def __init__(self, scope: core.Construct, id: str,
app_nw_stack: appNwStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Contexts
PRJ = self.node.try_get_context("prj")
TGW_ID = self.node.try_get_context("tgw-id")
# Parameters
# Functions
def nametag(x):
return core.CfnTag(key="Name", value="{}/{}".format(PRJ, x))
# ### Resources
# Tgw Attachment for APP-VPC
self.out_tgw_attachment = ec2.CfnTransitGatewayAttachment(
self,
"appTgwAttachment",
vpc_id=app_nw_stack.vpc.ref,
subnet_ids=[app_nw_stack.tgw_subnet.ref],
transit_gateway_id=TGW_ID,
tags=[nametag("appTgwAttachment")])
# ### Output
core.CfnOutput(self,
"tgwAttachmentOutput",
value=self.out_tgw_attachment.ref,
export_name="TgwAttachmentId")
def __init__(self, scope: core.Construct, id: str, out_nw_stack: outNwStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Contexts
PRJ = self.node.try_get_context("prj")
# Parameters
# Functions
def nametag(x): return core.CfnTag(
key="Name", value="{}/{}".format(PRJ, x))
# ### Resources
# Tgw
self.tgw = ec2.CfnTransitGateway(
self, "tgw",
auto_accept_shared_attachments="enable",
default_route_table_association="disable",
default_route_table_propagation="disable",
description="transit gateway({})".format(PRJ),
tags=[nametag("tgw")]
)
# Tgw Attachment for Outbound-VPC
self.out_tgw_attachment = ec2.CfnTransitGatewayAttachment(
self, "outTgwAttachment",
vpc_id=out_nw_stack.vpc.ref,
subnet_ids=[out_nw_stack.tgw_subnet.ref],
transit_gateway_id=self.tgw.ref,
tags=[nametag("outTgwAttachment")]
)
def __init__(self, scope: core.Construct, id: str, *, cidr_range: str,
transit_gateway: ec2.CfnTransitGateway, role: iam.IRole,
**kwargs):
super().__init__(scope, id, **kwargs)
vpc = ec2.Vpc(
self,
'Vpc',
cidr=cidr_range,
max_azs=2,
nat_gateways=1,
)
sg = ec2.SecurityGroup(
self,
'InstanceSecurityGroup',
vpc=vpc,
)
sg.add_ingress_rule(ec2.Peer.ipv4('10.0.0.0/8'), ec2.Port.tcp(80))
user_data = ec2.UserData.for_linux()
user_data.add_commands(raw_user_data)
ec2.Instance(
self,
'Instance',
role=role,
vpc=vpc,
security_group=sg,
user_data=user_data,
instance_type=ec2.InstanceType.of(
instance_class=ec2.InstanceClass.BURSTABLE3_AMD,
instance_size=ec2.InstanceSize.NANO,
),
machine_image=ec2.AmazonLinuxImage(
generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2, ),
)
# TODO: replace by CDK construct when available
attachment = ec2.CfnTransitGatewayAttachment(
self,
'TransitGatewayAttachment',
transit_gateway_id=transit_gateway.ref,
vpc_id=vpc.vpc_id,
subnet_ids=[subnet.subnet_id for subnet in vpc.private_subnets],
)
for i, subnet in enumerate(vpc.private_subnets):
# TODO: replace by CDK construct when available
route = ec2.CfnRoute(
self,
'TransitGatewayRoute{}'.format(i),
route_table_id=subnet.route_table.route_table_id,
transit_gateway_id=transit_gateway.ref,
destination_cidr_block='10.0.0.0/8')
route.node.add_dependency(attachment)
def __init__(self, scope:core.Construct, id:str, landing_zone:LandingZone, peers:List[LandingZone], amazon_asn:int, **kwargs):
"""
Configure the Transit Gateways
"""
super().__init__(scope,id, **kwargs)
self.landing_zone = landing_zone
self.peers = peers
self.gateway = ec2.CfnTransitGateway(self,'TransitGateway',
amazon_side_asn=amazon_asn,
auto_accept_shared_attachments='enable',
default_route_table_association='enable',
default_route_table_propagation='enable',
description='HomeNet TransitGateway',
dns_support='enable',
vpn_ecmp_support='enable',
tags=[
core.CfnTag(key='Name',value='HomeNet/TGW')
])
entries = []
for peer in peers:
if peer == landing_zone:
continue
entries.append(ec2.CfnPrefixList.EntryProperty(cidr=peer.cidr_block,description=peer.zone_name))
ec2.CfnPrefixList(self,'PeerPrefix',
address_family='IPv4',
entries= entries,
max_entries=100,
prefix_list_name='nbachmei.homenet.tgw-peers',
tags=[core.CfnTag(key='Name',value='HomeNet TGW Prefixes')])
ec2.CfnTransitGatewayAttachment(self,'VpcAttachment',
subnet_ids= landing_zone.vpc.select_subnets(subnet_group_name='TGW').subnet_ids,
transit_gateway_id= self.gateway.ref,
vpc_id= landing_zone.vpc.vpc_id,
tags=[core.CfnTag(key='Name',value='HomeNet')])
ssm.CfnParameter(self,'RegionalGatewayParameter',
name='/homenet/{}/transit-gateway/gateway-id'.format(landing_zone.region),
value=self.gateway.ref,
type='String')
self.__add_peers()
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# def __init__(self, scope: core.Construct, id: str, cidr_range: str, tgw_asn: int, **kwargs) -> None:
# super().__init__(scope, id, **kwargs)
this_dir = path.dirname(__file__)
# VPC Creation
self.vpc = ec2.Vpc(
self,
"TransitVPC",
max_azs=1,
cidr="172.16.0.0/24",
# configuration will create 1 subnet in a single AZ.
subnet_configuration=[
ec2.SubnetConfiguration(subnet_type=ec2.SubnetType.ISOLATED,
name="Isolated",
cidr_mask=25)
])
# Transit Gateway creation
self.tgw = ec2.CfnTransitGateway(
self,
id="TGW-USe1",
amazon_side_asn=64512,
auto_accept_shared_attachments="enable",
default_route_table_association="enable",
default_route_table_propagation="enable",
tags=[core.CfnTag(key='Name', value="tgw-us-east-1")])
# Transit Gateway attachment to the VPC
self.tgw_attachment = ec2.CfnTransitGatewayAttachment(
self,
id="TGW-Attachment",
transit_gateway_id=self.tgw.ref,
vpc_id=self.vpc.vpc_id,
subnet_ids=[
subnet.subnet_id for subnet in self.vpc.isolated_subnets
],
tags=[
core.CfnTag(key='Name',
value=f"tgw-{self.vpc.vpc_id}-attachment")
])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self.defaultVpc = aws_ec2.Vpc(
self,
"Default",
cidr='10.0.0.0/24',
nat_gateways=2,
subnet_configuration=[
aws_ec2.SubnetConfiguration(
name="public",
cidr_mask=27,
reserved=False,
subnet_type=aws_ec2.SubnetType.PUBLIC),
aws_ec2.SubnetConfiguration(
name="private",
cidr_mask=27,
reserved=False,
subnet_type=aws_ec2.SubnetType.PRIVATE)
])
self.eksVpc = aws_ec2.Vpc(
self,
"EKSvpc",
cidr='192.168.0.0/24',
subnet_configuration=[
aws_ec2.SubnetConfiguration(
name="private",
cidr_mask=26,
reserved=False,
subnet_type=aws_ec2.SubnetType.ISOLATED)
])
self.transitGw = aws_ec2.CfnTransitGateway(
self,
"DefaultTransitGw",
default_route_table_association="disable",
)
self.tgAttachmentPrivate = aws_ec2.CfnTransitGatewayAttachment(
self,
"DefaultTGAttachment",
transit_gateway_id=self.transitGw.ref,
vpc_id=self.defaultVpc.vpc_id,
subnet_ids=[
self.defaultVpc.private_subnets[0].subnet_id,
self.defaultVpc.private_subnets[1].subnet_id
],
tags=None)
self.tgAttachmentPrivate.add_depends_on(self.transitGw)
self.tgAttachmentEks = aws_ec2.CfnTransitGatewayAttachment(
self,
"EksTGAttachment",
transit_gateway_id=self.transitGw.ref,
vpc_id=self.eksVpc.vpc_id,
subnet_ids=[
self.eksVpc.isolated_subnets[0].subnet_id,
self.eksVpc.isolated_subnets[1].subnet_id
],
tags=None)
self.tgAttachmentEks.add_depends_on(self.transitGw)
isolatedSubnetRoutes = core.Construct(self, 'Isolated Subnet Routes')
for (i, subnet) in enumerate(self.eksVpc.isolated_subnets):
aws_ec2.CfnRoute(
isolatedSubnetRoutes,
id=f"Default Route EKS {i}",
route_table_id=subnet.route_table.route_table_id,
destination_cidr_block="0.0.0.0/0",
transit_gateway_id=self.transitGw.ref).add_depends_on(
self.tgAttachmentEks)
privateSubnetRoutes = core.Construct(self, 'Private Subnet Routes')
for (i, subnet) in enumerate(self.defaultVpc.private_subnets):
aws_ec2.CfnRoute(
privateSubnetRoutes,
id=f"Eks route defalt {i}",
route_table_id=subnet.route_table.route_table_id,
destination_cidr_block=self.eksVpc.vpc_cidr_block,
transit_gateway_id=self.transitGw.ref).add_depends_on(
self.tgAttachmentEks)
publicSubnetRoutes = core.Construct(self, 'Public Subnet Routes')
for (i, subnet) in enumerate(self.defaultVpc.public_subnets):
aws_ec2.CfnRoute(
publicSubnetRoutes,
id=f"Eks route defalt {i}",
route_table_id=subnet.route_table.route_table_id,
destination_cidr_block=self.eksVpc.vpc_cidr_block,
transit_gateway_id=self.transitGw.ref).add_depends_on(
self.tgAttachmentEks)
self.transitGwRT = aws_ec2.CfnTransitGatewayRouteTable(
self,
'transitGw Route Table',
transit_gateway_id=self.transitGw.ref,
tags=None)
self.transitGwRoute = aws_ec2.CfnTransitGatewayRoute(
self,
'transitGW Route',
transit_gateway_route_table_id=self.transitGwRT.ref,
destination_cidr_block='0.0.0.0/0',
transit_gateway_attachment_id=self.tgAttachmentPrivate.ref)
self.TGRouteTableAssociationDefaultVPC = aws_ec2.CfnTransitGatewayRouteTableAssociation(
self,
'DefaultVPC Association',
transit_gateway_attachment_id=self.tgAttachmentPrivate.ref,
transit_gateway_route_table_id=self.transitGwRoute.
transit_gateway_route_table_id)
self.TGRouteTablePropagationDefaultVPC = aws_ec2.CfnTransitGatewayRouteTablePropagation(
self,
'DefaultVPC Propagation',
transit_gateway_attachment_id=self.tgAttachmentPrivate.ref,
transit_gateway_route_table_id=self.transitGwRoute.
transit_gateway_route_table_id)
self.TGRouteTableAssociationEksVPC = aws_ec2.CfnTransitGatewayRouteTableAssociation(
self,
'EksVPC Association',
transit_gateway_attachment_id=self.tgAttachmentEks.ref,
transit_gateway_route_table_id=self.transitGwRoute.
transit_gateway_route_table_id)
self.TGRouteTablePropagationEksVPC = aws_ec2.CfnTransitGatewayRouteTablePropagation(
self,
'EksVPC Propagation',
transit_gateway_attachment_id=self.tgAttachmentEks.ref,
transit_gateway_route_table_id=self.transitGwRoute.
transit_gateway_route_table_id)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = _ec2.Vpc.from_lookup(self, "my_vpc", is_default=True)
self.nat_vpc = _ec2.Vpc(
self,
id="nat_vpc",
cidr="10.77.4.0/24",
enable_dns_hostnames=True,
enable_dns_support=True,
max_azs=1,
nat_gateways=1,
subnet_configuration=[
_ec2.SubnetConfiguration(cidr_mask=25,
name='nat-public',
subnet_type=_ec2.SubnetType.PUBLIC),
_ec2.SubnetConfiguration(cidr_mask=25,
name='nat-private',
subnet_type=_ec2.SubnetType.PRIVATE)
])
self.app_vpc = _ec2.Vpc(
self,
id="app_vpc",
cidr="10.77.5.0/24",
enable_dns_hostnames=True,
enable_dns_support=True,
max_azs=1,
nat_gateways=0,
subnet_configuration=[
_ec2.SubnetConfiguration(cidr_mask=25,
name='app-public1',
subnet_type=_ec2.SubnetType.PUBLIC),
_ec2.SubnetConfiguration(cidr_mask=25,
name='app-private1',
subnet_type=_ec2.SubnetType.ISOLATED)
])
self.tgw = _ec2.CfnTransitGateway(
self,
id='tgw-test',
amazon_side_asn=65520,
auto_accept_shared_attachments="enable",
default_route_table_association="enable",
default_route_table_propagation="enable",
tags=[core.CfnTag(key='Name', value='TGW-PoC')])
self.tgw_nat_attachment = _ec2.CfnTransitGatewayAttachment(
self,
id="tgw-natvpc",
transit_gateway_id=self.tgw.ref,
vpc_id=self.nat_vpc.vpc_id,
subnet_ids=[
subnet.subnet_id for subnet in self.nat_vpc.private_subnets
],
tags=[core.CfnTag(key='Name', value='TGW-Nat-Attachment')])
self.tgw_app_attachment = _ec2.CfnTransitGatewayAttachment(
self,
id="tgw-appvpc",
transit_gateway_id=self.tgw.ref,
vpc_id=self.app_vpc.vpc_id,
subnet_ids=[
subnet.subnet_id for subnet in self.app_vpc.isolated_subnets
],
tags=[core.CfnTag(key='Name', value='TGW-App-Attachment')])
def __init__(self, scope: core.Construct, id: str, cidr_range: str,
tgw_asn: int, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# VPC Creation
self.vpc = ec2.Vpc(
self,
f"{kwargs['env']['region']}-vpc",
max_azs=1,
cidr=cidr_range,
# configuration will create 1 subnet in a single AZ.
subnet_configuration=[
ec2.SubnetConfiguration(subnet_type=ec2.SubnetType.ISOLATED,
name="Isolated",
cidr_mask=25)
])
# Transit Gateway creation
self.tgw = ec2.CfnTransitGateway(
self,
id=f"TGW-{kwargs['env']['region']}",
amazon_side_asn=tgw_asn,
auto_accept_shared_attachments="enable",
default_route_table_association="enable",
default_route_table_propagation="enable",
tags=[
core.CfnTag(key='Name', value=f"tgw-{kwargs['env']['region']}")
])
# Transit Gateway attachment to the VPC
self.tgw_attachment = ec2.CfnTransitGatewayAttachment(
self,
id=f"tgw-vpc-{kwargs['env']['region']}",
transit_gateway_id=self.tgw.ref,
vpc_id=self.vpc.vpc_id,
subnet_ids=[
subnet.subnet_id for subnet in self.vpc.isolated_subnets
],
tags=[
core.CfnTag(key='Name',
value=f"tgw-{self.vpc.vpc_id}-attachment")
])
# VPC Endpoint creation for SSM (3 Endpoints needed)
ec2.InterfaceVpcEndpoint(
self,
"VPCe - SSM",
service=ec2.InterfaceVpcEndpointService(
core.Fn.sub("com.amazonaws.${AWS::Region}.ssm")),
private_dns_enabled=True,
vpc=self.vpc,
)
ec2.InterfaceVpcEndpoint(
self,
"VPCe - EC2 Messages",
service=ec2.InterfaceVpcEndpointService(
core.Fn.sub("com.amazonaws.${AWS::Region}.ec2messages")),
private_dns_enabled=True,
vpc=self.vpc,
)
ec2.InterfaceVpcEndpoint(
self,
"VPCe - SSM Messages",
service=ec2.InterfaceVpcEndpointService(
core.Fn.sub("com.amazonaws.${AWS::Region}.ssmmessages")),
private_dns_enabled=True,
vpc=self.vpc,
)
