def __init__(self, scope: core.Construct, id: str, vpc, ecr_repo, **kwargs) -> None: super().__init__(scope, id, **kwargs) task_definition = FargateTaskDefinition(self, "chatTaskDefinition", memory_limit_mib=2048, cpu=512) ecs_cluster = Cluster(self, "chatCluster", cluster_name="chat-cluster", vpc=vpc) fargate_service = ApplicationLoadBalancedFargateService( self, "FargateService", cluster=ecs_cluster, task_definition=task_definition, task_image_options=ApplicationLoadBalancedTaskImageOptions( image=ContainerImage.from_ecr_repository(ecr_repo)), desired_count=3, service_name="chat-service", memory_limit_mib=2048, cpu=512) fargate_service.service.auto_scale_task_count(min_capacity=2, max_capacity=5)
def __init__(self, scope: cdk.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) # The code that defines your stack goes here table = dynamodb.Table( self, "TheTable", table_name="cdk-table", partition_key=dynamodb.Attribute( name="id", type=dynamodb.AttributeType.STRING), removal_policy=cdk.RemovalPolicy.DESTROY, ) # compute_environment = batch.ComputeEnvironment( # self, # "MyComputeEnvironment", # compute_environment_name="cdk-env", # compute_resources=batch.ComputeResources( # vpc=Vpc.from_lookup(self, "VPC", is_default=True), # ), # enabled=True, # managed=True, # ) job_role = Role( self, "BatchJobRole", assumed_by=ServicePrincipal("ecs-tasks.amazonaws.com"), description="Role for a container in a Batch job", role_name="CDK-BatchJobRole", managed_policies=[ ManagedPolicy.from_aws_managed_policy_name( managed_policy_name="AmazonDynamoDBFullAccess"), ], ) repository = Repository( self, "MyRepository", removal_policy=cdk.RemovalPolicy.DESTROY, repository_name="cdk-my-repository", lifecycle_rules=[ LifecycleRule(max_image_count=5, description="Max 5 images") ], ) image: ContainerImage = ContainerImage.from_ecr_repository( repository=repository, tag="latest", ) container = batch.JobDefinitionContainer( image=image, job_role=job_role, command=["python", "run.py", "--help"], environment={ "READINGS_TABLE": table.table_name, "AWS_REGION": self.region, }, vcpus=1, log_configuration=batch.LogConfiguration( log_driver=batch.LogDriver.AWSLOGS), memory_limit_mib=2048, ) batch.JobDefinition( self, "JobDefinitionCreate", container=container, job_definition_name="create", retry_attempts=1, )
def __init__( self, scope: App, id: str, envs: EnvSettings, components: ComponentsStack, base_resources: BaseResources, ): super().__init__(scope, id) self.db_secret_arn = Fn.import_value( BaseResources.get_database_secret_arn_output_export_name(envs)) self.job_processing_queues = components.data_processing_queues self.vpc = base_resources.vpc self.db = base_resources.db self.app_bucket = Bucket(self, "App", versioned=True) if self.app_bucket.bucket_arn: CfnOutput( self, id="AppBucketOutput", export_name=self.get_app_bucket_arn_output_export_name(envs), value=self.app_bucket.bucket_arn, ) self.pages_bucket = Bucket(self, "Pages", public_read_access=True) self.domain_name = StringParameter.from_string_parameter_name( self, "DomainNameParameter", string_parameter_name="/schema-cms-app/DOMAIN_NAME").string_value self.certificate_arn = StringParameter.from_string_parameter_name( self, "CertificateArnParameter", string_parameter_name="/schema-cms-app/CERTIFICATE_ARN" ).string_value django_secret = Secret(self, "DjangoSecretKey", secret_name="SCHEMA_CMS_DJANGO_SECRET_KEY") lambda_auth_token_secret = Secret( self, "LambdaAuthToken", secret_name="SCHEMA_CMS_LAMBDA_AUTH_TOKEN") if lambda_auth_token_secret.secret_arn: CfnOutput( self, id="lambdaAuthTokenArnOutput", export_name=self.get_lambda_auth_token_arn_output_export_name( envs), value=lambda_auth_token_secret.secret_arn, ) self.django_secret_key = EcsSecret.from_secrets_manager(django_secret) self.lambda_auth_token = EcsSecret.from_secrets_manager( lambda_auth_token_secret) tag_from_context = self.node.try_get_context("app_image_tag") tag = tag_from_context if tag_from_context != "undefined" else None api_image = ContainerImage.from_ecr_repository( repository=Repository.from_repository_name( self, id="BackendRepository", repository_name=BaseECR.get_backend_repository_name(envs)), tag=tag, ) nginx_image = ContainerImage.from_ecr_repository( repository=Repository.from_repository_name( self, id="NginxRepository", repository_name=BaseECR.get_nginx_repository_name(envs)), tag=tag, ) self.api = ApplicationLoadBalancedFargateService( self, "ApiService", service_name=f"{envs.project_name}-api-service", cluster=Cluster.from_cluster_attributes( self, id="WorkersCluster", cluster_name="schema-ecs-cluster", vpc=self.vpc, security_groups=[], ), task_image_options=ApplicationLoadBalancedTaskImageOptions( image=nginx_image, container_name="nginx", container_port=80, enable_logging=True, ), desired_count=1, cpu=512, memory_limit_mib=1024, certificate=Certificate.from_certificate_arn( self, "Cert", certificate_arn=self.certificate_arn), domain_name=self.domain_name, domain_zone=PrivateHostedZone( self, "zone", vpc=self.vpc, zone_name=self.domain_name, ), ) self.api.task_definition.add_container( "backend", image=api_image, command=[ "sh", "-c", "/bin/chamber exec $CHAMBER_SERVICE_NAME -- ./scripts/run.sh" ], logging=AwsLogDriver(stream_prefix="backend-container"), environment={ "POSTGRES_DB": envs.data_base_name, "AWS_STORAGE_BUCKET_NAME": self.app_bucket.bucket_name, "AWS_STORAGE_PAGES_BUCKET_NAME": self.pages_bucket.bucket_name, "SQS_WORKER_QUEUE_URL": self.job_processing_queues[0].queue_url, "SQS_WORKER_EXT_QUEUE_URL": self.job_processing_queues[1].queue_url, "SQS_WORKER_MAX_QUEUE_URL": self.job_processing_queues[2].queue_url, "CHAMBER_SERVICE_NAME": "schema-cms-app", "CHAMBER_KMS_KEY_ALIAS": envs.project_name, }, secrets={ "DB_CONNECTION": EcsSecret.from_secrets_manager( Secret.from_secret_arn(self, id="DbSecret", secret_arn=self.db_secret_arn)), "DJANGO_SECRET_KEY": self.django_secret_key, "LAMBDA_AUTH_TOKEN": self.lambda_auth_token, }, cpu=512, memory_limit_mib=1024, ) self.django_secret_key.grant_read( self.api.service.task_definition.task_role) self.app_bucket.grant_read_write( self.api.service.task_definition.task_role) self.pages_bucket.grant_read_write( self.api.service.task_definition.task_role) for queue in self.job_processing_queues: queue.grant_send_messages( self.api.service.task_definition.task_role) self.api.service.connections.allow_to(self.db.connections, Port.tcp(5432)) self.api.task_definition.add_to_task_role_policy( PolicyStatement( actions=["ses:SendRawEmail", "ses:SendBulkTemplatedEmail"], resources=["*"], )) self.api.task_definition.add_to_task_role_policy( PolicyStatement( actions=[ "kms:Get*", "kms:Describe*", "kms:List*", "kms:Decrypt" ], resources=[ Fn.import_value( BaseKMS.get_kms_arn_output_export_name(envs)) ], )) self.api.task_definition.add_to_task_role_policy( PolicyStatement(actions=["ssm:DescribeParameters"], resources=["*"])) self.api.task_definition.add_to_task_role_policy( PolicyStatement( actions=["ssm:GetParameters*"], resources=[ f"arn:aws:ssm:{self.region}:{self.account}:parameter/schema-cms-app/*" ], ))