database using this command")
def __init__(self, scope: core.Construct, id: str, vpc,
asg_security_groups, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
#Creating Database
db_mysql_easy = rds.DatabaseInstance(
self,
"webapp-db",
engine=rds.DatabaseInstanceEngine.MYSQL,
instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2,
ec2.InstanceSize.SMALL),
vpc=vpc,
multi_az=False,
allocated_storage=100,
storage_type=rds.StorageType.GP2,
cloudwatch_logs_exports=["error", "general", "slowquery"],
deletion_protection=False,
delete_automated_backups=True,
backup_retention=core.Duration.days(7),
parameter_group=rds.ParameterGroup.from_parameter_group_name(
self,
"para-group-mysql",
parameter_group_name="default.mysql5.7"))
for asg_sg in asg_security_groups:
db_mysql_easy.connections.allow_default_port_from(
asg_sg, "EC2 Autoscaling Group access MySQL")
def __init__(self, scope: core.Construct, id: str, vpc, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
db_mysql = rds.DatabaseInstance(
self,
"MySQL",
engine=rds.DatabaseInstanceEngine.mysql(
version=rds.MysqlEngineVersion.VER_5_0_30),
instance_type=ec2.InstanceType("m5.4xlarge"),
vpc=vpc,
multi_az=False,
publicly_accessible=True,
allocated_storage=100,
storage_type=rds.StorageType.GP2,
cloudwatch_logs_exports=["audit", "error", "general", "slowquery"],
deletion_protection=False,
delete_automated_backups=False,
backup_retention=core.Duration.days(7),
parameter_group=rds.ParameterGroup.from_parameter_group_name(
self,
"para-group-mysql",
parameter_group_name="default.mysql5.7"))
db_mysql.connections.allow_default_port_from(ec2.Peer.ipv4(c9_ip),
"Cloud9 MySQL Access")
core.CfnOutput(self,
"RDSInstanceId",
value=db_mysql.instance_identifier)
def __init__(self, scope: core.Construct, id: str, vpc: IVpc,
subnet_ids: list, adfs: ldap.CfnMicrosoftAD,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
sql2ad_role = iam.Role(
self,
'RDSDirectoryServicesRole',
assumed_by=iam.ServicePrincipal("rds.amazonaws.com"),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
"service-role/AmazonRDSDirectoryServiceAccess")
])
rds.DatabaseInstance(
self,
'WebDatabase',
engine=rds.DatabaseInstanceEngine.sql_server_web(
version=rds.SqlServerEngineVersion.VER_15),
storage_encrypted=True,
instance_type=ec2.InstanceType.of(ec2.InstanceClass.STANDARD5,
ec2.InstanceSize.LARGE),
auto_minor_version_upgrade=True,
vpc=vpc,
credentials=rds.Credentials.from_username(
username='******'), # passwd = admin
enable_performance_insights=True,
multi_az=False,
domain=adfs.ref,
domain_role=sql2ad_role)
def _create_rds(self):
"""
Create RDS for training.
"""
subnet_group = rds.SubnetGroup(
self,
"RdsSubnetGroup",
description="for RDS",
vpc=self.vpc,
removal_policy=RemovalPolicy.DESTROY,
subnet_group_name=f"{self.name_prefix}-sg-rds",
vpc_subnets=self.subnet_selection)
self.rds = rds.DatabaseInstance(
self,
f"{self.name_prefix}-database",
engine=rds.DatabaseInstanceEngine.mysql(
version=rds.MysqlEngineVersion.VER_8_0_16),
vpc=self.vpc,
port=3306,
instance_type=ec2.InstanceType.of(ec2.InstanceClass["MEMORY4"],
ec2.InstanceSize["LARGE"]),
removal_policy=RemovalPolicy.DESTROY,
deletion_protection=False,
security_groups=[self.security_group],
subnet_group=subnet_group)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = ec2.Vpc(self, 'VPC', nat_gateways=1)
db_security_group = ec2.SecurityGroup(
self, 'SecurityGroup', vpc=vpc, allow_all_outbound=False
)
db_security_group.add_ingress_rule(
ec2.Peer.ipv4(vpc.vpc_cidr_block),
ec2.Port.tcp(self.DB_PORT),
description='Allow inbound traffic from within VPC',
)
rds.DatabaseInstance(
self,
'RDS',
database_name='{{cookiecutter.project_slug}}',
master_username='******',
master_user_password=core.SecretValue.ssm_secure(self.DB_PASSWORD_PARAM_NAME, '1'),
engine=rds.DatabaseInstanceEngine.POSTGRES,
engine_version='11.6',
vpc=vpc,
port=self.DB_PORT,
instance_class=ec2.InstanceType.of(
ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO,
),
allocated_storage=20,
removal_policy=core.RemovalPolicy.DESTROY,
deletion_protection=False,
security_groups=[db_security_group],
)
def __init__(self, scope: core.Construct, construct_id: str, vpc, asg_secg,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
#RDS db
rds_db = aws_rds.DatabaseInstance(
self,
"rdsDB",
database_name="testdb",
engine=aws_rds.DatabaseInstanceEngine.MYSQL,
vpc=vpc,
port=3306,
allocated_storage=20,
multi_az=False,
cloudwatch_logs_exports=["error", "general", "slowquery"],
instance_type=aws_ec2.InstanceType.of(
aws_ec2.InstanceClass.BURSTABLE2, aws_ec2.InstanceSize.MICRO),
removal_policy=core.RemovalPolicy.DESTROY,
deletion_protection=False,
delete_automated_backups=True,
backup_retention=core.Duration.days(2))
for scg in asg_secg:
rds_db.connections.allow_default_port_from(scg,
"EC2 access to RDS")
#rds output
outpur_rdsdb = core.CfnOutput(
self,
"rdsDBoutput",
value=
f"mysql -h {rds_db.db_instance_endpoint_address} -P 3306 -u admin -p",
description="Connect to rds via EC2")
def __init__(self, scope: core.Construct, id: str, props, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Creates a security group for AWS RDS
sg_rds = ec2.SecurityGroup(
self,
id="sg_rds",
vpc=props['vpc'],
security_group_name="sg_rds"
)
# Adds an ingress rule which allows resources in the VPC's CIDR
# to access the database.
sg_rds.add_ingress_rule(
peer=ec2.Peer.ipv4("10.0.0.0/16"),
connection=ec2.Port.tcp(3306)
)
# Master data base word is automatically generated and
# stored in "AWS Secrets Manager"
my_sql = rds.DatabaseInstance(
self, "RDS",
master_username="******",
engine_version="8.0.16",
engine=rds.DatabaseInstanceEngine.MYSQL,
vpc=props['vpc'],
port=3306,
instance_class=ec2.InstanceType.of(
ec2.InstanceClass.MEMORY4,
ec2.InstanceSize.LARGE,
),
removal_policy=core.RemovalPolicy.DESTROY,
security_groups=[sg_rds]
)
def __init__(self, scope: core.Construct, id: str, vpc, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
db_mysql8 = rds.DatabaseInstance(
self,
"MySQL8",
engine=rds.DatabaseInstanceEngine.mysql(
version=rds.MysqlEngineVersion.VER_8_0_21),
instance_type=ec2.InstanceType("m5.4xlarge"),
vpc=vpc,
multi_az=False,
publicly_accessible=True,
allocated_storage=100,
storage_type=rds.StorageType.GP2,
cloudwatch_logs_exports=["error", "general", "slowquery"],
deletion_protection=False,
enable_performance_insights=True,
delete_automated_backups=True,
backup_retention=core.Duration.days(0),
vpc_subnets={"subnet_type": ec2.SubnetType.PUBLIC},
parameter_group=rds.ParameterGroup.from_parameter_group_name(
self,
"para-group-mysql",
parameter_group_name="default.mysql8.0"))
db_mysql8.connections.allow_default_port_from(ec2.Peer.ipv4(c9_ip),
"Cloud9 MySQL Access")
core.CfnOutput(self,
"MySQL8RDSInstanceId",
value=db_mysql8.instance_identifier)
core.CfnOutput(self,
"MySQL8SecretArn",
value=db_mysql8.secret.secret_arn)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = ec2.Vpc.from_lookup(self, 'VPC', vpc_name="EnvironmentStack/VPC")
security_group = ec2.SecurityGroup(
self, "Ghost-DB-SG",
vpc=vpc,
allow_all_outbound=True
)
security_group.add_ingress_rule(
ec2.Peer.any_ipv4(),
ec2.Port.tcp(3306)
)
rds.DatabaseInstance(
self, "RDS",
deletion_protection=False,
removal_policy=core.RemovalPolicy.DESTROY,
multi_az=False,
allocated_storage=20,
engine=rds.DatabaseInstanceEngine.mysql(
version=rds.MysqlEngineVersion.VER_8_0_17
),
master_username="******",
database_name="ghost",
vpc=vpc,
instance_type=ec2.InstanceType.of(
ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MICRO),
security_groups=[security_group]
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Creates VPC
vpc = ec2.Vpc(self, id)
# Creates RDS Database
instance = rds.DatabaseInstance(
self, "RDS",
database_name="covid",
engine=rds.DatabaseInstanceEngine.mysql(
version=rds.MysqlEngineVersion.VER_8_0_21
),
vpc=vpc,
port=3306,
instance_type=ec2.InstanceType.of(
ec2.InstanceClass.BURSTABLE2,
ec2.InstanceSize.MICRO,
),
removal_policy=core.RemovalPolicy.DESTROY,
deletion_protection=False,
vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
)
# Add inbound rule to RDS SG
instance.connections.allow_from_any_ipv4(ec2.Port.tcp(3306), "Open to the world")
# Defines Lambda layers
python_etl_layer = _lambda.LayerVersion(
self, "python-etl",
code=_lambda.AssetCode('C:\Code\ACG Challenge – AWS ETL\python.zip'))
# Defines an AWS Lambda resource
my_lambda = _lambda.Function(
self, 'etlhandler',
runtime=_lambda.Runtime.PYTHON_3_7,
code=_lambda.Code.asset('lambda'),
handler='etl.extract_csv1',
layers=[python_etl_layer],
timeout=core.Duration.seconds(30),
memory_size=(256)
)
# Add Lambda Environment Variables
my_lambda.add_environment("RDS_INSTANCE", instance.instance_endpoint.hostname)
my_lambda.add_environment("SECRET_NAME", instance.secret.secret_full_arn)
# Grant permission to lambda to access RDS Secret
instance.secret.grant_read(my_lambda)
# Create a Cloudwatch Event rule
four_hour_rule = aws_events.Rule(
self, "four_hour_rule",
schedule=aws_events.Schedule.rate(core.Duration.minutes(240)),
)
# Add target to Cloudwatch Event
four_hour_rule.add_target(aws_events_targets.LambdaFunction(my_lambda))
def __init__(self, scope: core.Construct, **kwargs) -> None:
self.deploy_env = active_environment
super().__init__(scope, id=f"{self.deploy_env.value}-common-stack", **kwargs)
self.custom_vpc = ec2.Vpc(self, f"vpc-{self.deploy_env.value}")
self.orders_rds_sg = ec2.SecurityGroup(
self,
f"orders-{self.deploy_env.value}-sg",
vpc=self.custom_vpc,
allow_all_outbound=True,
security_group_name=f"orders-{self.deploy_env.value}-sg",
)
self.orders_rds_sg.add_ingress_rule(
peer=ec2.Peer.ipv4("0.0.0.0/0"), connection=ec2.Port.tcp(5432)
)
for subnet in self.custom_vpc.private_subnets:
self.orders_rds_sg.add_ingress_rule(
peer=ec2.Peer.ipv4(subnet.ipv4_cidr_block), connection=ec2.Port.tcp(5432)
)
self.orders_rds_parameter_group = rds.ParameterGroup(
self,
f"orders-{self.deploy_env.value}-rds-parameter-group",
description="Parameter group to allow CDC from RDS using DMS.",
engine=rds.DatabaseInstanceEngine.postgres(
version=rds.PostgresEngineVersion.VER_12_4
),
parameters={"rds.logical_replication": "1", "wal_sender_timeout": "0"},
)
self.orders_rds = rds.DatabaseInstance(
self,
f"orders-{self.deploy_env.value}-rds",
engine=rds.DatabaseInstanceEngine.postgres(
version=rds.PostgresEngineVersion.VER_12_4
),
database_name="orders",
instance_type=ec2.InstanceType("t3.micro"),
vpc=self.custom_vpc,
instance_identifier=f"rds-{self.deploy_env.value}-orders-db",
port=5432,
vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
subnet_group=rds.SubnetGroup(
self,
f"rds-{self.deploy_env.value}-subnet",
description="place RDS on public subnet",
vpc=self.custom_vpc,
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
),
parameter_group=self.orders_rds_parameter_group,
security_groups=[self.orders_rds_sg],
removal_policy=core.RemovalPolicy.DESTROY,
**kwargs,
)
def __init__(self, scope: core.Construct, id: str, vpc: ec2.Vpc,
security_group: ec2.SecurityGroup, config: dict,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
vdb_rds_params = rds.ParameterGroup(self,
id='rds-pg-vdb-cdk',
family='postgres11',
parameters={
'autovacuum': '1',
'autovacuum_work_mem': '-1',
'autovacuum_max_workers': '3',
'huge_pages': 'on',
'log_min_duration_statement':
'1000',
'track_counts': '1',
'maintenance_work_mem':
'524288',
'shared_buffers': '262144',
'seq_page_cost': '1',
'random_page_cost': '2',
'min_wal_size': '512',
'max_wal_size': '4096',
'wal_compression': '1',
'work_mem': '262144',
'temp_file_limit': '10485760',
'effective_cache_size':
'786432'
})
self.vdb_rds = rds.DatabaseInstance(
self,
id='VdbCdk',
database_name=config['DATABASE_NAME'],
instance_identifier='vdb-prod-cdk',
master_username=config['DATABASE_USER'],
master_user_password=core.SecretValue(
value=config['DATABASE_PASSWORD']),
port=5432,
engine=rds.DatabaseInstanceEngine.POSTGRES,
engine_version='11.6',
instance_class=ec2.InstanceType('t3.large'),
allocated_storage=100,
storage_encrypted=False,
multi_az=False,
storage_type=rds.StorageType.GP2,
allow_major_version_upgrade=False,
auto_minor_version_upgrade=False,
preferred_maintenance_window='sun:02:00-sun:04:00',
copy_tags_to_snapshot=True,
backup_retention=core.Duration.days(7),
preferred_backup_window='04:00-06:00',
parameter_group=vdb_rds_params,
vpc=vpc,
security_groups=[security_group])
def __init__(self, scope: core.Construct, id: str, *, app_env: str,
vpc: ec2.Vpc, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
security_group_params = {
'security_group_name': f'rds-{app_env}-test-security-group',
'description': f'security group for rds test({app_env})',
'vpc': vpc,
}
security_group = ec2.SecurityGroup(self, 'security-group',
**security_group_params)
security_group.add_ingress_rule(
peer=ec2.Peer.ipv4("54.125.156.2/32"),
connection=ec2.Port(
string_representation='random office',
protocol=ec2.Protocol.TCP,
from_port=5432,
to_port=5432,
))
password = Param.value_for_string_parameter(
self, f'/{app_env}/test/DATABASE_PASSWORD')
rds_params = {
'engine':
rds.DatabaseInstanceEngine.POSTGRES,
'database_name':
Param.value_for_string_parameter(self,
f'/{app_env}/test/DATABASE_NAME'),
'master_username':
Param.value_for_string_parameter(self,
f'/{app_env}/test/DATABASE_USER'),
'master_user_password':
core.SecretValue.plain_text(password),
'instance_class':
ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3,
ec2.InstanceSize.MICRO),
'instance_identifier':
f'{app_env}-test',
'backup_retention':
core.Duration.days(7),
'delete_automated_backups':
True,
'security_groups': [security_group],
'storage_type':
rds.StorageType.GP2,
'allocated_storage':
20,
'engine_version':
'11.5',
'vpc':
vpc,
}
self._rds = rds.DatabaseInstance(self, 'rds', **rds_params)
def __init__(self, app: core.App, id: str, **kwargs) -> None:
super().__init__(app, id, **kwargs)
self.platform_resources = ImportedResources(self, self.stack_name)
self.rds_security_group = aws_ec2.SecurityGroup(
self,
"rds-security-group",
vpc=self.platform_resources.vpc,
allow_all_outbound=True)
self.rds_security_group.add_ingress_rule(
peer=aws_ec2.Peer.ipv4(self.platform_resources.vpc.vpc_cidr_block),
connection=aws_ec2.Port.tcp(3306))
my_secret = aws_secretsmanager.Secret.from_secret_name(
self, "DBSecret", "support/octicketing/rds")
self.rds = aws_rds.DatabaseInstance(
self,
"support-rds",
database_name="support_db",
instance_identifier='support-db',
credentials=aws_rds.Credentials.from_secret(my_secret),
engine=aws_rds.DatabaseInstanceEngine.mysql(
version=aws_rds.MysqlEngineVersion.VER_5_6),
vpc=self.platform_resources.vpc,
port=3306,
instance_type=aws_ec2.InstanceType.of(
aws_ec2.InstanceClass.BURSTABLE3,
aws_ec2.InstanceSize.MICRO,
),
removal_policy=core.RemovalPolicy.DESTROY,
security_groups=[self.rds_security_group],
deletion_protection=False)
self.db_auth_policy_stmt = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["rds-db:connect"],
resources=[self.rds.instance_arn])
policy_doc = aws_iam.PolicyDocument()
policy_doc.add_statements(self.db_auth_policy_stmt)
self.db_auth_policy = aws_iam.Policy(
self,
'db-auth-policy',
policy_name='RdsDbAuthPolicy',
statements=[self.db_auth_policy_stmt])
self.db_auth_role = aws_iam.Role(
self,
"db-auth-role",
role_name='RdsDbAuthRole',
assumed_by=aws_iam.ServicePrincipal('ec2.amazonaws.com'))
self.db_auth_role.add_to_policy(self.db_auth_policy_stmt)
def __init__(self, scope: core.Construct, environment: Environment, **kwargs) -> None:
self.env = environment.value
super().__init__(scope, id=f'{self.env}-common', **kwargs)
self.custom_vpc = ec2.Vpc(
self,
f'vpc-{self.env}'
)
self.orders_rds_sg = ec2.SecurityGroup(
self,
f'orders-{self.env}-sg',
vpc=self.custom_vpc,
allow_all_outbound=True,
security_group_name=f'orders-{self.env}-sg',
)
self.orders_rds_sg.add_ingress_rule(
peer=ec2.Peer.ipv4('37.156.75.55/32'),
connection=ec2.Port.tcp(5432)
)
for subnet in self.custom_vpc.private_subnets:
self.orders_rds_sg.add_ingress_rule(
peer=ec2.Peer.ipv4(subnet.ipv4_cidr_block),
connection=ec2.Port.tcp(5432)
)
self.orders_rds = rds.DatabaseInstance(
self,
f'orders-{self.env}-rds',
engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_11_2),
database_name='orders',
instance_type=ec2.InstanceType('t3.micro'),
vpc=self.custom_vpc,
instance_identifier=f'rds-{self.env}-orders-db',
port=5432,
vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
subnet_group=rds.SubnetGroup(
self,
f'rds-{self.env}-subnet',
description='place RDS on public subnet',
vpc=self.custom_vpc,
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC)
),
security_groups=[
self.orders_rds_sg
],
removal_policy=core.RemovalPolicy.DESTROY,
**kwargs
)
def build(cls, *, stack):
vpc_db_instance = cls()
vpc_db_instance.vpc = ec2.Vpc(stack, "vpc",
cidr="10.0.0.0/24"
)
master_user_name = "exampleadmin"
vpc_db_instance.db_security_group = ec2.SecurityGroup(stack, "dbsecuritygroup",
security_group_name="DBSG",
vpc=vpc_db_instance.vpc,
allow_all_outbound=True
)
vpc_db_instance.db_instance = rds.DatabaseInstance(stack,
'exampleinstance',
master_username=master_user_name,
engine=rds.DatabaseInstanceEngine.POSTGRES,
instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL),
vpc=vpc_db_instance.vpc,
auto_minor_version_upgrade=True,
database_name='exampledb',
storage_encrypted=True,
multi_az=False,
security_groups=[vpc_db_instance.db_security_group]
)
# create bastion host in public subnet with no KeyPairName (use ec2-instance-connect)
vpc_db_instance.bastion_host_security_group = ec2.SecurityGroup(stack, "bastionhostsecuritygroup",
security_group_name="bastionhostsecuritygroup",
vpc=vpc_db_instance.vpc,
allow_all_outbound=True
)
vpc_db_instance.bastion_host_linux = ec2.BastionHostLinux(stack, "bastionhostSG",
vpc=vpc_db_instance.vpc,
instance_name="bastionhost",
instance_type=ec2.InstanceType("t2.micro"),
subnet_selection={
"subnet_type": ec2.SubnetType.PUBLIC
},
security_group=vpc_db_instance.bastion_host_security_group
)
vpc_db_instance.db_security_group.add_ingress_rule(vpc_db_instance.bastion_host_security_group, ec2.Port.tcp(5432), 'bastion host')
return vpc_db_instance
def __init__(self, scope: core.Construct, id: str, vpc,
asg_security_groups, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Ceate Aurora Cluster with 2 instances with CDK High Level API
# Secrets Manager auto generate and keep the password, don't put password in cdk code directly
# db_Aurora_cluster = rds.DatabaseCluster(self, "MyAurora",
# default_database_name="MyAurora",
# engine=rds.DatabaseClusterEngine.arora_mysql(
# version=rds.AuroraMysqlEngineVersion.VER_5_7_12
# )
# master_user=rds.Login(username="******"),
# instance_props=rds.InstanceProps(
# vpc=vpc,
# vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.ISOLATED),
# instance_type=ec2.InstanceType(instance_type_identifier="t2.small")
# ),
# instances=2,
# parameter_group=rds.ClusterParameterGroup.from_parameter_group_name(
# self, "para-group-aurora",
# parameter_group_name="default.aurora-mysql5.7"
# ),
# )
# for asg_sg in asg_security_groups:
# db_Aurora_cluster.connections.allow_default_port_from(asg_sg, "EC2 Autoscaling Group access Aurora")
# Alternatively, create MySQL RDS with CDK High Level API
db_mysql_easy = rds.DatabaseInstance(
self,
"MySQL_DB_easy",
engine=rds.DatabaseInstanceEngine.mysql(
version=rds.MysqlEngineVersion.VER_5_7_30),
instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2,
ec2.InstanceSize.SMALL),
master_username="******",
vpc=vpc,
multi_az=True,
allocated_storage=100,
storage_type=rds.StorageType.GP2,
cloudwatch_logs_exports=["audit", "error", "general", "slowquery"],
deletion_protection=False,
delete_automated_backups=False,
backup_retention=core.Duration.days(7),
parameter_group=rds.ParameterGroup.from_parameter_group_name(
self,
"para-group-mysql",
parameter_group_name="default.mysql5.7"))
for asg_sg in asg_security_groups:
db_mysql_easy.connections.allow_default_port_from(
asg_sg, "EC2 Autoscaling Group access MySQL")
def _define_database(self):
"""
Defines the databases.
"""
version = rds.PostgresEngineVersion.VER_12_4
engine = rds.DatabaseInstanceEngine.postgres(version=version)
cluster = rds.DatabaseInstance(
self,
'postgresql_database',
engine=engine,
allocated_storage=20, # 20 GB
max_allocated_storage=100, # 100 GB
vpc=self.network.vpc,
multi_az=True)
return cluster
def create_rds(self):
my_rds = rds.DatabaseInstance(
self,
guid('RDS-'),
master_username="******",
master_user_password=core.SecretValue.plain_text("password"),
database_name="db1",
engine=rds.DatabaseInstanceEngine.MYSQL,
vpc=self.vpc,
port=3306,
instance_type=self.DEFAULT_EC2_TYPE,
removal_policy=core.RemovalPolicy.DESTROY,
deletion_protection=False,
multi_az=True,
max_allocated_storage=1000)
return my_rds
def __init__(self, scope: cdk.Construct, construct_id: str, vpc: ec2.IVpc,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
self.instance = rds.DatabaseInstance(
self,
construct_id,
engine=rds.DatabaseInstanceEngine.mysql(
version=rds.MysqlEngineVersion.VER_8_0),
vpc=vpc,
database_name="metastore",
removal_policy=cdk.RemovalPolicy.DESTROY,
deletion_protection=False)
self.instance.connections.allow_from_any_ipv4(
ec2.Port.tcp(3306), "Allow mysql from anywhere")
def __init__(self, scope: core.Construct, id: str, vpc: VpcStack,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
self.db_name = "airflow"
self.rds_secret = sm.Secret(
self,
"airflow-rds",
secret_name="airflow-rds-credentials",
description="Credentials for RDS PostgreSQL.",
generate_secret_string=sm.SecretStringGenerator(
secret_string_template='{"username": "******"}',
generate_string_key="password",
password_length=16,
exclude_characters='"@\\\/',
exclude_punctuation=True,
),
)
credentials = rds.Credentials.from_secret(self.rds_secret)
postgres = rds.DatabaseInstance(
self,
"RDS",
credentials=credentials,
instance_identifier="airflow-cdk",
database_name=self.db_name,
engine=rds.DatabaseInstanceEngine.postgres(
version=rds.PostgresEngineVersion.VER_9_6_18),
vpc=vpc.instance,
vpc_placement=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.ISOLATED),
port=5432,
instance_type=ec2.InstanceType.of(
ec2.InstanceClass.BURSTABLE2,
ec2.InstanceSize.MICRO,
),
allocated_storage=20,
security_groups=[vpc.postgres_sg],
removal_policy=core.RemovalPolicy.DESTROY,
parameter_group=rds.ParameterGroup.from_parameter_group_name(
self,
"para-group-postgres",
parameter_group_name="default.postgres9.6"),
deletion_protection=False,
)
self._instance = postgres
