def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = ec2.Vpc(self,
'vpc1'
)
bucket_name = 'my-cdk-bucket'
s3.Bucket(self,
bucket_name,
bucket_name=bucket_name,
access_control=s3.BucketAccessControl.PUBLIC_READ_WRITE,
removal_policy=RemovalPolicy.DESTROY)
ec2.Volume(self, 'vol1', availability_zone='us-east-1a', size=core.Size.gibibytes(8))
sg = ec2.SecurityGroup(self,
'sg1',
vpc=vpc)
sg.add_ingress_rule(Peer.any_ipv4(), Port.tcp(22))
kms.Key(self, 'kms1')
rds.DatabaseInstance(self,
'rds1',
engine=rds.DatabaseInstanceEngine.postgres(version=PostgresEngineVersion.VER_12),
master_username='******',
vpc=vpc,
vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC))
def add_nlb(self, scope: Construct, service: IEc2Service, port: Port,
subdomain_name: str, description: str) -> None:
port_dict = port.to_rule_json()
Tags.of(service).add("NLB-protocol", port_dict["ipProtocol"])
Tags.of(service).add("NLB-port", str(port_dict["fromPort"]))
self.create_alias(scope, subdomain_name)
self.security_group.add_ingress_rule(
peer=Peer.any_ipv6(),
connection=port,
description=f"{description} (IPv6)")
self.security_group.add_ingress_rule(
peer=Peer.any_ipv4(),
connection=port,
description=f"{description} (IPv4)")
def get_peer(self, traffic: AlbTrafficEnum) -> Optional[IPeer]:
"""
Depending on enum creates a peer.
:param traffic: Configuration enum.
:return: Peer.
"""
if traffic == AlbTrafficEnum.INTERNET:
cidr_peer = Peer.any_ipv4()
elif traffic == AlbTrafficEnum.VPC:
cidr_peer = Peer.ipv4(self.__vpc.vpc_cidr_block)
else:
cidr_peer = None
return cidr_peer
def get_web_security_group(self, vpc):
security_group = SecurityGroup(
self._stack,
'obm_web',
vpc=vpc,
allow_all_outbound=True,
)
for port_number in [SSH_PORT, HTTP_PORT, HTTPS_PORT]:
port = Port(from_port=port_number,
to_port=port_number,
protocol=Protocol.TCP,
string_representation=f"Port {port_number}")
security_group.add_ingress_rule(peer=Peer.any_ipv4(),
connection=port)
security_group.add_ingress_rule(peer=Peer.any_ipv6(),
connection=port)
self._tag_it(security_group)
return security_group
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = ec2.Vpc(self, 'vpc1')
bucket_name = 'my-cdk-bucket'
s3.Bucket(self,
bucket_name,
bucket_name=bucket_name,
access_control=s3.BucketAccessControl.PUBLIC_READ_WRITE,
removal_policy=RemovalPolicy.DESTROY)
ec2.Volume(self,
'vol1',
availability_zone='us-east-1a',
size=core.Size.gibibytes(8))
sg = ec2.SecurityGroup(self, 'sg1', vpc=vpc)
sg.add_ingress_rule(Peer.any_ipv4(), Port.tcp(22))
kms.Key(self, 'kms1')