def __init__(self, scope:core.Construct, id:str,landing_zone:IVpcLandingZone, **kwargs):
    super().__init__(scope,id, **kwargs)
    
    # Create the primary domain
    self.virtual_world = r53.PrivateHostedZone(self,'VirtualWorld',
      zone_name='virtual.world',
      vpc=landing_zone.vpc,
      comment='Primary domain name')

    # Create the real world
    self.real_world = r53.PrivateHostedZone(self,'RealWorld',
      zone_name='real.world',
      vpc=landing_zone.vpc,
      comment='Name resolution back to physical realm')

    # Add the public records...
    # https://abram.com.au/converting-pem-to-pfx-certificates/
    with open('chatham.json','r') as f:
      json = loads(f.read())
      for zone in [self.real_world]:
        for entry in json:
          ip = entry['ip']
          name = entry['name']
          record_name = '{}.{}'.format(name,zone.zone_name)
          r53.ARecord(self,record_name,
            zone=self.real_world,
            record_name=record_name,
            target= r53.RecordTarget.from_ip_addresses(ip))
    def __init__(self, scope: core.Construct, id: builtins.str,
                 landing_zone: IVpcLandingZone) -> None:
        super().__init__(scope, id)
        self.__landing_zone = landing_zone

        # Setup DNS...
        self.trader_dns_zone = r53.PrivateHostedZone(
            self,
            'Trader',
            zone_name='trader.fsi'.format(landing_zone.zone_name.lower()),
            vpc=landing_zone.vpc,
            comment='HomeNet Financial Services Domain')

        # Create a key and delegate access to IAM...
        self.key = kms.Key(
            self,
            'Key',
            alias='homenet/fsi',
            enable_key_rotation=True,
            policy=iam.PolicyDocument(statements=[
                iam.PolicyStatement(effect=iam.Effect.ALLOW,
                                    principals=[
                                        iam.AccountPrincipal(
                                            core.Stack.of(self).account)
                                    ],
                                    actions=['kms:*'],
                                    resources=['*'])
            ]))

        # Create central resources...
        self.tda_secret = sm.Secret(
            self,
            'AmeritradeSecrets',
            removal_policy=core.RemovalPolicy.DESTROY,
            secret_name='HomeNet-{}-Ameritrade-Secrets'.format(
                self.landing_zone.zone_name))

        self.bucket = s3.Bucket(self,
                                'Bucket',
                                bucket_name='homenet-{}.{}.trader.fsi'.format(
                                    self.landing_zone.zone_name,
                                    core.Stack.of(self).region).lower(),
                                versioned=True)

        r53.ARecord(self,
                    'BucketAlias',
                    zone=self.trader_dns_zone,
                    record_name=self.bucket.bucket_domain_name,
                    target=r53.RecordTarget.from_alias(
                        dns_targets.BucketWebsiteTarget(self.bucket)))

        # self.fspace = space.CfnEnvironment(self,'Finspace',
        #   name='HomeNet-FsiCoreSvc',
        #   kms_key_id= self.key.key_id,
        #   description="HomeNet Financial Servicing Catalog")
        self.finspace = FinSpaceEnvironment()
        self.key.grant_admin(iam.ServicePrincipal(service='finspace'))
    def __init__(self, scope: core.Construct, id: str, context: InfraContext,
                 **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        self.__vpc = ec2.Vpc(
            self,
            'FinSurf',
            cidr='10.50.0.0/16',
            nat_gateway_subnets=ec2.SubnetSelection(
                subnet_group_name='Egress'),
            enable_dns_hostnames=True,
            enable_dns_support=True,
            nat_gateways=2,
            max_azs=2,
            subnet_configuration=[
                ec2.SubnetConfiguration(name='Egress',
                                        subnet_type=ec2.SubnetType.PUBLIC,
                                        cidr_mask=28),
                ec2.SubnetConfiguration(name='EarningApi',
                                        subnet_type=ec2.SubnetType.PRIVATE,
                                        cidr_mask=24),
                ec2.SubnetConfiguration(name='Alexa',
                                        subnet_type=ec2.SubnetType.PRIVATE,
                                        cidr_mask=24),
                ec2.SubnetConfiguration(name='FriendlyNamed',
                                        subnet_type=ec2.SubnetType.PRIVATE,
                                        cidr_mask=24),
                ec2.SubnetConfiguration(name='AccountLinking',
                                        subnet_type=ec2.SubnetType.PRIVATE,
                                        cidr_mask=24),
                ec2.SubnetConfiguration(name='PortfolioMgmt',
                                        subnet_type=ec2.SubnetType.PRIVATE,
                                        cidr_mask=24),
                ec2.SubnetConfiguration(name='Collections',
                                        subnet_type=ec2.SubnetType.PRIVATE,
                                        cidr_mask=24),
                ec2.SubnetConfiguration(name='MarketGraph',
                                        subnet_type=ec2.SubnetType.PRIVATE,
                                        cidr_mask=24),
                ec2.SubnetConfiguration(name='MapReduce',
                                        subnet_type=ec2.SubnetType.PRIVATE,
                                        cidr_mask=24),
            ])

        self.__hostedZone = dns.PrivateHostedZone(
            self,
            'PrivateFinSurfZone',
            vpc=self.vpc,
            zone_name=context.environment.region + '.finsurf.internal',
            comment='Internal zone for FinSurf application')
Exemple #4
0
    def __init__(self, scope: core.Construct, construct_id: str, env, **kwargs) -> None:
        super().__init__(scope, construct_id, env=env, **kwargs)
        
        # The code that defines your stack goes here
        if self.node.try_get_context("tags"):
            self.user_defined_tags = self.node.try_get_context("tags").split(' ')
        else:
            self.user_defined_tags = None

        vpc = ec2.Vpc(self, "VPC_EMQ",
            max_azs=2,
            cidr="10.10.0.0/16",
            # configuration will create 3 groups in 2 AZs = 6 subnets.
            subnet_configuration=[ec2.SubnetConfiguration(
                subnet_type=ec2.SubnetType.PUBLIC,
                name="Public",
                cidr_mask=24
            ), ec2.SubnetConfiguration(
                subnet_type=ec2.SubnetType.PRIVATE,
                name="Private",
                cidr_mask=24
            ), ec2.SubnetConfiguration(
                subnet_type=ec2.SubnetType.ISOLATED,
                name="DB",
                cidr_mask=24
            )
            ],
            nat_gateways=2
            )
        self.vpc = vpc


        # Route53
        int_zone = r53.PrivateHostedZone(self, r53_zone_name,
                                         zone_name = 'int.emqx',
                                         vpc = vpc
        )

        self.int_zone = int_zone

        # Define cfn parameters
        # ec2_type = CfnParameter(self, "ec2-instance-type",
        #     type="String", default="m5.2xlarge",
        #     description="Specify the instance type you want").value_as_string
        
        key_name = CfnParameter(self, "ssh key",
            type="String", default="key_ireland",
            description="Specify your SSH key").value_as_string

        sg = ec2.SecurityGroup(self, id = 'sg_int', vpc = vpc)
        self.sg = sg

        sg.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(22), 'SSH frm anywhere')
        sg.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(1883), 'MQTT TCP Port')
        sg.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(8883), 'MQTT TCP/TLS Port')
        sg.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.udp(14567), 'MQTT Quic Port')
        sg.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(18083), 'WEB UI')
        sg.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(4369), 'EMQX dist port 1')
        sg.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(4370), 'EMQX dist port 2')
        sg.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(8081), 'EMQX dashboard')
        sg.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(2379), 'etcd client port')
        sg.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(2380), 'etcd peer port')

         # Create Bastion Server
        bastion = ec2.BastionHostLinux(self, "Bastion",
                                       vpc=vpc,
                                       subnet_selection=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
                                       instance_name="BastionHostLinux",
                                       instance_type=ec2.InstanceType(instance_type_identifier="t3.nano"))

        bastion.instance.instance.add_property_override("KeyName", key_name)
        bastion.connections.allow_from_any_ipv4(
            ec2.Port.tcp(22), "Internet access SSH")
    
        # Create NLB
        nlb = elb.NetworkLoadBalancer(self, "emq-elb",
                                      vpc=vpc,
                                      internet_facing=False, 
                                      cross_zone_enabled=True,
                                      load_balancer_name="emq-nlb")

        r53.ARecord(self, "AliasRecord",
                    zone = int_zone,
                    record_name = loadbalancer_dnsname,
                    target = r53.RecordTarget.from_alias(r53_targets.LoadBalancerTarget(nlb))
                    )

        self.nlb = nlb

        listener = nlb.add_listener("port1883", port=1883)
        listenerTLS = nlb.add_listener("port8883", port=8883) # TLS, emqx terminataion
        listenerQuic = nlb.add_listener("port14567", port=14567, protocol=elbv2.Protocol.UDP)
        listenerUI = nlb.add_listener("port80", port=80)

        # Create Autoscaling Group with desired 2*EC2 hosts
        # asg = autoscaling.AutoScalingGroup(self, "emq-asg",
        #                                    vpc=vpc,
        #                                    vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE),
        #                                    instance_type=ec2.InstanceType(
        #                                        instance_type_identifier=ec2_type),
        #                                    machine_image=linux_ami,
        #                                    security_group = sg,
        #                                    key_name=key_name,
        #                                    user_data=ec2.UserData.custom(user_data),
        #                                    health_check=HealthCheck.elb(grace=Duration.seconds(60)),
        #                                    desired_capacity=3,
        #                                    min_capacity=2,
        #                                    max_capacity=4
        # )

        # if self.user_defined_tags:
        #     core.Tags.of(asg).add(*self.user_defined_tags)

        # # NLB cannot associate with a security group therefore NLB object has no Connection object
        # # Must modify manuall inbound rule of the newly created asg security group to allow access
        # # from NLB IP only
        # asg.connections.allow_from_any_ipv4(
        #     ec2.Port.tcp(1883), "Allow NLB access 1883 port of EC2 in Autoscaling Group")
        # asg.connections.allow_from_any_ipv4(
        #     ec2.Port.tcp(18083), "Allow NLB access WEB UI")
        # asg.connections.allow_from_any_ipv4(
        #     ec2.Port.tcp(4369), "Allow emqx cluster distribution port 1")
        # asg.connections.allow_from_any_ipv4(
        #     ec2.Port.tcp(4370), "Allow emqx cluster distribution port 2")
        # asg.connections.allow_from_any_ipv4(
        #     ec2.Port.udp(4369), "Allow emqx cluster discovery port 1")
        # asg.connections.allow_from_any_ipv4(
        #     ec2.Port.udp(4370), "Allow emqx cluster discovery port 2")
        # asg.connections.allow_from_any_ipv4(
        #     ec2.Port.tcp(8081), "Allow emqx cluster dashboard access")
        # asg.connections.allow_from_any_ipv4(
        #     ec2.Port.tcp(2379), "Allow emqx cluster discovery port (etcd)")
        # asg.connections.allow_from_any_ipv4(
        #     ec2.Port.tcp(2380), "Allow emqx cluster discovery port (etcd)")
        # asg.connections.allow_from(bastion,
        #     ec2.Port.tcp(22), "Allow SSH from the bastion only")

        self.setup_emqx(numEmqx, vpc, int_zone, sg, key_name)

        listener.add_targets('ec2',
                             port=1883,
                             targets=
                                 [ target.InstanceTarget(x)
                                   for x in self.emqx_vms])
        # @todo we need ssl terminataion
        listenerUI.add_targets('ec2',
                               port=18083,
                               targets=[ target.InstanceTarget(x)
                                   for x in self.emqx_vms])

        listenerQuic.add_targets('ec2',
                                 port=14567,
                                 protocol=elbv2.Protocol.UDP,
                                 targets=[ target.InstanceTarget(x)
                                   for x in self.emqx_vms])

        listenerTLS.add_targets('ec2',
                                port=8883,
                                targets=[ target.InstanceTarget(x)
                                   for x in self.emqx_vms])

        """ db_mysql = rds.DatabaseInstance(self, "EMQ_MySQL_DB",
            engine=rds.DatabaseInstanceEngine.mysql(
                version=rds.MysqlEngineVersion.VER_5_7_30),
            instance_type=ec2.InstanceType.of(
                ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL),
            vpc=vpc,
            multi_az=True,
            allocated_storage=100,
            storage_type=rds.StorageType.GP2,
            cloudwatch_logs_exports=["audit", "error", "general", "slowquery"],
            deletion_protection=False,
            delete_automated_backups=False,
            backup_retention=core.Duration.days(7),
            parameter_group=rds.ParameterGroup.from_parameter_group_name(
                self, "para-group-mysql",
                parameter_group_name="default.mysql5.7"),
            )

        asg_security_groups = asg.connections.security_groups
        for asg_sg in asg_security_groups:
            db_mysql.connections.allow_default_port_from(asg_sg, "EC2 Autoscaling Group access MySQL") """

        #self.setup_monitoring()

        self.setup_etcd(vpc, int_zone, sg, key_name)
        self.setup_loadgen(numLg, vpc, int_zone, sg, key_name, nlb.load_balancer_dns_name)

        self.setup_monitoring()

        core.CfnOutput(self, "Output",
            value=nlb.load_balancer_dns_name)
        core.CfnOutput(self, "SSH Entrypoint",
                       value=bastion.instance_public_ip)
        core.CfnOutput(self, "SSH cmds",
                       value="ssh -A -l ec2-user %s -L8888:%s:80 -L 9999:%s:80 -L 13000:%s:3000"
                       % (bastion.instance_public_ip, nlb.load_balancer_dns_name, self.mon_lb, self.mon_lb)
        )
Exemple #5
0
    def __init__(self, scope: core.Construct, id: str, vpc: ec2.IVpc,
                 **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        # The code that defines your stack goes here

        demords = rds.DatabaseInstance(
            self,
            "RDS",
            master_username="******",
            master_user_password=core.SecretValue.plain_text(rdspwd),
            database_name="db1",
            engine_version="8.0.16",
            delete_automated_backups=True,
            engine=rds.DatabaseInstanceEngine.MYSQL,
            # instance_identifier="cdkdemords2",
            vpc=vpc,
            port=3306,
            instance_type=ec2.InstanceType.of(
                ec2.InstanceClass.BURSTABLE3,
                ec2.InstanceSize.SMALL,
            ),
            removal_policy=core.RemovalPolicy.DESTROY,
            deletion_protection=False,
        )

        # The code that is version for 1.62.0 .
        #vpc = ec2.Vpc(self, 'rdsvpc',
        #cidr="10.0.0.0/16",
        #enable_dns_hostnames=True,
        #enable_dns_support=True,
        #nat_gateways=0,
        #subnet_configuration=[ec2.SubnetConfiguration(
        #    cidr_mask=20,
        #    name='PublicSubnet',
        #    subnet_type=ec2.SubnetType.PUBLIC,
        #    )])
        #rdspg = rds.ParameterGroup(self, 'dbpg',engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_16))
        #demords = rds.DatabaseInstance(
        #    self, "RDS",
        #    master_username="******",
        #    master_user_password=core.SecretValue.plain_text(rdspwd),
        #    database_name="db1",
        #    delete_automated_backups=True,
        #    parameter_group=rdspg,
        #    # instance_identifier="cdkdemords2",
        #    vpc=vpc,
        #    engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_16),
        #    port=3306,
        #    instance_type=ec2.InstanceType("t3.small"),
        #    removal_policy=core.RemovalPolicy.DESTROY,
        #    deletion_protection=False,
        #    vpc_subnets={
        #        "subnet_type": ec2.SubnetType.PUBLIC
        #    }
        #)
        #external_ip = requests.get('https://checkip.amazonaws.com').text.rstrip()
        #your_public_ip = str(external_ip + "/32")
        #demords.connections.allow_default_port_from(other=ec2.Peer.ipv4(your_public_ip))

        demords.connections.allow_default_port_from(
            other=ec2.Peer.ipv4(vpc.vpc_cidr_block))

        zone = r53.PrivateHostedZone(self,
                                     'cdkdemo-zone',
                                     vpc=vpc,
                                     zone_name="example.io")

        cname = r53.CnameRecord(
            self,
            'cdk-rds-cname-record',
            zone=zone,
            domain_name=demords.db_instance_endpoint_address,
            record_name="cdkdemo",
            ttl=core.Duration.minutes(1))
        core.CfnOutput(self, 'rds-passwd', value=rdspwd)
        core.CfnOutput(self,
                       'rds-host-url',
                       value=demords.db_instance_endpoint_address)
        core.CfnOutput(self, 'rds-cname', value=cname.domain_name)