def setup_emqx(self, N, vpc, zone, sg, key): self.emqx_vms = [] for n in range(0, N): name = "emqx-%d" % n vm = ec2.Instance(self, id = name, instance_type = ec2.InstanceType(instance_type_identifier=emqx_ins_type), machine_image = linux_ami, user_data = ec2.UserData.custom(user_data), security_group = sg, key_name = key, vpc = vpc, vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE), ) self.emqx_vms.append(vm) r53.ARecord(self, id = name + '.int.emqx', record_name = name + '.int.emqx', zone = zone, target = r53.RecordTarget([vm.instance_private_ip]) ) # tagging if self.user_defined_tags: core.Tags.of(vm).add(*self.user_defined_tags) core.Tags.of(vm).add('service', 'emqx')
def create_root_api_gateway(self, api_domain_name: str): """ We need this to create the root API Gateway resource. """ certificate = self.create_api_certificate(api_domain_name, self.zone) domain_options = aws_apigateway.DomainNameOptions( domain_name=api_domain_name, certificate=certificate) stage_options = aws_apigateway.StageOptions(throttling_rate_limit=10, throttling_burst_limit=100) rest_api = aws_apigateway.RestApi(self, 'PublicCrudApi', rest_api_name='PublicCrudApi', domain_name=domain_options, deploy_options=stage_options) kix.info("Routing A-Record Alias for REST API") a_record_target = aws_route53.RecordTarget.from_alias( aws_route53_targets.ApiGateway(rest_api)) aws_route53.ARecord(self, "PublicCrudApiAliasRecord", zone=self.zone, target=a_record_target, record_name=api_domain_name) # Also create the authorizer for this API. self._api_authorizer = self.create_root_api_authorizer( self.user_pool, rest_api) return rest_api
def setup_etcd(self, vpc, zone, sg, key): for n in range(0, 3): # cdk bug? (cloud_user_data, )= ec2.UserData.for_linux(), cloud_user_data.add_commands('apt update', 'apt install -y etcd-server etcd-client', "echo ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd%d.int.emqx:2380 >> /etc/default/etcd" % n, 'echo ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380 >> /etc/default/etcd', 'echo ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 >> /etc/default/etcd', "echo ETCD_ADVERTISE_CLIENT_URLS=http://etcd%d.int.emqx:2379 >> /etc/default/etcd" % n, "echo ETCD_NAME=infra%d >> /etc/default/etcd" % n, 'echo ETCD_INITIAL_CLUSTER_STATE=new >> /etc/default/etcd', 'echo ETCD_INITIAL_CLUSTER_TOKEN=emqx-cluster-1 >> /etc/default/etcd', 'echo ETCD_INITIAL_CLUSTER="infra0=http://etcd0.int.emqx:2380,infra1=http://etcd1.int.emqx:2380,infra2=http://etcd2.int.emqx:2380" >> /etc/default/etcd', 'systemctl restart etcd' ) ins = ec2.Instance(self, id = "etsd.%d" % n, instance_type=ec2.InstanceType(instance_type_identifier="t3a.nano"), machine_image=linux_ami, user_data=cloud_user_data, security_group = sg, key_name=key, vpc = vpc ) r53.ARecord(self, id = "etcd%d.int.emqx" % n, record_name = "etcd%d.int.emqx" % n, zone = zone, target = r53.RecordTarget([ins.instance_private_ip]) ) if self.user_defined_tags: core.Tags.of(ins).add(*self.user_defined_tags) core.Tags.of(ins).add('service', 'etcd')
def configure_dns(self, zone: r53.IHostedZone) -> None: # Add FSX Records r53.ARecord(self, 'DnsRecord', zone=zone, comment='Name Record for ' + NetworkFileSystemsConstruct.__name__, record_name='winfs.{}'.format(zone.zone_name), ttl=core.Duration.seconds(60), target=r53.RecordTarget(values=['10.10.35.85'])) # This is only required for parity with devbox # r53.ARecord(self,'TempDnsRecord', # zone=zone, # comment='Name Record for '+NetworkFileSystemsConstruct.__name__, # record_name='amznfsxkw4byw3j.{}'.format(zone.zone_name), # ttl=core.Duration.seconds(60), # target=r53.RecordTarget( # values= ['10.10.35.85'] )) # Add efs sources... for entry in [ # ('homenet.efs.virtual.world', self.homenet.file_system_id), ('app-data.efs.virtual.world', self.app_data.file_system_id) ]: name, target = entry r53.CnameRecord(self, name, domain_name='{}.efs.{}.amazonaws.com'.format( target, core.Stack.of(self).region), zone=zone, record_name=name, ttl=core.Duration.minutes(1))
def __init__(self, scope:core.Construct, id:str,landing_zone:IVpcLandingZone, **kwargs): super().__init__(scope,id, **kwargs) # Create the primary domain self.virtual_world = r53.PrivateHostedZone(self,'VirtualWorld', zone_name='virtual.world', vpc=landing_zone.vpc, comment='Primary domain name') # Create the real world self.real_world = r53.PrivateHostedZone(self,'RealWorld', zone_name='real.world', vpc=landing_zone.vpc, comment='Name resolution back to physical realm') # Add the public records... # https://abram.com.au/converting-pem-to-pfx-certificates/ with open('chatham.json','r') as f: json = loads(f.read()) for zone in [self.real_world]: for entry in json: ip = entry['ip'] name = entry['name'] record_name = '{}.{}'.format(name,zone.zone_name) r53.ARecord(self,record_name, zone=self.real_world, record_name=record_name, target= r53.RecordTarget.from_ip_addresses(ip))
def map_base_subdomain(self, subdomain: str, api: aws_apigateway.RestApi) -> str: """ Maps a sub-domain of aws.job4u.io to an API gateway :param subdomain: The sub-domain (e.g. "www") :param api: The API gateway endpoint :return: The base url (e.g. "https://www.aws.job4u.io") """ domain_name = subdomain + '.' + ZONE_NAME url = 'https://' + domain_name cert = aws_certificatemanager.Certificate.from_certificate_arn(self, 'DomainCertificate', ZONE_CERT) hosted_zone = aws_route53.HostedZone.from_hosted_zone_attributes(self, 'HostedZone', hosted_zone_id=ZONE_ID, zone_name=ZONE_NAME) # add the domain name to the api and the A record to our hosted zone domain = api.add_domain_name('Domain', certificate=cert, domain_name=domain_name) aws_route53.ARecord( self, 'UrlShortenerDomain', record_name=subdomain, zone=hosted_zone, target=aws_route53.RecordTarget.from_alias(aws_route53_targets.ApiGatewayDomain(domain))) return url
def add_dns_records(self, zone: IHostedZone, resource_name: str) -> None: r53.ARecord( self, 'DnsRecord', zone=zone, comment='Name Record for ' + JumpBoxConstruct.__name__, record_name='{}.{}'.format(resource_name, zone.zone_name), target=RecordTarget(values=[self.instance.instance_private_ip]))
def configure_dns(self,zone:r53.IHostedZone): r53.ARecord(self,'HostRecord', zone=zone, record_name='rtsp-connector.{}'.format(zone.zone_name), ttl = core.Duration.minutes(1), target= r53.RecordTarget( values=[self.instance.instance_private_ip] ))
def __init__(self, scope: core.Construct, id: builtins.str, landing_zone: IVpcLandingZone) -> None: super().__init__(scope, id) self.__landing_zone = landing_zone # Setup DNS... self.trader_dns_zone = r53.PrivateHostedZone( self, 'Trader', zone_name='trader.fsi'.format(landing_zone.zone_name.lower()), vpc=landing_zone.vpc, comment='HomeNet Financial Services Domain') # Create a key and delegate access to IAM... self.key = kms.Key( self, 'Key', alias='homenet/fsi', enable_key_rotation=True, policy=iam.PolicyDocument(statements=[ iam.PolicyStatement(effect=iam.Effect.ALLOW, principals=[ iam.AccountPrincipal( core.Stack.of(self).account) ], actions=['kms:*'], resources=['*']) ])) # Create central resources... self.tda_secret = sm.Secret( self, 'AmeritradeSecrets', removal_policy=core.RemovalPolicy.DESTROY, secret_name='HomeNet-{}-Ameritrade-Secrets'.format( self.landing_zone.zone_name)) self.bucket = s3.Bucket(self, 'Bucket', bucket_name='homenet-{}.{}.trader.fsi'.format( self.landing_zone.zone_name, core.Stack.of(self).region).lower(), versioned=True) r53.ARecord(self, 'BucketAlias', zone=self.trader_dns_zone, record_name=self.bucket.bucket_domain_name, target=r53.RecordTarget.from_alias( dns_targets.BucketWebsiteTarget(self.bucket))) # self.fspace = space.CfnEnvironment(self,'Finspace', # name='HomeNet-FsiCoreSvc', # kms_key_id= self.key.key_id, # description="HomeNet Financial Servicing Catalog") self.finspace = FinSpaceEnvironment() self.key.grant_admin(iam.ServicePrincipal(service='finspace'))
def __create_route53_record(self, hosted_zone): route53.ARecord( self, "site-alias-record", record_name=self._site_domain_name, zone=hosted_zone, target=route53.RecordTarget.from_alias( targets.CloudFrontTarget(self.distribution)), )
def airflow_web_service(self, environment): service_name = get_webserver_service_name(self.deploy_env) family = get_webserver_taskdef_family_name(self.deploy_env) task_def = ecs.FargateTaskDefinition(self, family, cpu=512, memory_limit_mib=1024, family=family) task_def.add_container(f"WebWorker-{self.deploy_env}", image=self.image, environment=environment, secrets=self.secrets, logging=ecs.LogDrivers.aws_logs( stream_prefix=family, log_retention=RetentionDays.ONE_DAY)) task_def.default_container.add_port_mappings( ecs.PortMapping(container_port=8080, host_port=8080, protocol=ec2.Protocol.TCP)) # we want only 1 instance of the web server so when new versions are deployed max_healthy_percent=100 # you have to manually stop the current version and then it should start a new version - done by deploy task lb_security_group = ec2.SecurityGroup( self, f"lb-sec-group-{self.deploy_env}", vpc=self.vpc) service = ecs_patterns.ApplicationLoadBalancedFargateService( self, service_name, cluster=self.cluster, # Required service_name=service_name, platform_version=ecs.FargatePlatformVersion.VERSION1_4, cpu=512, # Default is 256 desired_count=1, # Default is 1 task_definition=task_def, memory_limit_mib=2048, # Default is 512 public_load_balancer=True, security_groups=[lb_security_group], certificate=Certificate.from_certificate_arn( self, f"lb-cert-{self.deploy_env}", certificate_arn=self.config["lb_certificate_arn"]), max_healthy_percent=100) service.target_group.configure_health_check(path="/health") # restrict access to the load balancer to only VPN lb_security_group.connections.allow_from( ec2.Peer.ipv4(self.config["lb_vpn_addresses"]), ec2.Port.tcp(443)) # configure DNS alias for the load balancer route53.ARecord(self, f"lb-record-{self.deploy_env}", zone=route53.HostedZone.from_hosted_zone_attributes( self, f"Zone-{self.deploy_env}", zone_name=f"Zone-{self.deploy_env}", hosted_zone_id=self.config["route53_zone_id"]), record_name=self.config["lb_dns_name"], target=route53.RecordTarget.from_alias( targets.LoadBalancerTarget(service.load_balancer))) return service
def generate_record_in_hosted_zone(scope, hosted_zone: route53.HostedZone, cloudfront_distribution): a_record = route53.ARecord( scope, "CloudfrontTier1Route53ARecord", zone=hosted_zone, target=route53.RecordTarget.from_alias( targets.CloudFrontTarget(cloudfront_distribution)), record_name="jvsantos-tier1.apperdevops.com") return a_record
def __init__( self, scope: core.Construct, id: str, hosted_zone_id: str, hosted_zone_name: str, domain_name: str, api: apigw.HttpApi, ): super().__init__(scope, id) hosted_zone = route53.HostedZone.from_hosted_zone_attributes( self, id="dns-hosted-zone", hosted_zone_id=hosted_zone_id, zone_name=hosted_zone_name) certificate = certmgr.DnsValidatedCertificate( self, "tls-certificate", domain_name=domain_name, hosted_zone=hosted_zone, validation_method=certmgr.ValidationMethod.DNS, ) custom_domain = apigw.CfnDomainName( self, "custom-domain", domain_name=domain_name, domain_name_configurations=[ apigw.CfnDomainName.DomainNameConfigurationProperty( certificate_arn=certificate.certificate_arn) ], ) custom_domain.node.add_dependency(api) custom_domain.node.add_dependency(certificate) api_mapping = apigw.CfnApiMapping(self, "custom-domain-mapping", api_id=api.http_api_id, domain_name=domain_name, stage="$default") api_mapping.node.add_dependency(custom_domain) route53.ARecord( self, "custom-domain-record", target=route53.RecordTarget.from_alias( ApiGatewayV2Domain(custom_domain)), zone=hosted_zone, record_name=domain_name, )
def __init__(self, scope: core.Construct, id: str, domain: DomainInfo, **kwargs) -> None: super().__init__(scope, id, **kwargs) if domain.stage == 'prod': self.final_domain = domain.domain_name else: self.final_domain = f'{domain.stage}.{domain.domain_name}' self.domain = domain # Create the static site website bucket bucket = s3.Bucket(self, "sitebucket", bucket_name=self.final_domain, public_read_access=True, website_index_document="index.html") core.CfnOutput(self, 'site_bucket_name', value=bucket.bucket_name) core.CfnOutput(self, 'site_bucket_website', value=bucket.bucket_website_url) #create Cloudfront distribution return dist ID alias_configuration = cf.AliasConfiguration( acm_cert_ref=self.domain.cert_arn, names=[self.final_domain], ) source_configuration = cf.SourceConfiguration( s3_origin_source=cf.S3OriginConfig(s3_bucket_source=bucket, ), behaviors=[cf.Behavior(is_default_behavior=True)]) dist = cf.CloudFrontWebDistribution( self, 'staticsitecf', alias_configuration=alias_configuration, origin_configs=[source_configuration], ) core.CfnOutput(self, 'static_site_cf_dist_id', value=dist.distribution_id) core.CfnOutput(self, 'static_site_cf_domain', value=dist.domain_name) #route53 logic if self.domain.stage == 'prod': zone = route53.HostedZone.from_hosted_zone_attributes( self, id="HostedZoneID", hosted_zone_id=self.domain.hosted_zone_id, zone_name=self.domain.domain_name) route53.ARecord(self, 'SiteAliasRecord', record_name=self.final_domain, target=route53.AddressRecordTarget.from_alias( targets.CloudFrontTarget(dist)), zone=zone)
def configure_dns(self, zone: r53.IHostedZone, ca: CertificateAuthority) -> None: """ Bind the photos-api alias to the cert/friendly name. You still need to register the CA cert on the local device (e.g., Group Policy) Otherwise it errors out, since everything is private resources. """ friendly_name = 'photos-api.{}'.format(zone.zone_name) r53.ARecord(self, 'PhotosApi', zone=zone, record_name=friendly_name, target=r53.RecordTarget.from_alias( dns_targets.ApiGateway(self.frontend_proxy)))
def createResources(self, ns): # Get Hosted Zone hostedZone = route53.HostedZone.from_lookup( self, 'Bento-Hosted-Zone', domain_name=self.config[ns]['domain_name']) route53.ARecord(self, 'Bento-Alias-Record', record_name=ns, target=route53.RecordTarget.from_alias( targets.LoadBalancerTarget(self.bentoALB)), zone=hostedZone)
def __init__(self, parent: core.Construct, name: str, props: StaticSiteProps) -> None: super().__init__(parent, name) site_domain = props.site_sub_domain + '.' + props.domain_name # Content bucket site_bucket = s3.Bucket(self, "SiteBucket", bucket_name=site_domain, website_index_document="index.html", website_error_document="error.html", public_read_access=True, removal_policy=core.RemovalPolicy.DESTROY) core.CfnOutput(self, 'Bucket', value=site_bucket.bucket_name) #cloudfront distribution that provies HTTPS distribution = cfront.CloudFrontWebDistribution( self, 'SiteDistribution', origin_configs=[ cfront.SourceConfiguration( behaviors=[cfront.Behavior(is_default_behavior=True)], s3_origin_source=cfront.S3OriginConfig( s3_bucket_source=site_bucket)) ], alias_configuration=cfront.AliasConfiguration( acm_cert_ref=props.certificate_arn, names=[site_domain], ssl_method=cfront.SSLMethod.SNI, security_policy=cfront.SecurityPolicyProtocol.TLS_V1_1_2016)) core.CfnOutput(self, 'DistributionID', value=distribution.distribution_id) # Route 53 alias record for the CloudFront distribution zone = route53.HostedZone.from_lookup(self, 'MyHostedZone', domain_name=props.domain_name) # Add a A record to the hosted zone route53.ARecord( self, 'SiteAliasRecord', zone=zone, record_name=site_domain, target=route53.AddressRecordTarget.from_alias( aws_route53_targets.CloudFrontTarget(distribution)))
def __init__(self, app: core.App, id: str, **kwargs) -> None: super().__init__(app, id) #create an S3 bucket domainName = 'accelerate.dev' myBucket = s3.Bucket(self, 'accelerate.dev-s3bucket', bucket_name='accelerate-website', public_read_access=True, website_index_document='index.html', website_error_document='404.html', removal_policy=core.RemovalPolicy.DESTROY) myBucket.grant_public_access myBucket.add_to_resource_policy( #Grant read access to everyone in your account iam.PolicyStatement( actions=['s3:GetObject'], resources=[myBucket.arn_for_objects('*')], principals=[ iam.AccountPrincipal(account_id=core.Aws.ACCOUNT_ID) ])) myUser = iam.User(self, 'deploy_' + domainName) #Grant write access to a specific user myBucket.grant_write(myUser) hostedZone = route53.HostedZone.from_hosted_zone_attributes( self, "HostedZone_" + domainName, hosted_zone_id='Z00154093I7THXRTRF8QB', zone_name=domainName) cert = certmgr.DnsValidatedCertificate(self, "cert_" + domainName, domain_name=domainName, hosted_zone=hostedZone) distribution = cloudfront.CloudFrontWebDistribution( self, "accelerate.dev-distribution", price_class=cloudfront.PriceClass.PRICE_CLASS_100, origin_configs=[ cloudfront.SourceConfiguration( s3_origin_source=cloudfront.S3OriginConfig( s3_bucket_source=myBucket), behaviors=[cloudfront.Behavior(is_default_behavior=True)]) ], viewer_certificate=cloudfront.ViewerCertificate. from_acm_certificate(cert, aliases=['accelerate.dev'])) route53.ARecord(self, "Alias_" + domainName, zone=hostedZone, target=route53.RecordTarget.from_alias( targets.CloudFrontTarget(distribution)))
def create_apex_records(self, apex_target): route53.ARecord( self, self.config.get("stack_name") + "_v4_apex_alias", zone=self.zone, target=apex_target ) if self.config.get("ipv6_support", False): route53.AaaaRecord( self, self.config.get("stack_name") + "_v6_apex_alias", zone=self.zone, target=apex_target )
def __init__(self, scope: core.Construct, stack_id: str, *, api_name: str, domain_name: str, functions_stacks: List[FunctionsStack], subdomain: str, **kwargs): super().__init__(scope, stack_id, **kwargs) hosted_zone = route53.HostedZone.from_lookup(self, 'HostedZone', domain_name=domain_name) subdomain = f'{subdomain}.{hosted_zone.zone_name}' certificate = acm.DnsValidatedCertificate(self, 'Certificate', domain_name=subdomain, hosted_zone=hosted_zone) self.api = apigw.HttpApi(self, 'HttpApi', api_name=api_name) domain_name = apigw.CfnDomainName( self, 'DomainName', domain_name=subdomain, domain_name_configurations=[ apigw.CfnDomainName.DomainNameConfigurationProperty( certificate_arn=certificate.certificate_arn) ]) # add an alias to the hosted zone route53.ARecord(self, 'ARecord', record_name=subdomain, target=route53.RecordTarget.from_alias( ApiGatewayV2Domain(domain_name)), zone=hosted_zone) mapping = apigw.CfnApiMapping(self, 'ApiMapping', api_id=self.api.http_api_id, domain_name=domain_name.ref, stage='$default') mapping.add_depends_on(domain_name) for functions_stack in functions_stacks: self.api.add_routes(integration=apigw.LambdaProxyIntegration( handler=functions_stack.receiver_function), methods=[functions_stack.api_method], path=functions_stack.api_path)
def create_route53_record(self): """ Create Route53 entries """ zone = route53.HostedZone.from_lookup(self, "quake_services", domain_name="quake.services") target = route53.AddressRecordTarget.from_alias( route53_targets.LoadBalancerTarget(self.nlb)) route53.ARecord(self, "alias", zone=zone, record_name="master", target=target)
def __init__(self, scope: Construct, id: str, *, fqdn: str, target) -> None: super().__init__(scope, id) hosted_zone_name = dns.get_hosted_zone_name() if not fqdn.endswith(hosted_zone_name): raise Exception(f"FQDN {fqdn} not within {hosted_zone_name}") record_name = fqdn[0:-len(hosted_zone_name) - 1] route53.ARecord( self, id, target=RecordTarget.from_alias(target), zone=dns.get_hosted_zone(), record_name=record_name, )
def create_site_records(self): route53.ARecord( self, self.config.get("stack_name") + "_v4_sub_alias", zone=self.zone, record_name=self.config.get("subdomain"), target=self.cloudfront_site_target ) if self.config.get("ipv6_support", False): route53.AaaaRecord( self, self.config.get("stack_name") + "_v6_sub_alias", zone=self.zone, record_name=self.config.get("subdomain"), target=self.cloudfront_site_target )
def setup_loadgen(self, N, vpc, zone, sg, key, target): for n in range(0, N): name = "loadgen-%d" % n src_ips = ','.join([ "192.168.%d.%d" % (n, x) for x in range(10, 20)]) bootScript = ec2.UserData.custom(loadgen_user_data) configIps = ec2.UserData.for_linux() configIps.add_commands("for x in $(seq 2 250); do ip addr add 192.168.%d.$x dev ens5; done" % n) runscript = ec2.UserData.for_linux() runscript.add_commands("""cat << EOF > /root/emqtt_bench/run.sh #!/bin/bash ulimit -n 1000000 ipaddrs=`for n in $(seq 2 13); do printf "192.168.%d.%%d," $n; done ` _build/default/bin/emqtt_bench sub -h %s -t "root/%%c/1/+/abc/#" -c 200000 --prefix "prefix%d" --ifaddr %s -i 5 EOF """ % (n, target, n, src_ips) ) multipartUserData = ec2.MultipartUserData() multipartUserData.add_part(ec2.MultipartBody.from_user_data(bootScript)) multipartUserData.add_part(ec2.MultipartBody.from_user_data(configIps)) multipartUserData.add_part(ec2.MultipartBody.from_user_data(runscript)) lg_vm = ec2.Instance(self, id = name, instance_type=ec2.InstanceType(instance_type_identifier=loadgen_ins_type), machine_image=linux_ami, user_data = multipartUserData, security_group = sg, key_name=key, vpc = vpc, source_dest_check = False ) i=1 for net in vpc.private_subnets: net.add_route(id=name+str(i), router_id = lg_vm.instance_id, router_type = ec2.RouterType.INSTANCE, destination_cidr_block = "192.168.%d.0/24" % n) i+=1 r53.ARecord(self, id = name + '.int.emqx', record_name = name + '.int.emqx', zone = zone, target = r53.RecordTarget([lg_vm.instance_private_ip]) ) if self.user_defined_tags: core.Tags.of(ins).add(*self.user_defined_tags) core.Tags.of(lg_vm).add('service', 'loadgen')
def __init__(self, scope: core.Construct, stack_id: str, *, api_name: str, bucket: s3.Bucket, domain_name: str, functions, subdomain: str, **kwargs): super().__init__(scope, stack_id, **kwargs) hosted_zone = route53.HostedZone.from_lookup(self, 'HostedZone', domain_name=domain_name) subdomain = f'{subdomain}.{hosted_zone.zone_name}' certificate = acm.DnsValidatedCertificate(self, 'Certificate', domain_name=subdomain, hosted_zone=hosted_zone) self.api = apigw.HttpApi(self, 'HttpApi', api_name=api_name) domain_name = apigw.CfnDomainName( self, 'DomainName', domain_name=subdomain, domain_name_configurations=[ apigw.CfnDomainName.DomainNameConfigurationProperty( certificate_arn=certificate.certificate_arn) ]) # add an alias to the hosted zone route53.ARecord(self, 'ARecord', record_name=subdomain, target=route53.RecordTarget.from_alias( ApiGatewayV2Domain(domain_name)), zone=hosted_zone) mapping = apigw.CfnApiMapping(self, 'ApiMapping', api_id=self.api.http_api_id, domain_name=domain_name.ref, stage='$default') mapping.add_depends_on(domain_name) for function in functions: self.add_endpoint(bucket, function)
def configure_domain( scope: core.Construct, load_balancer: elbv2.ApplicationLoadBalancer, config: StackConfig, ): # // DNS record zone = route53.HostedZone.from_hosted_zone_attributes( scope, 'dns', zone_name=config.dns_name, hosted_zone_id=config.dns_zone_id, ) target = route53.RecordTarget.from_alias( route53_targets.LoadBalancerTarget(load_balancer)) route53.ARecord(scope, 'stack-domain', zone=zone, record_name=config.dns_stack_subdomain, target=target)
def __init__(self, scope: core.App, id: str, props: DomainStackProps, **kwargs) -> None: super().__init__(scope, id, **kwargs) domain = apigw.DomainName( self, "domain", domain_name=props.domain_name, certificate=acm.Certificate.from_certificate_arn( self, 'cert', props.certificate_arn), endpoint_type=apigw.EndpointType.REGIONAL, ) self.domain = domain route53.ARecord(self, "AliasRecord", zone=route53.HostedZone.from_lookup( self, 'zone', domain_name=props.domain_name), target=route53.RecordTarget.from_alias( route53_targets.ApiGatewayDomain(domain)))
def __init__(self, scope: core.Construct, id: str, cdnid, **kwargs) -> None: super().__init__(scope, id, **kwargs) prj_name = self.node.try_get_context("project_name") env_name = self.node.try_get_context("env") hosted_zone = r53.HostedZone(self, 'hosted-zone', zone_name='cloudevangelist.ca') r53.ARecord(self, 'cdn-record', zone=hosted_zone, target=r53.RecordTarget.from_alias( alias_target=r53target.CloudFrontTarget(cdnid)), record_name='app') ssm.StringParameter(self, 'zone-id', parameter_name='/' + env_name + '/zone-id', string_value=hosted_zone.hosted_zone_id)
def __init__(self, scope: cdk.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) environment = self.node.try_get_context('environment') server_domain = self.node.try_get_context('server_domain') hosted_zone_id = self.node.try_get_context('hosted_zone_id') if environment == 'prod': self.domain_name = f'start.{server_domain}' else: self.domain_name = f'start.{environment}.{server_domain}' hosted_zone = r53.HostedZone.from_hosted_zone_attributes( self, 'Zone', hosted_zone_id=hosted_zone_id, zone_name=server_domain) certificate = acm.Certificate( self, 'StartCert', domain_name=self.domain_name, validation=acm.CertificateValidation.from_dns( hosted_zone=hosted_zone)) self.rest_api = apigw.RestApi( self, 'api', domain_name=apigw.DomainNameOptions(certificate=certificate, domain_name=self.domain_name), deploy_options=apigw.StageOptions(stage_name=environment)) arecord = r53.ARecord( self, 'StartARecord', zone=hosted_zone, record_name=self.domain_name, target=r53.RecordTarget( alias_target=r53_targets.ApiGateway(self.rest_api))) cdk.CfnOutput(self, 'DNSName', value=arecord.domain_name)
def __init__( self, scope: cdk.Construct, id: str, consoleme_alb: lb.ApplicationLoadBalancer, **kwargs ) -> None: super().__init__(scope, id, **kwargs) hosted_zone = route53.PublicHostedZone.from_hosted_zone_attributes( self, "HostedZone", hosted_zone_id=HOSTED_ZONE_ID, zone_name=HOSTED_ZONE_NAME, ) route53_record = route53.ARecord( self, "LBRecord", zone=hosted_zone, record_name=APPLICATION_PREFIX, target=route53.RecordTarget( alias_target=(route53_targets.LoadBalancerTarget(consoleme_alb)) ), ) verify_ses_identity = cr.AwsCustomResource( self, "VerifySESIdentityResource", policy=cr.AwsCustomResourcePolicy.from_statements( statements=[ iam.PolicyStatement( effect=iam.Effect.ALLOW, actions=["ses:VerifyDomainIdentity", "ses:DeleteIdentity"], resources=["*"], ) ] ), on_create=cr.AwsSdkCall( service="SES", action="verifyDomainIdentity", parameters={"Domain": route53_record.domain_name}, physical_resource_id=cr.PhysicalResourceId.from_response( "VerificationToken" ), ), on_delete=cr.AwsSdkCall( service="SES", action="deleteIdentity", parameters={"Identity": route53_record.domain_name}, ), install_latest_aws_sdk=True, log_retention=logs.RetentionDays.ONE_WEEK, ) add_ses_dkim = cr.AwsCustomResource( self, "VerifySESDKIMResource", policy=cr.AwsCustomResourcePolicy.from_statements( statements=[ iam.PolicyStatement( effect=iam.Effect.ALLOW, actions=["ses:VerifyDomainDkim"], resources=["*"], ) ] ), on_create=cr.AwsSdkCall( service="SES", action="verifyDomainDkim", parameters={"Domain": route53_record.domain_name}, physical_resource_id=cr.PhysicalResourceId.of( HOSTED_ZONE_ID + "VerifyDomainDKIM" ), ), install_latest_aws_sdk=True, log_retention=logs.RetentionDays.ONE_WEEK, ) add_ses_dkim.node.add_dependency(verify_ses_identity) certificate = acm.Certificate( self, "Certificate", domain_name="*." + hosted_zone.zone_name, validation=acm.CertificateValidation.from_dns(hosted_zone=hosted_zone), ) self.hosted_zone = hosted_zone self.certificate = certificate self.route53_record = route53_record