def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) vpc = ec2.Vpc(self, 'vpc1' ) bucket_name = 'my-cdk-bucket' s3.Bucket(self, bucket_name, bucket_name=bucket_name, access_control=s3.BucketAccessControl.PUBLIC_READ_WRITE, removal_policy=RemovalPolicy.DESTROY) ec2.Volume(self, 'vol1', availability_zone='us-east-1a', size=core.Size.gibibytes(8)) sg = ec2.SecurityGroup(self, 'sg1', vpc=vpc) sg.add_ingress_rule(Peer.any_ipv4(), Port.tcp(22)) kms.Key(self, 'kms1') rds.DatabaseInstance(self, 'rds1', engine=rds.DatabaseInstanceEngine.postgres(version=PostgresEngineVersion.VER_12), master_username='******', vpc=vpc, vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC))
def add_nlb(self, scope: Construct, service: IEc2Service, port: Port, subdomain_name: str, description: str) -> None: port_dict = port.to_rule_json() Tags.of(service).add("NLB-protocol", port_dict["ipProtocol"]) Tags.of(service).add("NLB-port", str(port_dict["fromPort"])) self.create_alias(scope, subdomain_name) self.security_group.add_ingress_rule( peer=Peer.any_ipv6(), connection=port, description=f"{description} (IPv6)") self.security_group.add_ingress_rule( peer=Peer.any_ipv4(), connection=port, description=f"{description} (IPv4)")
def get_peer(self, traffic: AlbTrafficEnum) -> Optional[IPeer]: """ Depending on enum creates a peer. :param traffic: Configuration enum. :return: Peer. """ if traffic == AlbTrafficEnum.INTERNET: cidr_peer = Peer.any_ipv4() elif traffic == AlbTrafficEnum.VPC: cidr_peer = Peer.ipv4(self.__vpc.vpc_cidr_block) else: cidr_peer = None return cidr_peer
def get_web_security_group(self, vpc): security_group = SecurityGroup( self._stack, 'obm_web', vpc=vpc, allow_all_outbound=True, ) for port_number in [SSH_PORT, HTTP_PORT, HTTPS_PORT]: port = Port(from_port=port_number, to_port=port_number, protocol=Protocol.TCP, string_representation=f"Port {port_number}") security_group.add_ingress_rule(peer=Peer.any_ipv4(), connection=port) security_group.add_ingress_rule(peer=Peer.any_ipv6(), connection=port) self._tag_it(security_group) return security_group
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) vpc = ec2.Vpc(self, 'vpc1') bucket_name = 'my-cdk-bucket' s3.Bucket(self, bucket_name, bucket_name=bucket_name, access_control=s3.BucketAccessControl.PUBLIC_READ_WRITE, removal_policy=RemovalPolicy.DESTROY) ec2.Volume(self, 'vol1', availability_zone='us-east-1a', size=core.Size.gibibytes(8)) sg = ec2.SecurityGroup(self, 'sg1', vpc=vpc) sg.add_ingress_rule(Peer.any_ipv4(), Port.tcp(22)) kms.Key(self, 'kms1')