def setup_emqx(self, N, vpc, zone, sg, key):
self.emqx_vms = []
for n in range(0, N):
name = "emqx-%d" % n
vm = ec2.Instance(self, id = name,
instance_type = ec2.InstanceType(instance_type_identifier=emqx_ins_type),
machine_image = linux_ami,
user_data = ec2.UserData.custom(user_data),
security_group = sg,
key_name = key,
vpc = vpc,
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE),
)
self.emqx_vms.append(vm)
r53.ARecord(self, id = name + '.int.emqx',
record_name = name + '.int.emqx',
zone = zone,
target = r53.RecordTarget([vm.instance_private_ip])
)
# tagging
if self.user_defined_tags:
core.Tags.of(vm).add(*self.user_defined_tags)
core.Tags.of(vm).add('service', 'emqx')
def create_root_api_gateway(self, api_domain_name: str):
""" We need this to create the root API Gateway resource. """
certificate = self.create_api_certificate(api_domain_name, self.zone)
domain_options = aws_apigateway.DomainNameOptions(
domain_name=api_domain_name, certificate=certificate)
stage_options = aws_apigateway.StageOptions(throttling_rate_limit=10,
throttling_burst_limit=100)
rest_api = aws_apigateway.RestApi(self,
'PublicCrudApi',
rest_api_name='PublicCrudApi',
domain_name=domain_options,
deploy_options=stage_options)
kix.info("Routing A-Record Alias for REST API")
a_record_target = aws_route53.RecordTarget.from_alias(
aws_route53_targets.ApiGateway(rest_api))
aws_route53.ARecord(self,
"PublicCrudApiAliasRecord",
zone=self.zone,
target=a_record_target,
record_name=api_domain_name)
# Also create the authorizer for this API.
self._api_authorizer = self.create_root_api_authorizer(
self.user_pool, rest_api)
return rest_api
def setup_etcd(self, vpc, zone, sg, key):
for n in range(0, 3):
# cdk bug?
(cloud_user_data, )= ec2.UserData.for_linux(),
cloud_user_data.add_commands('apt update',
'apt install -y etcd-server etcd-client',
"echo ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd%d.int.emqx:2380 >> /etc/default/etcd" % n,
'echo ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380 >> /etc/default/etcd',
'echo ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 >> /etc/default/etcd',
"echo ETCD_ADVERTISE_CLIENT_URLS=http://etcd%d.int.emqx:2379 >> /etc/default/etcd" % n,
"echo ETCD_NAME=infra%d >> /etc/default/etcd" % n,
'echo ETCD_INITIAL_CLUSTER_STATE=new >> /etc/default/etcd',
'echo ETCD_INITIAL_CLUSTER_TOKEN=emqx-cluster-1 >> /etc/default/etcd',
'echo ETCD_INITIAL_CLUSTER="infra0=http://etcd0.int.emqx:2380,infra1=http://etcd1.int.emqx:2380,infra2=http://etcd2.int.emqx:2380" >> /etc/default/etcd',
'systemctl restart etcd'
)
ins = ec2.Instance(self, id = "etsd.%d" % n,
instance_type=ec2.InstanceType(instance_type_identifier="t3a.nano"),
machine_image=linux_ami,
user_data=cloud_user_data,
security_group = sg,
key_name=key,
vpc = vpc
)
r53.ARecord(self, id = "etcd%d.int.emqx" % n,
record_name = "etcd%d.int.emqx" % n,
zone = zone,
target = r53.RecordTarget([ins.instance_private_ip])
)
if self.user_defined_tags:
core.Tags.of(ins).add(*self.user_defined_tags)
core.Tags.of(ins).add('service', 'etcd')
def configure_dns(self, zone: r53.IHostedZone) -> None:
# Add FSX Records
r53.ARecord(self,
'DnsRecord',
zone=zone,
comment='Name Record for ' +
NetworkFileSystemsConstruct.__name__,
record_name='winfs.{}'.format(zone.zone_name),
ttl=core.Duration.seconds(60),
target=r53.RecordTarget(values=['10.10.35.85']))
# This is only required for parity with devbox
# r53.ARecord(self,'TempDnsRecord',
# zone=zone,
# comment='Name Record for '+NetworkFileSystemsConstruct.__name__,
# record_name='amznfsxkw4byw3j.{}'.format(zone.zone_name),
# ttl=core.Duration.seconds(60),
# target=r53.RecordTarget(
# values= ['10.10.35.85'] ))
# Add efs sources...
for entry in [
# ('homenet.efs.virtual.world', self.homenet.file_system_id),
('app-data.efs.virtual.world', self.app_data.file_system_id)
]:
name, target = entry
r53.CnameRecord(self,
name,
domain_name='{}.efs.{}.amazonaws.com'.format(
target,
core.Stack.of(self).region),
zone=zone,
record_name=name,
ttl=core.Duration.minutes(1))
def __init__(self, scope:core.Construct, id:str,landing_zone:IVpcLandingZone, **kwargs):
super().__init__(scope,id, **kwargs)
# Create the primary domain
self.virtual_world = r53.PrivateHostedZone(self,'VirtualWorld',
zone_name='virtual.world',
vpc=landing_zone.vpc,
comment='Primary domain name')
# Create the real world
self.real_world = r53.PrivateHostedZone(self,'RealWorld',
zone_name='real.world',
vpc=landing_zone.vpc,
comment='Name resolution back to physical realm')
# Add the public records...
# https://abram.com.au/converting-pem-to-pfx-certificates/
with open('chatham.json','r') as f:
json = loads(f.read())
for zone in [self.real_world]:
for entry in json:
ip = entry['ip']
name = entry['name']
record_name = '{}.{}'.format(name,zone.zone_name)
r53.ARecord(self,record_name,
zone=self.real_world,
record_name=record_name,
target= r53.RecordTarget.from_ip_addresses(ip))
def map_base_subdomain(self, subdomain: str, api: aws_apigateway.RestApi) -> str:
"""
Maps a sub-domain of aws.job4u.io to an API gateway
:param subdomain: The sub-domain (e.g. "www")
:param api: The API gateway endpoint
:return: The base url (e.g. "https://www.aws.job4u.io")
"""
domain_name = subdomain + '.' + ZONE_NAME
url = 'https://' + domain_name
cert = aws_certificatemanager.Certificate.from_certificate_arn(self, 'DomainCertificate', ZONE_CERT)
hosted_zone = aws_route53.HostedZone.from_hosted_zone_attributes(self, 'HostedZone',
hosted_zone_id=ZONE_ID,
zone_name=ZONE_NAME)
# add the domain name to the api and the A record to our hosted zone
domain = api.add_domain_name('Domain', certificate=cert, domain_name=domain_name)
aws_route53.ARecord(
self, 'UrlShortenerDomain',
record_name=subdomain,
zone=hosted_zone,
target=aws_route53.RecordTarget.from_alias(aws_route53_targets.ApiGatewayDomain(domain)))
return url
def add_dns_records(self, zone: IHostedZone, resource_name: str) -> None:
r53.ARecord(
self,
'DnsRecord',
zone=zone,
comment='Name Record for ' + JumpBoxConstruct.__name__,
record_name='{}.{}'.format(resource_name, zone.zone_name),
target=RecordTarget(values=[self.instance.instance_private_ip]))
def configure_dns(self,zone:r53.IHostedZone):
r53.ARecord(self,'HostRecord',
zone=zone,
record_name='rtsp-connector.{}'.format(zone.zone_name),
ttl = core.Duration.minutes(1),
target= r53.RecordTarget(
values=[self.instance.instance_private_ip]
))
def __init__(self, scope: core.Construct, id: builtins.str,
landing_zone: IVpcLandingZone) -> None:
super().__init__(scope, id)
self.__landing_zone = landing_zone
# Setup DNS...
self.trader_dns_zone = r53.PrivateHostedZone(
self,
'Trader',
zone_name='trader.fsi'.format(landing_zone.zone_name.lower()),
vpc=landing_zone.vpc,
comment='HomeNet Financial Services Domain')
# Create a key and delegate access to IAM...
self.key = kms.Key(
self,
'Key',
alias='homenet/fsi',
enable_key_rotation=True,
policy=iam.PolicyDocument(statements=[
iam.PolicyStatement(effect=iam.Effect.ALLOW,
principals=[
iam.AccountPrincipal(
core.Stack.of(self).account)
],
actions=['kms:*'],
resources=['*'])
]))
# Create central resources...
self.tda_secret = sm.Secret(
self,
'AmeritradeSecrets',
removal_policy=core.RemovalPolicy.DESTROY,
secret_name='HomeNet-{}-Ameritrade-Secrets'.format(
self.landing_zone.zone_name))
self.bucket = s3.Bucket(self,
'Bucket',
bucket_name='homenet-{}.{}.trader.fsi'.format(
self.landing_zone.zone_name,
core.Stack.of(self).region).lower(),
versioned=True)
r53.ARecord(self,
'BucketAlias',
zone=self.trader_dns_zone,
record_name=self.bucket.bucket_domain_name,
target=r53.RecordTarget.from_alias(
dns_targets.BucketWebsiteTarget(self.bucket)))
# self.fspace = space.CfnEnvironment(self,'Finspace',
# name='HomeNet-FsiCoreSvc',
# kms_key_id= self.key.key_id,
# description="HomeNet Financial Servicing Catalog")
self.finspace = FinSpaceEnvironment()
self.key.grant_admin(iam.ServicePrincipal(service='finspace'))
def __create_route53_record(self, hosted_zone):
route53.ARecord(
self,
"site-alias-record",
record_name=self._site_domain_name,
zone=hosted_zone,
target=route53.RecordTarget.from_alias(
targets.CloudFrontTarget(self.distribution)),
)
def airflow_web_service(self, environment):
service_name = get_webserver_service_name(self.deploy_env)
family = get_webserver_taskdef_family_name(self.deploy_env)
task_def = ecs.FargateTaskDefinition(self,
family,
cpu=512,
memory_limit_mib=1024,
family=family)
task_def.add_container(f"WebWorker-{self.deploy_env}",
image=self.image,
environment=environment,
secrets=self.secrets,
logging=ecs.LogDrivers.aws_logs(
stream_prefix=family,
log_retention=RetentionDays.ONE_DAY))
task_def.default_container.add_port_mappings(
ecs.PortMapping(container_port=8080,
host_port=8080,
protocol=ec2.Protocol.TCP))
# we want only 1 instance of the web server so when new versions are deployed max_healthy_percent=100
# you have to manually stop the current version and then it should start a new version - done by deploy task
lb_security_group = ec2.SecurityGroup(
self, f"lb-sec-group-{self.deploy_env}", vpc=self.vpc)
service = ecs_patterns.ApplicationLoadBalancedFargateService(
self,
service_name,
cluster=self.cluster, # Required
service_name=service_name,
platform_version=ecs.FargatePlatformVersion.VERSION1_4,
cpu=512, # Default is 256
desired_count=1, # Default is 1
task_definition=task_def,
memory_limit_mib=2048, # Default is 512
public_load_balancer=True,
security_groups=[lb_security_group],
certificate=Certificate.from_certificate_arn(
self,
f"lb-cert-{self.deploy_env}",
certificate_arn=self.config["lb_certificate_arn"]),
max_healthy_percent=100)
service.target_group.configure_health_check(path="/health")
# restrict access to the load balancer to only VPN
lb_security_group.connections.allow_from(
ec2.Peer.ipv4(self.config["lb_vpn_addresses"]), ec2.Port.tcp(443))
# configure DNS alias for the load balancer
route53.ARecord(self,
f"lb-record-{self.deploy_env}",
zone=route53.HostedZone.from_hosted_zone_attributes(
self,
f"Zone-{self.deploy_env}",
zone_name=f"Zone-{self.deploy_env}",
hosted_zone_id=self.config["route53_zone_id"]),
record_name=self.config["lb_dns_name"],
target=route53.RecordTarget.from_alias(
targets.LoadBalancerTarget(service.load_balancer)))
return service
def generate_record_in_hosted_zone(scope, hosted_zone: route53.HostedZone,
cloudfront_distribution):
a_record = route53.ARecord(
scope,
"CloudfrontTier1Route53ARecord",
zone=hosted_zone,
target=route53.RecordTarget.from_alias(
targets.CloudFrontTarget(cloudfront_distribution)),
record_name="jvsantos-tier1.apperdevops.com")
return a_record
def __init__(
self,
scope: core.Construct,
id: str,
hosted_zone_id: str,
hosted_zone_name: str,
domain_name: str,
api: apigw.HttpApi,
):
super().__init__(scope, id)
hosted_zone = route53.HostedZone.from_hosted_zone_attributes(
self,
id="dns-hosted-zone",
hosted_zone_id=hosted_zone_id,
zone_name=hosted_zone_name)
certificate = certmgr.DnsValidatedCertificate(
self,
"tls-certificate",
domain_name=domain_name,
hosted_zone=hosted_zone,
validation_method=certmgr.ValidationMethod.DNS,
)
custom_domain = apigw.CfnDomainName(
self,
"custom-domain",
domain_name=domain_name,
domain_name_configurations=[
apigw.CfnDomainName.DomainNameConfigurationProperty(
certificate_arn=certificate.certificate_arn)
],
)
custom_domain.node.add_dependency(api)
custom_domain.node.add_dependency(certificate)
api_mapping = apigw.CfnApiMapping(self,
"custom-domain-mapping",
api_id=api.http_api_id,
domain_name=domain_name,
stage="$default")
api_mapping.node.add_dependency(custom_domain)
route53.ARecord(
self,
"custom-domain-record",
target=route53.RecordTarget.from_alias(
ApiGatewayV2Domain(custom_domain)),
zone=hosted_zone,
record_name=domain_name,
)
def __init__(self, scope: core.Construct, id: str, domain: DomainInfo,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
if domain.stage == 'prod':
self.final_domain = domain.domain_name
else:
self.final_domain = f'{domain.stage}.{domain.domain_name}'
self.domain = domain
# Create the static site website bucket
bucket = s3.Bucket(self,
"sitebucket",
bucket_name=self.final_domain,
public_read_access=True,
website_index_document="index.html")
core.CfnOutput(self, 'site_bucket_name', value=bucket.bucket_name)
core.CfnOutput(self,
'site_bucket_website',
value=bucket.bucket_website_url)
#create Cloudfront distribution return dist ID
alias_configuration = cf.AliasConfiguration(
acm_cert_ref=self.domain.cert_arn,
names=[self.final_domain],
)
source_configuration = cf.SourceConfiguration(
s3_origin_source=cf.S3OriginConfig(s3_bucket_source=bucket, ),
behaviors=[cf.Behavior(is_default_behavior=True)])
dist = cf.CloudFrontWebDistribution(
self,
'staticsitecf',
alias_configuration=alias_configuration,
origin_configs=[source_configuration],
)
core.CfnOutput(self,
'static_site_cf_dist_id',
value=dist.distribution_id)
core.CfnOutput(self, 'static_site_cf_domain', value=dist.domain_name)
#route53 logic
if self.domain.stage == 'prod':
zone = route53.HostedZone.from_hosted_zone_attributes(
self,
id="HostedZoneID",
hosted_zone_id=self.domain.hosted_zone_id,
zone_name=self.domain.domain_name)
route53.ARecord(self,
'SiteAliasRecord',
record_name=self.final_domain,
target=route53.AddressRecordTarget.from_alias(
targets.CloudFrontTarget(dist)),
zone=zone)
def configure_dns(self, zone: r53.IHostedZone,
ca: CertificateAuthority) -> None:
"""
Bind the photos-api alias to the cert/friendly name.
You still need to register the CA cert on the local device (e.g., Group Policy)
Otherwise it errors out, since everything is private resources.
"""
friendly_name = 'photos-api.{}'.format(zone.zone_name)
r53.ARecord(self,
'PhotosApi',
zone=zone,
record_name=friendly_name,
target=r53.RecordTarget.from_alias(
dns_targets.ApiGateway(self.frontend_proxy)))
def createResources(self, ns):
# Get Hosted Zone
hostedZone = route53.HostedZone.from_lookup(
self,
'Bento-Hosted-Zone',
domain_name=self.config[ns]['domain_name'])
route53.ARecord(self,
'Bento-Alias-Record',
record_name=ns,
target=route53.RecordTarget.from_alias(
targets.LoadBalancerTarget(self.bentoALB)),
zone=hostedZone)
def __init__(self, parent: core.Construct, name: str,
props: StaticSiteProps) -> None:
super().__init__(parent, name)
site_domain = props.site_sub_domain + '.' + props.domain_name
# Content bucket
site_bucket = s3.Bucket(self,
"SiteBucket",
bucket_name=site_domain,
website_index_document="index.html",
website_error_document="error.html",
public_read_access=True,
removal_policy=core.RemovalPolicy.DESTROY)
core.CfnOutput(self, 'Bucket', value=site_bucket.bucket_name)
#cloudfront distribution that provies HTTPS
distribution = cfront.CloudFrontWebDistribution(
self,
'SiteDistribution',
origin_configs=[
cfront.SourceConfiguration(
behaviors=[cfront.Behavior(is_default_behavior=True)],
s3_origin_source=cfront.S3OriginConfig(
s3_bucket_source=site_bucket))
],
alias_configuration=cfront.AliasConfiguration(
acm_cert_ref=props.certificate_arn,
names=[site_domain],
ssl_method=cfront.SSLMethod.SNI,
security_policy=cfront.SecurityPolicyProtocol.TLS_V1_1_2016))
core.CfnOutput(self,
'DistributionID',
value=distribution.distribution_id)
# Route 53 alias record for the CloudFront distribution
zone = route53.HostedZone.from_lookup(self,
'MyHostedZone',
domain_name=props.domain_name)
# Add a A record to the hosted zone
route53.ARecord(
self,
'SiteAliasRecord',
zone=zone,
record_name=site_domain,
target=route53.AddressRecordTarget.from_alias(
aws_route53_targets.CloudFrontTarget(distribution)))
def __init__(self, app: core.App, id: str, **kwargs) -> None:
super().__init__(app, id)
#create an S3 bucket
domainName = 'accelerate.dev'
myBucket = s3.Bucket(self,
'accelerate.dev-s3bucket',
bucket_name='accelerate-website',
public_read_access=True,
website_index_document='index.html',
website_error_document='404.html',
removal_policy=core.RemovalPolicy.DESTROY)
myBucket.grant_public_access
myBucket.add_to_resource_policy( #Grant read access to everyone in your account
iam.PolicyStatement(
actions=['s3:GetObject'],
resources=[myBucket.arn_for_objects('*')],
principals=[
iam.AccountPrincipal(account_id=core.Aws.ACCOUNT_ID)
]))
myUser = iam.User(self, 'deploy_' +
domainName) #Grant write access to a specific user
myBucket.grant_write(myUser)
hostedZone = route53.HostedZone.from_hosted_zone_attributes(
self,
"HostedZone_" + domainName,
hosted_zone_id='Z00154093I7THXRTRF8QB',
zone_name=domainName)
cert = certmgr.DnsValidatedCertificate(self,
"cert_" + domainName,
domain_name=domainName,
hosted_zone=hostedZone)
distribution = cloudfront.CloudFrontWebDistribution(
self,
"accelerate.dev-distribution",
price_class=cloudfront.PriceClass.PRICE_CLASS_100,
origin_configs=[
cloudfront.SourceConfiguration(
s3_origin_source=cloudfront.S3OriginConfig(
s3_bucket_source=myBucket),
behaviors=[cloudfront.Behavior(is_default_behavior=True)])
],
viewer_certificate=cloudfront.ViewerCertificate.
from_acm_certificate(cert, aliases=['accelerate.dev']))
route53.ARecord(self,
"Alias_" + domainName,
zone=hostedZone,
target=route53.RecordTarget.from_alias(
targets.CloudFrontTarget(distribution)))
def create_apex_records(self, apex_target):
route53.ARecord(
self,
self.config.get("stack_name") + "_v4_apex_alias",
zone=self.zone,
target=apex_target
)
if self.config.get("ipv6_support", False):
route53.AaaaRecord(
self,
self.config.get("stack_name") + "_v6_apex_alias",
zone=self.zone,
target=apex_target
)
def __init__(self, scope: core.Construct, stack_id: str, *, api_name: str,
domain_name: str, functions_stacks: List[FunctionsStack],
subdomain: str, **kwargs):
super().__init__(scope, stack_id, **kwargs)
hosted_zone = route53.HostedZone.from_lookup(self,
'HostedZone',
domain_name=domain_name)
subdomain = f'{subdomain}.{hosted_zone.zone_name}'
certificate = acm.DnsValidatedCertificate(self,
'Certificate',
domain_name=subdomain,
hosted_zone=hosted_zone)
self.api = apigw.HttpApi(self, 'HttpApi', api_name=api_name)
domain_name = apigw.CfnDomainName(
self,
'DomainName',
domain_name=subdomain,
domain_name_configurations=[
apigw.CfnDomainName.DomainNameConfigurationProperty(
certificate_arn=certificate.certificate_arn)
])
# add an alias to the hosted zone
route53.ARecord(self,
'ARecord',
record_name=subdomain,
target=route53.RecordTarget.from_alias(
ApiGatewayV2Domain(domain_name)),
zone=hosted_zone)
mapping = apigw.CfnApiMapping(self,
'ApiMapping',
api_id=self.api.http_api_id,
domain_name=domain_name.ref,
stage='$default')
mapping.add_depends_on(domain_name)
for functions_stack in functions_stacks:
self.api.add_routes(integration=apigw.LambdaProxyIntegration(
handler=functions_stack.receiver_function),
methods=[functions_stack.api_method],
path=functions_stack.api_path)
def create_route53_record(self):
"""
Create Route53 entries
"""
zone = route53.HostedZone.from_lookup(self,
"quake_services",
domain_name="quake.services")
target = route53.AddressRecordTarget.from_alias(
route53_targets.LoadBalancerTarget(self.nlb))
route53.ARecord(self,
"alias",
zone=zone,
record_name="master",
target=target)
def __init__(self, scope: Construct, id: str, *, fqdn: str,
target) -> None:
super().__init__(scope, id)
hosted_zone_name = dns.get_hosted_zone_name()
if not fqdn.endswith(hosted_zone_name):
raise Exception(f"FQDN {fqdn} not within {hosted_zone_name}")
record_name = fqdn[0:-len(hosted_zone_name) - 1]
route53.ARecord(
self,
id,
target=RecordTarget.from_alias(target),
zone=dns.get_hosted_zone(),
record_name=record_name,
)
def create_site_records(self):
route53.ARecord(
self,
self.config.get("stack_name") + "_v4_sub_alias",
zone=self.zone,
record_name=self.config.get("subdomain"),
target=self.cloudfront_site_target
)
if self.config.get("ipv6_support", False):
route53.AaaaRecord(
self,
self.config.get("stack_name") + "_v6_sub_alias",
zone=self.zone,
record_name=self.config.get("subdomain"),
target=self.cloudfront_site_target
)
def setup_loadgen(self, N, vpc, zone, sg, key, target):
for n in range(0, N):
name = "loadgen-%d" % n
src_ips = ','.join([ "192.168.%d.%d" % (n, x) for x in range(10, 20)])
bootScript = ec2.UserData.custom(loadgen_user_data)
configIps = ec2.UserData.for_linux()
configIps.add_commands("for x in $(seq 2 250); do ip addr add 192.168.%d.$x dev ens5; done" % n)
runscript = ec2.UserData.for_linux()
runscript.add_commands("""cat << EOF > /root/emqtt_bench/run.sh
#!/bin/bash
ulimit -n 1000000
ipaddrs=`for n in $(seq 2 13); do printf "192.168.%d.%%d," $n; done `
_build/default/bin/emqtt_bench sub -h %s -t "root/%%c/1/+/abc/#" -c 200000 --prefix "prefix%d" --ifaddr %s -i 5
EOF
""" % (n, target, n, src_ips)
)
multipartUserData = ec2.MultipartUserData()
multipartUserData.add_part(ec2.MultipartBody.from_user_data(bootScript))
multipartUserData.add_part(ec2.MultipartBody.from_user_data(configIps))
multipartUserData.add_part(ec2.MultipartBody.from_user_data(runscript))
lg_vm = ec2.Instance(self, id = name,
instance_type=ec2.InstanceType(instance_type_identifier=loadgen_ins_type),
machine_image=linux_ami,
user_data = multipartUserData,
security_group = sg,
key_name=key,
vpc = vpc,
source_dest_check = False
)
i=1
for net in vpc.private_subnets:
net.add_route(id=name+str(i),
router_id = lg_vm.instance_id,
router_type = ec2.RouterType.INSTANCE,
destination_cidr_block = "192.168.%d.0/24" % n)
i+=1
r53.ARecord(self, id = name + '.int.emqx',
record_name = name + '.int.emqx',
zone = zone,
target = r53.RecordTarget([lg_vm.instance_private_ip])
)
if self.user_defined_tags:
core.Tags.of(ins).add(*self.user_defined_tags)
core.Tags.of(lg_vm).add('service', 'loadgen')
def __init__(self, scope: core.Construct, stack_id: str, *, api_name: str,
bucket: s3.Bucket, domain_name: str, functions,
subdomain: str, **kwargs):
super().__init__(scope, stack_id, **kwargs)
hosted_zone = route53.HostedZone.from_lookup(self,
'HostedZone',
domain_name=domain_name)
subdomain = f'{subdomain}.{hosted_zone.zone_name}'
certificate = acm.DnsValidatedCertificate(self,
'Certificate',
domain_name=subdomain,
hosted_zone=hosted_zone)
self.api = apigw.HttpApi(self, 'HttpApi', api_name=api_name)
domain_name = apigw.CfnDomainName(
self,
'DomainName',
domain_name=subdomain,
domain_name_configurations=[
apigw.CfnDomainName.DomainNameConfigurationProperty(
certificate_arn=certificate.certificate_arn)
])
# add an alias to the hosted zone
route53.ARecord(self,
'ARecord',
record_name=subdomain,
target=route53.RecordTarget.from_alias(
ApiGatewayV2Domain(domain_name)),
zone=hosted_zone)
mapping = apigw.CfnApiMapping(self,
'ApiMapping',
api_id=self.api.http_api_id,
domain_name=domain_name.ref,
stage='$default')
mapping.add_depends_on(domain_name)
for function in functions:
self.add_endpoint(bucket, function)
def configure_domain(
scope: core.Construct,
load_balancer: elbv2.ApplicationLoadBalancer,
config: StackConfig,
):
# // DNS record
zone = route53.HostedZone.from_hosted_zone_attributes(
scope,
'dns',
zone_name=config.dns_name,
hosted_zone_id=config.dns_zone_id,
)
target = route53.RecordTarget.from_alias(
route53_targets.LoadBalancerTarget(load_balancer))
route53.ARecord(scope,
'stack-domain',
zone=zone,
record_name=config.dns_stack_subdomain,
target=target)
def __init__(self, scope: core.App, id: str, props: DomainStackProps,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
domain = apigw.DomainName(
self,
"domain",
domain_name=props.domain_name,
certificate=acm.Certificate.from_certificate_arn(
self, 'cert', props.certificate_arn),
endpoint_type=apigw.EndpointType.REGIONAL,
)
self.domain = domain
route53.ARecord(self,
"AliasRecord",
zone=route53.HostedZone.from_lookup(
self, 'zone', domain_name=props.domain_name),
target=route53.RecordTarget.from_alias(
route53_targets.ApiGatewayDomain(domain)))
def __init__(self, scope: core.Construct, id: str, cdnid,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
prj_name = self.node.try_get_context("project_name")
env_name = self.node.try_get_context("env")
hosted_zone = r53.HostedZone(self,
'hosted-zone',
zone_name='cloudevangelist.ca')
r53.ARecord(self,
'cdn-record',
zone=hosted_zone,
target=r53.RecordTarget.from_alias(
alias_target=r53target.CloudFrontTarget(cdnid)),
record_name='app')
ssm.StringParameter(self,
'zone-id',
parameter_name='/' + env_name + '/zone-id',
string_value=hosted_zone.hosted_zone_id)
def __init__(self, scope: cdk.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
environment = self.node.try_get_context('environment')
server_domain = self.node.try_get_context('server_domain')
hosted_zone_id = self.node.try_get_context('hosted_zone_id')
if environment == 'prod':
self.domain_name = f'start.{server_domain}'
else:
self.domain_name = f'start.{environment}.{server_domain}'
hosted_zone = r53.HostedZone.from_hosted_zone_attributes(
self,
'Zone',
hosted_zone_id=hosted_zone_id,
zone_name=server_domain)
certificate = acm.Certificate(
self,
'StartCert',
domain_name=self.domain_name,
validation=acm.CertificateValidation.from_dns(
hosted_zone=hosted_zone))
self.rest_api = apigw.RestApi(
self,
'api',
domain_name=apigw.DomainNameOptions(certificate=certificate,
domain_name=self.domain_name),
deploy_options=apigw.StageOptions(stage_name=environment))
arecord = r53.ARecord(
self,
'StartARecord',
zone=hosted_zone,
record_name=self.domain_name,
target=r53.RecordTarget(
alias_target=r53_targets.ApiGateway(self.rest_api)))
cdk.CfnOutput(self, 'DNSName', value=arecord.domain_name)
def __init__(
self,
scope: cdk.Construct,
id: str,
consoleme_alb: lb.ApplicationLoadBalancer,
**kwargs
) -> None:
super().__init__(scope, id, **kwargs)
hosted_zone = route53.PublicHostedZone.from_hosted_zone_attributes(
self,
"HostedZone",
hosted_zone_id=HOSTED_ZONE_ID,
zone_name=HOSTED_ZONE_NAME,
)
route53_record = route53.ARecord(
self,
"LBRecord",
zone=hosted_zone,
record_name=APPLICATION_PREFIX,
target=route53.RecordTarget(
alias_target=(route53_targets.LoadBalancerTarget(consoleme_alb))
),
)
verify_ses_identity = cr.AwsCustomResource(
self,
"VerifySESIdentityResource",
policy=cr.AwsCustomResourcePolicy.from_statements(
statements=[
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=["ses:VerifyDomainIdentity", "ses:DeleteIdentity"],
resources=["*"],
)
]
),
on_create=cr.AwsSdkCall(
service="SES",
action="verifyDomainIdentity",
parameters={"Domain": route53_record.domain_name},
physical_resource_id=cr.PhysicalResourceId.from_response(
"VerificationToken"
),
),
on_delete=cr.AwsSdkCall(
service="SES",
action="deleteIdentity",
parameters={"Identity": route53_record.domain_name},
),
install_latest_aws_sdk=True,
log_retention=logs.RetentionDays.ONE_WEEK,
)
add_ses_dkim = cr.AwsCustomResource(
self,
"VerifySESDKIMResource",
policy=cr.AwsCustomResourcePolicy.from_statements(
statements=[
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=["ses:VerifyDomainDkim"],
resources=["*"],
)
]
),
on_create=cr.AwsSdkCall(
service="SES",
action="verifyDomainDkim",
parameters={"Domain": route53_record.domain_name},
physical_resource_id=cr.PhysicalResourceId.of(
HOSTED_ZONE_ID + "VerifyDomainDKIM"
),
),
install_latest_aws_sdk=True,
log_retention=logs.RetentionDays.ONE_WEEK,
)
add_ses_dkim.node.add_dependency(verify_ses_identity)
certificate = acm.Certificate(
self,
"Certificate",
domain_name="*." + hosted_zone.zone_name,
validation=acm.CertificateValidation.from_dns(hosted_zone=hosted_zone),
)
self.hosted_zone = hosted_zone
self.certificate = certificate
self.route53_record = route53_record
