def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) self.vpc = aws_ec2.Vpc(self, "Vpc", cidr="10.0.0.0/16", nat_gateways=1) self.vpc.node.apply_aspect(core.Tag("app_name", "vpc")) self.vpc.node.apply_aspect(core.Tag("stack_type", "vpc"))
def __init__(self, scope: core.Construct, id: str, cidr_vpc, cidr_mask, nat_gateways, **kwargs) -> None: super().__init__(scope, id, **kwargs) # The code that defines your stack goes here self.vpc = ec2.Vpc( self, "VPC", max_azs=2, cidr=cidr_vpc, # configuration will create 3 groups in 2 AZs = 6 subnets. subnet_configuration=[ ec2.SubnetConfiguration(subnet_type=ec2.SubnetType.PUBLIC, name="Public", cidr_mask=cidr_mask), ec2.SubnetConfiguration(subnet_type=ec2.SubnetType.PRIVATE, name="Private", cidr_mask=cidr_mask) ], # nat_gateway_provider=ec2.NatProvider.gateway(), nat_gateways=nat_gateways, ) core.Tag(key="Owner", value="Wahaj-vpc") core.CfnOutput(self, "Output", value=self.vpc.vpc_id)
def __init__(self, scope: core.Construct, construct_id: str, vpc, nlb_listener_port, nlb_name, nlb_id, internet_facing, targetgroup_port, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) #network load balancer nlb = elb.NetworkLoadBalancer( self, internet_facing=internet_facing, load_balancer_name=nlb_name, id=nlb_id, vpc=vpc, # The object from above vpc from lookup vpc_subnets=ec2.SubnetSelection(subnets=vpc.public_subnets)) #load balancer scuirty group sg_nlb = ec2.SecurityGroup(self, id="sg_nlb", vpc=vpc, security_group_name="sg_nlb") #listener listener = nlb.add_listener("Listener", port=nlb_listener_port, protocol=elb.Protocol.TCP) target_group = elb.NetworkTargetGroup(self, vpc=vpc, id="Target", port=targetgroup_port) listener.add_target_groups("TargetGroup", target_group) #sg_nlb ingress sg_nlb.add_ingress_rule(peer=ec2.Peer.ipv4("0.0.0.0/0"), connection=ec2.Port.tcp(22)) core.Tag(key="Owner", value="Wahaj-nlb")
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) ZachESInstanceName = self.__class__.__name__ DiskOpt={ "EBSEnabled" : True, "VolumeSize" : 10, "VolumeType" : "gp2" } ESconfig = { "DedicatedMasterCount" : 3, "DedicatedMasterEnabled" : True, "DedicatedMasterType" : "m4.large.elasticsearch", "InstanceCount" : 3, "InstanceType" : "m4.large.elasticsearch", "ZoneAwarenessEnabled" : True } vpc = ec2.Vpc.from_lookup(self,id="Zach_VPC_Stack_A",vpc_id="vpc-01e73b4b5c6f9f98a") SubnetIDList,SGList=[],[] for subnet in vpc.public_subnets: SubnetIDList.append(subnet.subnet_id) vpc_options={"SubnetIds" :SubnetIDList, "SecurityGroupIds" : []} ''' EBS storage must be selected for m4.large.elasticsearch (Service: AWSElasticsearch; Status Code: 400; Error Code: ValidationException ''' ZachESInstance=es.CfnDomain(self, id=ZachESInstanceName, domain_name=ZachESInstanceName.replace("_","").lower(), ebs_options=DiskOpt, elasticsearch_version='7.1', snapshot_options={"AutomatedSnapshotStartHour":2}, vpc_options=vpc_options, elasticsearch_cluster_config=ESconfig, tags=[core.Tag(key="Environment",value="prod"), core.Tag(key="Type",value="Log")], encryption_at_rest_options={"Enabled": True,"KmsKeyId": self.GenerateKmsKey(ZachESInstanceName)}, node_to_node_encryption_options={"Enabled" : True}, advanced_options={"indices.query.bool.max_clause_count":"2000"} ) core.CfnOutput(self, ZachESInstanceName + "ID", value=ZachESInstance.logical_id) core.CfnOutput(self, ZachESInstanceName + "Domain", value=ZachESInstance.domain_name) core.CfnOutput(self, ZachESInstanceName + "Ver", value=ZachESInstance.elasticsearch_version) core.CfnOutput(self, ZachESInstanceName + "VPC", value=ZachESInstance.vpc_options.to_string())
def launch_function_config(self, emr_profile, cluster_configuration, default_fail_if_cluster_running): return emr_launch_function.EMRLaunchFunction( self, self._cluster_name, namespace=self._cluster_name, launch_function_name="launch-fn", emr_profile=emr_profile, cluster_configuration=cluster_configuration, cluster_name=self._cluster_name, default_fail_if_cluster_running=default_fail_if_cluster_running, allowed_cluster_config_overrides=cluster_configuration. override_interfaces['default'], cluster_tags=[core.Tag(key='Group', value='AWSDemo')])
def from_json(self, property_values): self._launch_function_name = property_values['LaunchFunctionName'] self._namespace = property_values['Namespace'] profile_parts = property_values['EMRProfile'].split('/') self._emr_profile = emr_profile.EMRProfile.from_stored_profile( self, 'EMRProfile', profile_parts[1], profile_parts[0]) config_parts = property_values['ClusterConfiguration'].split('/') self._cluster_configuration = cluster_configuration.ClusterConfiguration.from_stored_configuration( self, 'ClusterConfiguration', config_parts[1], config_parts[0]) self._cluster_name = property_values['ClusterName'] self._default_fail_if_cluster_running = property_values[ 'DefaultFailIfClusterRunning'] topic = property_values.get('SuccessTopic', None) self._success_topic = sns.Topic.from_topic_arn(self, 'SuccessTopic', topic) \ if topic is not None \ else None topic = property_values.get('FailureTopic', None) self._failure_topic = sns.Topic.from_topic_arn(self, 'FailureTopic', topic) \ if topic is not None \ else None func = property_values.get('OverrideClusterConfigsLambda', None) self._override_cluster_configs_lambda = aws_lambda.Function.from_function_arn( self, 'OverrideClusterConfigsLambda', func) \ if func is not None \ else None self._allowed_cluster_config_overrides = property_values.get( 'AllowedClusterConfigOverrides', None) self._description = property_values.get('Description', None) self._cluster_tags = [ core.Tag(t['Key'], t['Value']) for t in property_values['ClusterTags'] ] state_machine = property_values['StateMachine'] self._state_machine = sfn.StateMachine.from_state_machine_arn( self, 'StateMachine', state_machine) self._wait_for_cluster_start = property_values.get( 'WaitForClusterStart', None) return self
def test_load_cluster_configuration_builder(): default_task_json = { 'End': True, 'Retry': [{ 'ErrorEquals': ['Lambda.ServiceException', 'Lambda.AWSLambdaException', 'Lambda.SdkClientException'], 'IntervalSeconds': 2, 'MaxAttempts': 6, 'BackoffRate': 2 }], 'Type': 'Task', 'Resource': { 'Fn::GetAtt': ['testtaskLoadClusterConfiguration518ECBAD', 'Arn'] }, 'Parameters': { 'ClusterName': 'test-cluster', 'ClusterTags': [{ 'Key': 'Key1', 'Value': 'Value1' }], 'ProfileNamespace': 'test', 'ProfileName': 'test-profile', 'ConfigurationNamespace': 'test', 'ConfigurationName': 'test-configuration' } } stack = core.Stack(core.App(), 'test-stack') task = emr_tasks.LoadClusterConfigurationBuilder.build( stack, 'test-task', cluster_name='test-cluster', cluster_tags=[core.Tag('Key1', 'Value1')], profile_namespace='test', profile_name='test-profile', configuration_namespace='test', configuration_name='test-configuration', ) print_and_assert(default_task_json, task)
def test_load_cluster_configuration_builder(): default_task_json = { 'End': True, 'OutputPath': '$', 'Parameters': { 'ClusterName': 'test-cluster', 'ClusterTags': [{ 'Key': 'Key1', 'Value': 'Value1' }], 'ConfigurationName': 'test-configuration', 'ConfigurationNamespace': 'test', 'ProfileName': 'test-profile', 'ProfileNamespace': 'test' }, 'Resource': { 'Fn::GetAtt': ['testtaskLoadClusterConfiguration518ECBAD', 'Arn'] }, 'ResultPath': '$.ClusterConfiguration', 'Type': 'Task' } stack = core.Stack(core.App(), 'test-stack') task = emr_tasks.LoadClusterConfigurationBuilder.build( stack, 'test-task', cluster_name='test-cluster', cluster_tags=[core.Tag('Key1', 'Value1')], profile_namespace='test', profile_name='test-profile', configuration_namespace='test', configuration_name='test-configuration', ) print_and_assert(default_task_json, task)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) core.Tag("Project", "BeerTracker") beerdb = _dynamo.Table( self, 'beers', table_name="Beers", billing_mode=_dynamo.BillingMode.PAY_PER_REQUEST, partition_key=_dynamo.Attribute(name="LocationName", type=_dynamo.AttributeType.STRING), sort_key=_dynamo.Attribute(name="BeerName", type=_dynamo.AttributeType.STRING), removal_policy=core.RemovalPolicy.DESTROY) locationdb = _dynamo.Table( self, 'locations', table_name="Locations", billing_mode=_dynamo.BillingMode.PAY_PER_REQUEST, partition_key=_dynamo.Attribute(name="LocationName", type=_dynamo.AttributeType.STRING), removal_policy=core.RemovalPolicy.DESTROY)
def __init__( self, scope: core.Construct, id: str, *, launch_function_name: str, emr_profile: emr_profile.EMRProfile, cluster_configuration: cluster_configuration.ClusterConfiguration, cluster_name: str = None, namespace: str = 'default', default_fail_if_cluster_running: bool = False, success_topic: Optional[sns.Topic] = None, failure_topic: Optional[sns.Topic] = None, override_cluster_configs_lambda: Optional[ aws_lambda.Function] = None, allowed_cluster_config_overrides: Optional[Dict[str, Dict[str, str]]] = None, description: Optional[str] = None, cluster_tags: Union[List[core.Tag], Dict[str, str], None] = None, wait_for_cluster_start: bool = True) -> None: super().__init__(scope, id) if launch_function_name is None: return self._launch_function_name = launch_function_name self._namespace = namespace self._emr_profile = emr_profile self._cluster_configuration = cluster_configuration self._cluster_name = cluster_name self._default_fail_if_cluster_running = default_fail_if_cluster_running self._success_topic = success_topic self._failure_topic = failure_topic self._override_cluster_configs_lambda = override_cluster_configs_lambda self._description = description self._wait_for_cluster_start = wait_for_cluster_start if allowed_cluster_config_overrides is None: self._allowed_cluster_config_overrides = cluster_configuration.override_interfaces.get( 'default', None) else: self._allowed_cluster_config_overrides = allowed_cluster_config_overrides if isinstance(cluster_tags, dict): self._cluster_tags = [ core.Tag(k, v) for k, v in cluster_tags.items() ] elif isinstance(cluster_tags, list): self._cluster_tags = cluster_tags else: self._cluster_tags = [] self._cluster_tags.extend([ core.Tag('deployment:product:name', __product__), core.Tag('deployment:product:version', __version__) ]) if len(cluster_configuration.configuration_artifacts) > 0: if emr_profile.mutable_instance_role: for i in range( len(cluster_configuration.configuration_artifacts)): configuration_artifact = cluster_configuration.configuration_artifacts[ i] bucket_name = configuration_artifact['Bucket'] path = configuration_artifact['Path'] bucket = s3.Bucket.from_bucket_name( self, f'Bucket_{i}', bucket_name) bucket.grant_read(emr_profile.roles.instance_role, path) else: logger.warn( '--------------------------------------------------------------------------' ) logger.warn( 'Unable to authorize the artifacts in the ClusterConfiguration' ) logger.warn( f'The EMRProfile {emr_profile.profile_name} has an immutable Instance Role' ) logger.warn( 'Use of these artifacts will require direct authorization on the EMRProfile' ) logger.warn( '--------------------------------------------------------------------------' ) fail = emr_chains.Fail( self, 'FailChain', message=sfn.TaskInput.from_data_at('$.Error'), subject='EMR Launch Function Failure', topic=failure_topic, error='Failed to Launch Cluster', cause= 'See Execution Event "FailStateEntered" for complete error cause') # Create Task for loading the cluster configuration from Parameter Store load_cluster_configuration = emr_tasks.LoadClusterConfigurationBuilder.build( self, 'LoadClusterConfigurationTask', cluster_name=cluster_name, cluster_tags=self._cluster_tags, profile_namespace=emr_profile.namespace, profile_name=emr_profile.profile_name, configuration_namespace=cluster_configuration.namespace, configuration_name=cluster_configuration.configuration_name, result_path='$.ClusterConfiguration', ) load_cluster_configuration.add_catch(fail, errors=['States.ALL'], result_path='$.Error') # Create Task for overriding cluster configurations override_cluster_configs = emr_tasks.OverrideClusterConfigsBuilder.build( self, 'OverrideClusterConfigsTask', override_cluster_configs_lambda=override_cluster_configs_lambda, allowed_cluster_config_overrides=self. _allowed_cluster_config_overrides, input_path='$.ClusterConfiguration.Cluster', result_path='$.ClusterConfiguration.Cluster', ) # Attach an error catch to the Task override_cluster_configs.add_catch(fail, errors=['States.ALL'], result_path='$.Error') # Create Task to conditionally fail if a cluster with this name is already # running, based on user input fail_if_cluster_running = emr_tasks.FailIfClusterRunningBuilder.build( self, 'FailIfClusterRunningTask', default_fail_if_cluster_running=default_fail_if_cluster_running, input_path='$.ClusterConfiguration.Cluster', result_path='$.ClusterConfiguration.Cluster', ) # Attach an error catch to the task fail_if_cluster_running.add_catch(fail, errors=['States.ALL'], result_path='$.Error') # Create a Task for updating the cluster tags at runtime update_cluster_tags = emr_tasks.UpdateClusterTagsBuilder.build( self, 'UpdateClusterTagsTask', input_path='$.ClusterConfiguration.Cluster', result_path='$.ClusterConfiguration.Cluster', ) # Attach an error catch to the Task update_cluster_tags.add_catch(fail, errors=['States.ALL'], result_path='$.Error') # Create a Task to create the cluster if cluster_configuration.secret_configurations is None and emr_profile.kerberos_attributes_secret is None: # Use a the standard Step Functions/EMR integration to create the cluster create_cluster = emr_tasks.CreateClusterBuilder.build( self, 'CreateClusterTask', roles=emr_profile.roles, input_path='$.ClusterConfiguration.Cluster', result_path='$.LaunchClusterResult', wait_for_cluster_start=wait_for_cluster_start, ) else: # Use the RunJobFlow Lambda to create the cluster to avoid exposing the # SecretConfigurations and KerberosAttributes values create_cluster = emr_tasks.RunJobFlowBuilder.build( self, 'CreateClusterTask', roles=emr_profile.roles, kerberos_attributes_secret=emr_profile. kerberos_attributes_secret, secret_configurations=cluster_configuration. secret_configurations, input_path='$.ClusterConfiguration', result_path='$.LaunchClusterResult', wait_for_cluster_start=wait_for_cluster_start, ) # Attach an error catch to the Task create_cluster.add_catch(fail, errors=['States.ALL'], result_path='$.Error') success = emr_chains.Success( self, 'SuccessChain', message=sfn.TaskInput.from_data_at('$.LaunchClusterResult'), subject='Launch EMR Config Succeeded', topic=success_topic, output_path='$') definition = sfn.Chain \ .start(load_cluster_configuration) \ .next(override_cluster_configs) \ .next(fail_if_cluster_running) \ .next(update_cluster_tags) \ .next(create_cluster) \ .next(success) self._state_machine = sfn.StateMachine( self, 'StateMachine', state_machine_name=f'{namespace}_{launch_function_name}', definition=definition) self._ssm_parameter = ssm.CfnParameter( self, 'SSMParameter', type='String', value=json.dumps(self.to_json()), tier='Intelligent-Tiering', name=f'{SSM_PARAMETER_PREFIX}/{namespace}/{launch_function_name}')
environment_name = f"{os.environ.get('ENVIRONMENT', 'dev')}" base_domain_name = os.environ.get("DOMAIN_NAME", "mysite.com") # if the the production environent subdomain should nott be included in the URL # redefine `full_domain_name` to `base_domain_name` for that environment full_domain_name = f"{environment_name}.{base_domain_name}" # dev.mysite.com if environment_name == "app": full_domain_name = base_domain_name base_app_name = os.environ.get("APP_NAME", "mysite-com") full_app_name = f"{environment_name}-{base_app_name}" # dev-mysite-com aws_region = os.environ.get("AWS_DEFAULT_REGION", "us-east-1") app = core.App() stack = ApplicationStack( app, f"{full_app_name}-stack", environment_name=environment_name, base_domain_name=base_domain_name, full_domain_name=full_domain_name, base_app_name=base_app_name, full_app_name=full_app_name, env={"region": aws_region}, ) # in order to be able to tag ECS resources, you need to go to # the ECS Console > Account Settings > Amazon ECS ARN and resource ID settings # and enable at least Service and Task. Optionally enable # CloudWatch Container Insights stack.node.apply_aspect(core.Tag("StackName", full_app_name)) app.synth()
aws_ec2 as ec2, core, ) class LambdaNumeralsStack(core.Stack): def __init__(self, app: core.App, id: str) -> None: super().__init__(app, id) vpc = ec2.Vpc(self, "NumeralsVpc") lambdaFn = lambda_.Function( self, "NumeralConverterHandler", code=lambda_.Code.asset('lambda'), handler="numeral-converter.main", timeout=core.Duration.seconds(300), runtime=lambda_.Runtime.PYTHON_3_7, vpc=vpc, ) api = apigateway.LambdaRestApi( self, "lambdaNumerals", handler=lambdaFn, proxy=False,) items = api.root.add_resource('numerals') item = items.add_resource('{numerals+}') item.add_method('GET') app = core.App() stack = LambdaNumeralsStack(app, "LambdaNumerals") stack.node.apply_aspect(core.Tag('Owner','Gregg Anderson')) app.synth()
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) eks_vpc = ec2.Vpc(self, "VPC", cidr="10.0.0.0/16") self.node.apply_aspect( core.Tag("kubernetes.io/cluster/cluster", "shared")) eks_vpc.private_subnets[0].node.apply_aspect( core.Tag("kubernetes.io/role/internal-elb", "1")) eks_vpc.private_subnets[1].node.apply_aspect( core.Tag("kubernetes.io/role/internal-elb", "1")) eks_vpc.public_subnets[0].node.apply_aspect( core.Tag("kubernetes.io/role/elb", "1")) eks_vpc.public_subnets[1].node.apply_aspect( core.Tag("kubernetes.io/role/elb", "1")) # Create IAM Role For CodeBuild and Cloud9 codebuild_role = iam.Role( self, "BuildRole", assumed_by=iam.CompositePrincipal( iam.ServicePrincipal("codebuild.amazonaws.com"), iam.ServicePrincipal("ec2.amazonaws.com")), managed_policies=[ iam.ManagedPolicy.from_aws_managed_policy_name( "AdministratorAccess") ]) instance_profile = iam.CfnInstanceProfile( self, "InstanceProfile", roles=[codebuild_role.role_name]) # Create CodeBuild PipelineProject build_project = codebuild.PipelineProject( self, "BuildProject", role=codebuild_role, build_spec=codebuild.BuildSpec.from_source_filename( "aws-infrastructure/buildspec.yml")) # Create CodePipeline pipeline = codepipeline.Pipeline( self, "Pipeline", ) # Create Artifact artifact = codepipeline.Artifact() # Add Source Stage pipeline.add_stage( stage_name="Source", actions=[ codepipeline_actions.GitHubSourceAction( action_name="SourceCodeRepo", owner="jasonumiker", repo="k8s-plus-aws-gitops", output=artifact, oauth_token=core.SecretValue.secrets_manager( "github-token"), trigger=codepipeline_actions.GitHubTrigger.NONE) ]) # Add CodeBuild Stage pipeline.add_stage( stage_name="Deploy", actions=[ codepipeline_actions.CodeBuildAction( action_name="CodeBuildProject", project=build_project, type=codepipeline_actions.CodeBuildActionType.BUILD, input=artifact, environment_variables={ 'PublicSubnet1ID': codebuild.BuildEnvironmentVariable( value=eks_vpc.public_subnets[0].subnet_id), 'PublicSubnet2ID': codebuild.BuildEnvironmentVariable( value=eks_vpc.public_subnets[1].subnet_id), 'PrivateSubnet1ID': codebuild.BuildEnvironmentVariable( value=eks_vpc.private_subnets[0].subnet_id), 'PrivateSubnet2ID': codebuild.BuildEnvironmentVariable( value=eks_vpc.private_subnets[1].subnet_id), 'AWS_DEFAULT_REGION': codebuild.BuildEnvironmentVariable(value=self.region), 'INSTANCEPROFILEID': codebuild.BuildEnvironmentVariable( value=instance_profile.ref) }) ]) cloud9_repository = cloud9.CfnEnvironmentEC2.RepositoryProperty( path_component="k8s-plus-aws-gitops", repository_url="https://github.com/jasonumiker/k8s-plus-aws-gitops" ) cloud9_instance = cloud9.CfnEnvironmentEC2( self, 'Cloud9Instance', instance_type="t2.micro", automatic_stop_time_minutes=30, subnet_id=eks_vpc.public_subnets[0].subnet_id, repositories=[cloud9_repository]) pipeline.node.add_dependency(eks_vpc) pipeline.node.add_dependency(cloud9_instance) cloud9_instance.node.add_dependency(eks_vpc)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) self.vpc = ec2.Vpc( self, id="VPC", cidr="10.0.0.0/16", max_azs=2, nat_gateways=1, subnet_configuration=[ ec2.SubnetConfiguration(name="public", cidr_mask=24, reserved=False, subnet_type=ec2.SubnetType.PUBLIC), ec2.SubnetConfiguration(name="private", cidr_mask=24, reserved=False, subnet_type=ec2.SubnetType.PRIVATE), ec2.SubnetConfiguration(name="DB", cidr_mask=24, reserved=False, subnet_type=ec2.SubnetType.ISOLATED), # ec2.SubnetConfiguration( # name="DB2", cidr_mask=24, # reserved=False, subnet_type=ec2.SubnetType.ISOLATED # ) ], enable_dns_hostnames=True, enable_dns_support=True) core.Tag(key="Application", value=self.stack_name) \ .add(self.vpc, key="Application", value=self.stack_name) # core.Tag("Network", "Public").add(vpc) # core.Tag("Name", "VPCName-Environment").add(vpc) # core.Tag("Environment", "Environment").add(vpc) bastion = ec2.BastionHostLinux( self, id="BastionHost", vpc=self.vpc, instance_name="BastionHost", instance_type=ec2.InstanceType(ec2_type), subnet_selection=ec2.SubnetSelection( subnet_type=ec2.SubnetType.PUBLIC)) bastion.allow_ssh_access_from(ec2.Peer.any_ipv4()) # Setup key_name for EC2 instance login if you don't use Session Manager #bastion.instance.instance.add_property_override("KeyName", key_name) ec2.CfnEIP(self, id="BastionHostEIP", domain="vpc", instance_id=bastion.instance_id) core.CfnOutput( self, id="VPCId", value=self.vpc.vpc_id, description="VPC ID", export_name=f"{self.region}:{self.account}:{self.stack_name}:vpc-id" ) core.CfnOutput( self, id="BastionPrivateIP", value=bastion.instance_private_ip, description="BASTION Private IP", export_name= f"{self.region}:{self.account}:{self.stack_name}:bastion-private-ip" ) core.CfnOutput( self, id="BastionPublicIP", value=bastion.instance_public_ip, description="BASTION Public IP", export_name= f"{self.region}:{self.account}:{self.stack_name}:bastion-public-ip" )
def __init__(self, scope: core.Construct, id: str, vpc_ip: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) if vpc_ip: print("VPC_IP " + vpc_ip) cidr = vpc_ip else: cidr = "10.0.0.0/16" # 01. VPC 생성 cfVpc = ec2.CfnVPC(self, "VPC", cidr_block=cidr, tags=[core.Tag(key="Name", value="CDKVPC")]) # 02. Subnet 생성 subnet_2a = ec2.CfnSubnet( self, id="subnet_2a", availability_zone="ap-northeast-2a", cidr_block="100.0.1.0/24", map_public_ip_on_launch=True, vpc_id=cfVpc.ref, tags=[core.Tag(key="Name", value="subnet-2a")]) subnet_2c = ec2.CfnSubnet( self, id="subnet_2c", availability_zone="ap-northeast-2c", cidr_block="100.0.2.0/24", map_public_ip_on_launch=True, vpc_id=cfVpc.ref, tags=[core.Tag(key="Name", value="subnet-2c")]) # 03. Internet Gateway 생성 internet_gateway = ec2.CfnInternetGateway( self, id="Internet_Gateway_DNS_Example", tags=[core.Tag(key="Name", value="Internet_Gateway_for_DNS")]) # 04. Internat Gateway Attach ec2.CfnVPCGatewayAttachment(self, id="vpcgw", vpc_id=cfVpc.ref, internet_gateway_id=internet_gateway.ref) #05. Route Table 생성 route_table = ec2.CfnRouteTable( self, id="dns_example_routetable", vpc_id=cfVpc.ref, tags=[core.Tag(key="Name", value="Route_for_DNS")]) #Route ec2.CfnRoute(self, id="IGW_Route", route_table_id=route_table.ref, destination_cidr_block="0.0.0.0/0", gateway_id=internet_gateway.ref) ec2.CfnSubnetRouteTableAssociation(self, id="DnsSubnet_Associate_2a", route_table_id=route_table.ref, subnet_id=subnet_2a.ref) ec2.CfnSubnetRouteTableAssociation(self, id="DnsSubnet_Associate_2c", route_table_id=route_table.ref, subnet_id=subnet_2c.ref) # 03. SG 생성 sg = ec2.CfnSecurityGroup(self, id="sg-ssh", vpc_id=cfVpc.ref, group_description="Default Group", tags=[core.Tag(key="Name", value="DNS_SG")]) #security_group_ingress=[ingress_ssh]) #security_group_egress=[egress_all]) ingress_ssh = ec2.CfnSecurityGroupIngress(self, "SSH", ip_protocol="tcp", group_id=sg.ref, from_port=22, to_port=22, cidr_ip="0.0.0.0/0") egress_all = ec2.CfnSecurityGroupEgress( self, id="OUTBOUND", group_id=sg.ref, ip_protocol="-1", #from_port=0, #to_port=65535, cidr_ip="0.0.0.0/0") # 04. DNS Server EC2 생성 dns_server = ec2.MachineImage.generic_linux( {"ap-northeast-2": "ami-00d293396a942208d"}) ec2.CfnInstance(self, id="dns_master", image_id=dns_server.get_image(self).image_id, instance_type="t2.small", key_name="SeoulRegion", security_group_ids=[sg.ref], subnet_id=subnet_2a.ref, tags=[{ "key": "Name", "value": "dns_master" }]) ec2.CfnInstance(self, id="dns_slave", image_id=dns_server.get_image(self).image_id, instance_type="t2.small", key_name="SeoulRegion", security_group_ids=[sg.ref], subnet_id=subnet_2c.ref, tags=[{ "key": "Name", "value": "dns_slave" }])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) eks_vpc = ec2.Vpc(self, "VPC", cidr="10.0.0.0/16") self.node.apply_aspect( core.Tag("kubernetes.io/cluster/cluster", "shared")) eks_vpc.private_subnets[0].node.apply_aspect( core.Tag("kubernetes.io/role/internal-elb", "1")) eks_vpc.private_subnets[1].node.apply_aspect( core.Tag("kubernetes.io/role/internal-elb", "1")) eks_vpc.public_subnets[0].node.apply_aspect( core.Tag("kubernetes.io/role/elb", "1")) eks_vpc.public_subnets[1].node.apply_aspect( core.Tag("kubernetes.io/role/elb", "1")) # Create IAM Role For CodeBuild and Cloud9 codebuild_role = iam.Role( self, "BuildRole", assumed_by=iam.CompositePrincipal( iam.ServicePrincipal("codebuild.amazonaws.com"), iam.ServicePrincipal("ec2.amazonaws.com")), managed_policies=[ iam.ManagedPolicy.from_aws_managed_policy_name( "AdministratorAccess") ]) instance_profile = iam.CfnInstanceProfile( self, "InstanceProfile", roles=[codebuild_role.role_name]) # Create CodeBuild PipelineProject build_project = codebuild.PipelineProject( self, "BuildProject", role=codebuild_role, build_spec=codebuild.BuildSpec.from_source_filename( "buildspec.yml")) # Create CodePipeline pipeline = codepipeline.Pipeline( self, "Pipeline", ) # Create Artifact artifact = codepipeline.Artifact() # S3 Source Bucket source_bucket = s3.Bucket.from_bucket_attributes( self, "SourceBucket", bucket_arn=core.Fn.join( "", ["arn:aws:s3:::ee-assets-prod-", core.Fn.ref("AWS::Region")])) # Add Source Stage pipeline.add_stage( stage_name="Source", actions=[ codepipeline_actions.S3SourceAction( action_name="S3SourceRepo", bucket=source_bucket, bucket_key= "modules/2cae1f20008d4fc5aaef294602649b98/v9/source.zip", output=artifact, trigger=codepipeline_actions.S3Trigger.NONE) ]) # Add CodeBuild Stage pipeline.add_stage( stage_name="Deploy", actions=[ codepipeline_actions.CodeBuildAction( action_name="CodeBuildProject", project=build_project, type=codepipeline_actions.CodeBuildActionType.BUILD, input=artifact, environment_variables={ 'PublicSubnet1ID': codebuild.BuildEnvironmentVariable( value=eks_vpc.public_subnets[0].subnet_id), 'PublicSubnet2ID': codebuild.BuildEnvironmentVariable( value=eks_vpc.public_subnets[1].subnet_id), 'PrivateSubnet1ID': codebuild.BuildEnvironmentVariable( value=eks_vpc.private_subnets[0].subnet_id), 'PrivateSubnet2ID': codebuild.BuildEnvironmentVariable( value=eks_vpc.private_subnets[1].subnet_id), 'AWS_DEFAULT_REGION': codebuild.BuildEnvironmentVariable(value=self.region), 'INSTANCEPROFILEID': codebuild.BuildEnvironmentVariable( value=instance_profile.ref), 'AWS_ACCOUNT_ID': codebuild.BuildEnvironmentVariable(value=self.account) }) ]) cloud9_stack = cloudformation.CfnStack( self, "Cloud9Stack", # template_url="https://aws-quickstart.s3.amazonaws.com/quickstart-cloud9-ide/templates/cloud9-ide-instance.yaml", template_url= "https://ee-assets-prod-us-east-1.s3.amazonaws.com/modules/2cae1f20008d4fc5aaef294602649b98/v9/cloud9-ide-instance.yaml", parameters={ "C9InstanceType": "m5.large", "C9Subnet": eks_vpc.public_subnets[0].subnet_id }) pipeline.node.add_dependency(eks_vpc) pipeline.node.add_dependency(cloud9_stack)
account=os.environ["CDK_DEFAULT_ACCOUNT"], region=os.environ["CDK_DEFAULT_REGION"])) # Load our SSE-KMS EMR Profile created in the emr_profiles example sse_kms_profile = emr_profile.EMRProfile.from_stored_profile( stack, 'EMRProfile', 'sse-kms-profile') # Load our Basic Cluster Configuration created in the cluster_configurations example cluster_config = cluster_configuration.ClusterConfiguration.from_stored_configuration( stack, 'ClusterConfiguration', 'basic-instance-group-cluster') # Create a new State Machine to launch a cluster with the Basic configuration # Unless specifically indicated, fail to start if a cluster of the same name # is already running. Allow any parameter in the default override_interface to # be overwritten. launch_function = emr_launch_function.EMRLaunchFunction( stack, 'EMRLaunchFunction', launch_function_name='launch-basic-cluster', cluster_configuration=cluster_config, emr_profile=sse_kms_profile, cluster_name='basic-cluster', default_fail_if_cluster_running=True, allowed_cluster_config_overrides=cluster_config. override_interfaces['default'], cluster_tags=[core.Tag('Key1', 'Value1'), core.Tag('Key2', 'Value2')], wait_for_cluster_start=True) app.synth()