def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Contexts PRJ = self.node.try_get_context("prj") CIDR_VPC = self.node.try_get_context("cidr-app-vpc") CIDR_APP_SUBNET = self.node.try_get_context("cidr-app-ec2-subnet") CIDR_TGW_SUBNET = self.node.try_get_context("cidr-app-tgw-subnet") # Parameters # Functions def nametag(x): return core.CfnTag(key="Name", value="{}/{}".format(PRJ, x)) # ### Resources # VPC self.vpc = ec2.CfnVPC(self, "vpc", cidr_block=CIDR_VPC, tags=[nametag("appVpc")]) # Ec2 Subnet self.ec2_subnet = ec2.CfnSubnet(self, "ec2Subnet", cidr_block=CIDR_APP_SUBNET, vpc_id=self.vpc.ref, map_public_ip_on_launch=False, availability_zone="ap-northeast-1a", tags=[nametag("appEc2Subnet")]) # Tgw Subnet self.tgw_subnet = ec2.CfnSubnet(self, "tgwSubnet", cidr_block=CIDR_TGW_SUBNET, vpc_id=self.vpc.ref, map_public_ip_on_launch=False, availability_zone="ap-northeast-1a", tags=[nametag("appTgwSubnet")]) # RouteTable(App Subnet) self.ec2_rtb = ec2.CfnRouteTable(self, "ec2Rtb", vpc_id=self.vpc.ref, tags=[nametag("appEc2Rtb")]) ec2.CfnSubnetRouteTableAssociation(self, "ec2RtbAssoc", route_table_id=self.ec2_rtb.ref, subnet_id=self.ec2_subnet.ref) # RouteTable(Tgw Subnet) self.tgw_rtb = ec2.CfnRouteTable(self, "tgwRtb", vpc_id=self.vpc.ref, tags=[nametag("appTgwRtb")]) ec2.CfnSubnetRouteTableAssociation(self, "tgwRtbAssoc", route_table_id=self.tgw_rtb.ref, subnet_id=self.tgw_subnet.ref)
def subnet_association_public(self, route_table_public, subnet_dictionary): _ec2.CfnSubnetRouteTableAssociation( self, 'CfnSubnetRouteTableAssociationPublicA', route_table_id=route_table_public.ref, subnet_id=subnet_dictionary.get('DEMO-PUBLIC-SUBNET-A').ref) _ec2.CfnSubnetRouteTableAssociation( self, 'CfnSubnetRouteTableAssociationPublicC', route_table_id=route_table_public.ref, subnet_id=subnet_dictionary.get('DEMO-PUBLIC-SUBNET-C').ref)
def subnet_association_private(self, route_table_private, subnet_dictionary): _ec2.CfnSubnetRouteTableAssociation( self, 'CfnSubnetRouteTableAssociationPrivateA', route_table_id=route_table_private.ref, subnet_id=subnet_dictionary.get('DEMO-PRIVATE-SUBNET-A').ref) _ec2.CfnSubnetRouteTableAssociation( self, 'CfnSubnetRouteTableAssociationPrivateC', route_table_id=route_table_private.ref, subnet_id=subnet_dictionary.get('DEMO-PRIVATE-SUBNET-C').ref)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # The code that defines your stack goes here # vpc network vpc = aws_ec2.CfnVPC(self, 'vpc', cidr_block='10.0.0.0/16', enable_dns_hostnames=True, enable_dns_support=True, instance_tenancy='default', tags=[core.CfnTag(key='Name',value='vpc')]) internetgateway = aws_ec2.CfnInternetGateway(self, 'internetgateway', tags=[core.CfnTag(key='Name',value='internetgateway')]) aws_ec2.CfnVPCGatewayAttachment(self, 'VPCGatewayAttachment', vpc_id=vpc.ref, internet_gateway_id=internetgateway.ref) # public network publicsubnet01 = aws_ec2.CfnSubnet(self, 'publicsubnet01', cidr_block='10.0.0.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name',value='publicsubnet01')]) publicsubnet02 = aws_ec2.CfnSubnet(self, 'publicsubnet02', cidr_block='10.0.1.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name',value='publicsubnet02')]) publicsubnet03 = aws_ec2.CfnSubnet(self, 'publicsubnet03', cidr_block='10.0.2.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name',value='publicsubnet03')]) publicroutetable01 = aws_ec2.CfnRouteTable(self, 'publicroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='publicroutetable01')]) publicroutetable02 = aws_ec2.CfnRouteTable(self, 'publicroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='publicroutetable02')]) publicroutetable03 = aws_ec2.CfnRouteTable(self, 'publicroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='publicroutetable03')]) aws_ec2.CfnRoute(self, 'publicroute01', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable01.ref,) aws_ec2.CfnRoute(self, 'publicroute02', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable02.ref) aws_ec2.CfnRoute(self, 'publicroute03', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable03.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'publicsubnetroutetableassociation01', route_table_id=publicroutetable01.ref, subnet_id=publicsubnet01.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'publicsubnetroutetableassociation02', route_table_id=publicroutetable02.ref, subnet_id=publicsubnet02.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'publicsubnetroutetableassociation03', route_table_id=publicroutetable03.ref, subnet_id=publicsubnet03.ref) # private network privatesubnet01 = aws_ec2.CfnSubnet(self, 'privatesubnet01', cidr_block='10.0.11.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name',value='privatesubnet01')]) privatesubnet02 = aws_ec2.CfnSubnet(self, 'privatesubnet02', cidr_block='10.0.12.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name',value='privatesubnet02')]) privatesubnet03 = aws_ec2.CfnSubnet(self, 'privatesubnet03', cidr_block='10.0.13.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name',value='privatesubnet03')]) privateroutetable01 = aws_ec2.CfnRouteTable(self, 'privateroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='privateroutetable01')]) privateroutetable02 = aws_ec2.CfnRouteTable(self, 'privateroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='privateroutetable02')]) privateroutetable03 = aws_ec2.CfnRouteTable(self, 'privateroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='privateroutetable03')]) aws_ec2.CfnSubnetRouteTableAssociation(self, 'privatesubnetroutetableassociation01', route_table_id=privateroutetable01.ref, subnet_id=privatesubnet01.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'privatesubnetroutetableassociation02', route_table_id=privateroutetable02.ref, subnet_id=privatesubnet02.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'privatesubnetroutetableassociation03', route_table_id=privateroutetable03.ref, subnet_id=privatesubnet03.ref) eip01 = aws_ec2.CfnEIP(self, 'eip01', tags=[core.CfnTag(key='Name',value='eip01')]) eip02 = aws_ec2.CfnEIP(self, 'eip02', tags=[core.CfnTag(key='Name',value='eip02')]) eip03 = aws_ec2.CfnEIP(self, 'eip03', tags=[core.CfnTag(key='Name',value='eip03')]) natgateway01 = aws_ec2.CfnNatGateway(self, 'natgateway01', allocation_id=eip01.attr_allocation_id, subnet_id=publicsubnet01.ref, tags=[core.CfnTag(key='Name',value='natgateway01')]) natgateway02 = aws_ec2.CfnNatGateway(self, 'natgateway02', allocation_id=eip02.attr_allocation_id, subnet_id=publicsubnet02.ref, tags=[core.CfnTag(key='Name',value='natgateway02')]) natgateway03 = aws_ec2.CfnNatGateway(self, 'natgateway03', allocation_id=eip03.attr_allocation_id, subnet_id=publicsubnet03.ref, tags=[core.CfnTag(key='Name',value='natgateway03')]) aws_ec2.CfnRoute(self, 'privateroute01', destination_cidr_block='0.0.0.0/0' ,nat_gateway_id=natgateway01.ref, route_table_id=privateroutetable01.ref) aws_ec2.CfnRoute(self, 'privateroute02', destination_cidr_block='0.0.0.0/0' ,nat_gateway_id=natgateway02.ref, route_table_id=privateroutetable02.ref) aws_ec2.CfnRoute(self, 'privateroute03', destination_cidr_block='0.0.0.0/0' ,nat_gateway_id=natgateway03.ref, route_table_id=privateroutetable03.ref) # isolate network isolatesubnet01 = aws_ec2.CfnSubnet(self, 'isolatesubnet01', cidr_block='10.0.21.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name',value='isolatesubnet01')]) isolatesubnet02 = aws_ec2.CfnSubnet(self, 'isolatesubnet02', cidr_block='10.0.22.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name',value='isolatesubnet02')]) isolatesubnet03 = aws_ec2.CfnSubnet(self, 'isolatesubnet03', cidr_block='10.0.23.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name',value='isolatesubnet03')]) isolateroutetable01 = aws_ec2.CfnRouteTable(self, 'isolateroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='isolateroutetable01')]) isolateroutetable02 = aws_ec2.CfnRouteTable(self, 'isolateroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='isolateroutetable02')]) isolateroutetable03 = aws_ec2.CfnRouteTable(self, 'isolateroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='isolateroutetable03')]) aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation01', route_table_id=isolateroutetable01.ref, subnet_id=isolatesubnet01.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation02', route_table_id=isolateroutetable02.ref, subnet_id=isolatesubnet02.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation03', route_table_id=isolateroutetable03.ref, subnet_id=isolatesubnet03.ref)
def create_route_table_association( scope: core.Construct, vpc: aws_ec2.CfnVPC, subnet: aws_ec2.CfnSubnet, route_table: aws_ec2.CfnRouteTable ) -> aws_ec2.CfnSubnetRouteTableAssociation: prefix = scope.node.try_get_context("prefix") route_table_type = [ tag['value'] for tag in route_table.tags.render_tags() if tag['key'] == 'Name' ].pop() az_end = subnet.availability_zone[-2:] association = aws_ec2.CfnSubnetRouteTableAssociation( scope, f'{prefix}-subnet-route-table-association-{route_table_type[-3:]}-{az_end}', route_table_id=route_table.ref, subnet_id=subnet.ref, ) return association
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id) self._id = id self._route_table_id = kwargs['route_table_id'] self._subnet_id = kwargs['subnet_id'] try: kwargs['tags'] except: self._tags_wk = None else: self._tags_wk = [ core.CfnTag(key=kwargs['tags'][i]['key'], value=kwargs['tags'][i]['value']) if kwargs['tags'] else None for i in range(len(kwargs['tags'])) ] self._subnetroutetableassociation = aws_ec2.CfnSubnetRouteTableAssociation( self, self._id, route_table_id=self._route_table_id.ref, subnet_id=self._subnet_id.ref)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) prefix = "test"" cidr = "10.100.0.0/16" # def name(s): return "{0}/{1}".format(prefix, s) def name(s): return "{0} {1}".format(prefix, s) # VPC self.vpc = ec2.CfnVPC( self, "vpc", cidr_block=cidr, enable_dns_hostnames=True, enable_dns_support=True, tags=[ core.CfnTag(key="Name", value=prefix+" VPC") ] ) # InternetGateway igw = ec2.CfnInternetGateway( self, "igw", tags=[ core.CfnTag(key="Name", value=prefix+" IGW") ] ) igw_attachment = ec2.CfnVPCGatewayAttachment( self, "igw_attachment", vpc_id=self.vpc.ref, internet_gateway_id=igw.ref ) dhcpoptions = ec2.CfnDHCPOptions( self, "dhcpoptions", domain_name="ec2.internal "+prefix, domain_name_servers=["AmazonProvidedDNS"], tags=[ core.CfnTag(key="Name", value=prefix) ] ) dhcpoptionsassociation = ec2.CfnVPCDHCPOptionsAssociation( self, "dhcpoptionsassociation", dhcp_options_id=dhcpoptions.ref, vpc_id=self.vpc.ref ) # PrivateSubnetA # private_subnet_a = ec2.CfnSubnet( # self, "private_a", # vpc_id=vpc.ref, # cidr_block="192.168.0.0/24", # availability_zone="ap-northeast-1a", # tags=[ # core.CfnTag(key="Name", value=name("private_a")) # ] # ) # PrivateSubnetC # private_subnet_c = ec2.CfnSubnet( # self, "private_c", # vpc_id=vpc.ref, # cidr_block="192.168.1.0/24", # availability_zone="ap-northeast-1c", # tags=[ # core.CfnTag(key="Name", value=name("private_c")) # ] # ) # PublicSubnetA self.public_subnet_a = ec2.CfnSubnet( self, "public_a", vpc_id=self.vpc.ref, cidr_block="192.168.0.0/20", # availability_zone="ap-northeast-1a", availability_zone="us-east-1a", tags=[ core.CfnTag(key="Name", value=prefix+" public_a") ] ) # PublicSubnetC self.public_subnet_c = ec2.CfnSubnet( self, "public_c", vpc_id=self.vpc.ref, cidr_block="192.168.16.0/20", availability_zone="us-east-1c", tags=[ core.CfnTag(key="Name", value=prefix+" public_c") ] ) self.public_subnet_d = ec2.CfnSubnet( self, "public_d", vpc_id=self.vpc.ref, cidr_block="192.168.32.0/20", availability_zone="us-east-1d", tags=[ core.CfnTag(key="Name", value=prefix+" public_d") ] ) # EIP1 (for NATGW) # eip1 = ec2.CfnEIP( # self, "eip1", # domain="vpc", # ) # eip1.add_depends_on(igw_attachment) # EIP2 (for NATGW) # eip2 = ec2.CfnEIP( # self, "eip2", # domain="vpc", # ) # eip2.add_depends_on(igw_attachment) # NatGatewayA # natgw_a = ec2.CfnNatGateway( # self, "natgw_a", # allocation_id=eip1.attr_allocation_id, # subnet_id=self.public_subnet_a.ref, # tags=[ # core.CfnTag(key="Name", value=name("natgw_a")) # ] # ) # NatGatewayC # natgw_c = ec2.CfnNatGateway( # self, "natgw_c", # allocation_id=eip2.attr_allocation_id, # subnet_id=public_subnet_c.ref, # tags=[ # core.CfnTag(key="Name", value=name("natgw_c")) # ] # ) # RouteTable of PrivateSubnetA # rtb_private_a = ec2.CfnRouteTable( # self, "rtb_private_a", # vpc_id=vpc.ref, # tags=[ # core.CfnTag(key="Name", value=name("rtb_private_a")) # ] # ) # ec2.CfnSubnetRouteTableAssociation( # self, "rtb_private_a_association", # route_table_id=rtb_private_a.ref, # subnet_id=private_subnet_a.ref # ) # ec2.CfnRoute( # self, "route_private_a", # route_table_id=rtb_private_a.ref, # destination_cidr_block="0.0.0.0/0", # nat_gateway_id=natgw_a.ref # ) # RouteTable of PrivateSubnetC # rtb_private_c = ec2.CfnRouteTable( # self, "rtb_private_c", # vpc_id=vpc.ref, # tags=[ # core.CfnTag(key="Name", value=name("rtb_private_c")) # ] # ) # ec2.CfnSubnetRouteTableAssociation( # self, "rtb_private_c_association", # route_table_id=rtb_private_c.ref, # subnet_id=private_subnet_c.ref # ) # ec2.CfnRoute( # self, "route_private_c", # route_table_id=rtb_private_c.ref, # destination_cidr_block="0.0.0.0/0", # nat_gateway_id=natgw_c.ref # ) # RouteTable of PublicSubnetA self.rtb_public_a = ec2.CfnRouteTable( self, "rtb_public_a", vpc_id=self.vpc.ref, tags=[ core.CfnTag(key="Name", value=prefix+"rtb_public_a") ] ) ec2.CfnSubnetRouteTableAssociation( self, "rtb_public_a_association", route_table_id=self.rtb_public_a.ref, subnet_id=self.public_subnet_a.ref ) ec2.CfnSubnetRouteTableAssociation( self, "rtb_public_c_association", route_table_id=self.rtb_public_a.ref, subnet_id=self.public_subnet_c.ref ) ec2.CfnSubnetRouteTableAssociation( self, "rtb_public_d_association", route_table_id=self.rtb_public_a.ref, subnet_id=self.public_subnet_d.ref ) ec2.CfnRoute( self, "route_public_a", route_table_id=self.rtb_public_a.ref, destination_cidr_block="0.0.0.0/0", gateway_id=igw.ref ) # RouteTable of PublicSubnetC # rtb_public_c = ec2.CfnRouteTable( # self, "rtb_public_c", # vpc_id=vpc.ref, # tags=[ # core.CfnTag(key="Name", value=name("rtb_public_c")) # ] # ) # ec2.CfnSubnetRouteTableAssociation( # self, "rtb_public_c_association", # route_table_id=rtb_public_c.ref, # subnet_id=public_subnet_c.ref # ) # ec2.CfnRoute( # self, "route_public_c", # route_table_id=rtb_public_c.ref, # destination_cidr_block="0.0.0.0/0", # gateway_id=igw.ref # ) ami_id = ec2.AmazonLinuxImage(generation = ec2.AmazonLinuxGeneration.AMAZON_LINUX_2).get_image(self).image_id security_group = ec2.SecurityGroup( self, id='InstanceSecurityGroupwww', vpc=self.vpc, security_group_name='stg-'+prefix+'www' ) security_group.add_ingress_rule( peer=ec2.Peer.ipv4('0.0.0.0/0'), connection=ec2.Port.tcp(22), ) security_group.add_ingress_rule( peer=ec2.Peer.ipv4('0.0.0.0/0'), connection=ec2.Port.tcp(80), ) EC2InstanceStgWeb = ec2.CfnInstance(self, "EC2InstanceStgWeb", image_id = ami_id, instance_type = "t3a.micro", monitoring = False, key_name = "stg-intrinio-www01", security_group_ids=[security_group.security_group_id], block_device_mappings = [{ "deviceName": "/dev/xvda", "ebs": { "volumeSize": 10, # "volumeType": "io1", # "iops": 150, # "deleteOnTermination": True } } ], tags = [ { "key": "Name", "value": 'stg'+prefix+'www01' } ], network_interfaces = [{ "deviceIndex": "0", "associatePublicIpAddress": True, "subnetId": self.public_subnet_a.ref, # "groupSet": [web_sg.security_group_id] }], #https: //github.com/aws/aws-cdk/issues/3419 ) # RdsSecurityGroup RdsStgSecurityGroup = ec2.CfnSecurityGroup(self, "RdsStgSecurityGroup", group_name = 'stg-'+prefix+'db01', group_description = 'stg-'+prefix+'db01', vpc_id = self.vpc.ref, security_group_ingress = [ { "ipProtocol" : "tcp", "fromPort" : 3306, "toPort" : 3306, "cidrIp" : "0.0.0.0/0" } ], security_group_egress = [ { "ipProtocol" : "tcp", "fromPort" : 0, "toPort" : 65535, "cidrIp" : "0.0.0.0/0" } ], ) # MyDBSubnetGroup rds_subnet_group = rds.CfnDBSubnetGroup(self, "DBSubnetGroup", db_subnet_group_description = "DBSubnetGroup", subnet_ids = [ self.public_subnet_a.ref, self.public_subnet_c.ref, self.public_subnet_d.ref ] ) DBParameterGroupStg = rds.CfnDBParameterGroup(self, "DBParameterGroupStg", description = "", family = "", parameters = [{'character_set_client': utf8,}] ) rds_params = { 'db_instance_identifier': "stg-test-db01", 'engine': "mysql", 'engine_version': '5.6.39', 'db_instance_class': 'db.t3.micro', 'allocated_storage': '5', 'storage_type': 'gp2', 'db_name': "test", 'master_username': "******", 'master_user_password': "******", 'db_subnet_group_name' : rds_subnet_group.ref, 'publicly_accessible': False, 'multi_az': False, 'preferred_backup_window': "18:00-18:30", 'PreferredMaintenanceWindow': "sat:19:00-sat:19:30", 'auto_minor_version_upgrade': False, 'db_parameter_group_name': DBParameterGroupStg, 'vpc_security_groups': [RdsStgSecurityGroup.ref], 'copy_tags_to_snapshot': True, 'backup_retention_period': 7, 'enable_performance_insights': True, 'delete_automated_backups': True, 'deletion_protection': False, 'availability_zone': self.public_subnet_a.ref, # 'storage_encrypted': False, } self.rds = rds.CfnDBInstance(self, 'staff-rds', **rds_params) core.CfnOutput(self, "Output", value=self.vpc.ref)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # vpc = ec2.Vpc(self, "VPC", # cidr = "10.1.0.0/16", # max_azs = 2, # subnet_configuration =[ # ec2.SubnetConfiguration(name='edx-subnet-Public', subnet_type=ec2.SubnetType.PUBLIC, cidr_mask=24), # ec2.SubnetConfiguration(name='edx-subnet-Private', subnet_type=ec2.SubnetType.PRIVATE, cidr_mask=24), # ] # ) # core.Tag.add(vpc, key = "Name", value = "edx-build-aws-vpc") # core.Tag.add(vpc.public_subnets[0], key = "Name", value = "edx-subnet-public-a") # core.Tag.add(vpc.public_subnets[1], key = "Name", value = "edx-subnet-public-b") # core.Tag.add(vpc.private_subnets[0], key = "Name", value = "edx-subnet-public-a") # core.Tag.add(vpc.private_subnets[1], key = "Name", value = "edx-subnet-public-b") # Exercise 3 # Create VPC vpc = ec2.CfnVPC(self, "VPC", cidr_block="10.1.0.0/16", tags=[{ "key": "Name", "value": "edx-build-aws-vpc" }]) # Create Internet Gateway internet_gateway = ec2.CfnInternetGateway(self, "InternetGateway", tags=[{ "key": "Name", "value": "edx-igw" }]) # Attach Gateway attach_gateway = ec2.CfnVPCGatewayAttachment( self, "AttachGateway", vpc_id=vpc.ref, internet_gateway_id=internet_gateway.ref) # Create EIP1 eip_1 = ec2.CfnEIP(self, "EIP1", domain="vpc") # Create Public Subnet 1 public_subnet_1 = ec2.CfnSubnet(self, "PublicSubnet1", availability_zone=core.Fn.select( 0, core.Fn.get_azs(core.Aws.REGION)), cidr_block="10.1.1.0/24", vpc_id=vpc.ref, map_public_ip_on_launch=True, tags=[{ "key": "Name", "value": "edx-subnet-public-a" }]) # Create Nat Gateway 1 nat_gateway_1 = ec2.CfnNatGateway( self, "NatGateway1", allocation_id=eip_1.attr_allocation_id, subnet_id=public_subnet_1.ref) # Create Private Route Table 1 private_route_table_1 = ec2.CfnRouteTable(self, "PrivateRouteTable1", vpc_id=vpc.ref, tags=[{ "key": "Name", "value": "edx-routetable-private1" }]) # Create Private Route 1 private_route_1 = ec2.CfnRoute( self, "PrivateRoute1", route_table_id=private_route_table_1.ref, destination_cidr_block="0.0.0.0/0", nat_gateway_id=nat_gateway_1.ref) # Create EIP2 eip_2 = ec2.CfnEIP(self, "EIP2", domain="vpc") # Create Public Subnet 2 public_subnet_2 = ec2.CfnSubnet(self, "PublicSubnet2", availability_zone=core.Fn.select( 1, core.Fn.get_azs(core.Aws.REGION)), cidr_block="10.1.2.0/24", vpc_id=vpc.ref, map_public_ip_on_launch=True, tags=[{ "key": "Name", "value": "edx-subnet-public-b" }]) # Create Nat Gateway 2 nat_gateway_2 = ec2.CfnNatGateway( self, "NatGateway2", allocation_id=eip_2.attr_allocation_id, subnet_id=public_subnet_2.ref) # Create Private Route Table 2 private_route_table_2 = ec2.CfnRouteTable(self, "PrivateRouteTable2", vpc_id=vpc.ref, tags=[{ "key": "Name", "value": "edx-routetable-private2" }]) # Create Private Route 2 private_route_2 = ec2.CfnRoute( self, "PrivateRoute2", route_table_id=private_route_table_2.ref, destination_cidr_block="0.0.0.0/0", nat_gateway_id=nat_gateway_2.ref) # Create Public Route Table public_route_table = ec2.CfnRouteTable(self, "PublicRouteTable", vpc_id=vpc.ref, tags=[{ "key": "Name", "value": "edx-routetable-public" }]) # Create Public Default Route public_default_route = ec2.CfnRoute( self, "PublicDefaultRoute", route_table_id=public_route_table.ref, destination_cidr_block="0.0.0.0/0", gateway_id=internet_gateway.ref) # Create Public Route Association 1 public_route_association_1 = ec2.CfnSubnetRouteTableAssociation( self, "PublicRouteAssociation1", route_table_id=public_route_table.ref, subnet_id=public_subnet_1.ref) # Create Public Route Association 12 public_route_association_2 = ec2.CfnSubnetRouteTableAssociation( self, "PublicRouteAssociation2", route_table_id=public_route_table.ref, subnet_id=public_subnet_2.ref) # Create Private Subnet 1 private_subnet_1 = ec2.CfnSubnet(self, "PrivateSubnet1", availability_zone=core.Fn.select( 0, core.Fn.get_azs(core.Aws.REGION)), cidr_block="10.1.3.0/24", vpc_id=vpc.ref, tags=[{ "key": "Name", "value": "edx-subnet-private-a" }]) # Create Private Subnet 2 private_subnet_2 = ec2.CfnSubnet(self, "PrivateSubnet2", availability_zone=core.Fn.select( 1, core.Fn.get_azs(core.Aws.REGION)), cidr_block="10.1.4.0/24", vpc_id=vpc.ref, tags=[{ "key": "Name", "value": "edx-subnet-private-b" }]) # Create Private Route Association 1 private_route_association_1 = ec2.CfnSubnetRouteTableAssociation( self, "PrivateRouteAssociation1", route_table_id=private_route_table_1.ref, subnet_id=private_subnet_1.ref) # Create Private Route Association 2 private_route_association_1 = ec2.CfnSubnetRouteTableAssociation( self, "PrivateRouteAssociation2", route_table_id=private_route_table_2.ref, subnet_id=private_subnet_2.ref) # Output core.CfnOutput(self, "VPCOutput", value=vpc.ref, description="VPC", export_name="VPC") core.CfnOutput(self, "PublicSubnet1Output", value=public_subnet_1.ref, description="PublicSubnet1", export_name="PublicSubnet1") core.CfnOutput(self, "PublicSubnet2Output", value=public_subnet_2.ref, description="PublicSubnet2", export_name="PublicSubnet2") core.CfnOutput(self, "PrivateSubnet1Output", value=private_subnet_1.ref, description="PrivateSubnet1", export_name="PrivateSubnet1") core.CfnOutput(self, "PrivateSubnet2Output", value=private_subnet_2.ref, description="PrivateSubnet2", export_name="PrivateSubnet2")
def __init__(self, scope: core.Construct, id: str, data, iam_vars) -> None: super().__init__(scope, id) # VPC vpc = ec2.CfnVPC(self, "cdk-vpc", cidr_block=data["vpc"]) igw = ec2.CfnInternetGateway(self, id="igw") ec2.CfnVPCGatewayAttachment(self, id="igw-attach", vpc_id=vpc.ref, internet_gateway_id=igw.ref) public_route_table = ec2.CfnRouteTable(self, id="public_route_table", vpc_id=vpc.ref) ec2.CfnRoute(self, id="public_route", route_table_id=public_route_table.ref, destination_cidr_block="0.0.0.0/0", gateway_id=igw.ref) public_subnets = [] for i, s in enumerate(data["subnets"]["public"]): subnet = ec2.CfnSubnet(self, id="public_{}".format(s), cidr_block=s, vpc_id=vpc.ref, availability_zone=core.Fn.select( i, core.Fn.get_azs()), map_public_ip_on_launch=True) public_subnets.append(subnet) ec2.CfnSubnetRouteTableAssociation( self, id="public_{}_association".format(s), route_table_id=public_route_table.ref, subnet_id=subnet.ref) eip = ec2.CfnEIP(self, id="natip") nat = ec2.CfnNatGateway(self, id="nat", allocation_id=eip.attr_allocation_id, subnet_id=public_subnets[0].ref) private_route_table = ec2.CfnRouteTable(self, id="private_route_table", vpc_id=vpc.ref) ec2.CfnRoute(self, id="private_route", route_table_id=private_route_table.ref, destination_cidr_block="0.0.0.0/0", nat_gateway_id=nat.ref) private_subnets = [] for i, s in enumerate(data["subnets"]["private"]): subnet = ec2.CfnSubnet(self, id="private_{}".format(s), cidr_block=s, vpc_id=vpc.ref, availability_zone=core.Fn.select( i, core.Fn.get_azs()), map_public_ip_on_launch=False) private_subnets.append(subnet) ec2.CfnSubnetRouteTableAssociation( self, id="private_{}_association".format(s), route_table_id=private_route_table.ref, subnet_id=subnet.ref) # Security groups lb_sg = ec2.CfnSecurityGroup(self, id="lb", group_description="LB SG", vpc_id=vpc.ref) lambda_sg = ec2.CfnSecurityGroup(self, id="lambda", group_description="Lambda SG", vpc_id=vpc.ref) public_prefix = ec2.CfnPrefixList(self, id="cidr_prefix", address_family="IPv4", max_entries=1, prefix_list_name="public", entries=[{ "cidr": "0.0.0.0/0", "description": "Public" }]) _sg_rules = [{ 'sg': lb_sg.attr_group_id, 'rules': [{ "direction": "ingress", "description": "HTTP from Internet", "from_port": 80, "to_port": 80, "protocol": "tcp", "cidr_blocks": public_prefix.ref }, { "direction": "egress", "description": "LB to Lambda", "from_port": 80, "to_port": 80, "protocol": "tcp", "source_security_group_id": lambda_sg.attr_group_id }] }, { "sg": lambda_sg.attr_group_id, "rules": [{ "direction": "ingress", "description": "HTTP from LB", "from_port": 80, "to_port": 80, "protocol": "tcp", "source_security_group_id": lb_sg.attr_group_id }, { "direction": "egress", "description": "All to Internet", "from_port": 0, "to_port": 65535, "protocol": "tcp", "cidr_blocks": public_prefix.ref }] }] for ruleset in _sg_rules: for rule in ruleset["rules"]: if rule["direction"] == "ingress": ec2.CfnSecurityGroupIngress( self, id=rule["description"].replace(" ", "_"), description=rule["description"], to_port=rule["to_port"], from_port=rule["from_port"], ip_protocol=rule["protocol"], group_id=ruleset["sg"], source_prefix_list_id=rule["cidr_blocks"] if "cidr_blocks" in rule else None, source_security_group_id=rule[ "source_security_group_id"] if "source_security_group_id" in rule else None) else: ec2.CfnSecurityGroupEgress( self, id=rule["description"].replace(" ", "_"), description=rule["description"], to_port=rule["to_port"], from_port=rule["from_port"], ip_protocol=rule["protocol"], group_id=ruleset["sg"], destination_prefix_list_id=rule["cidr_blocks"] if "cidr_blocks" in rule else None, destination_security_group_id=rule[ "source_security_group_id"] if "source_security_group_id" in rule else None) # IAM assume_policy_doc = iam.PolicyDocument() for statement in iam_vars["assume"]["Statement"]: _statement = iam.PolicyStatement(actions=[statement["Action"]], ) _statement.add_service_principal(statement["Principal"]["Service"]) assume_policy_doc.add_statements(_statement) role = iam.CfnRole(self, id="iam_role", path="/", assume_role_policy_document=assume_policy_doc) role_policy_doc = iam.PolicyDocument() for statement in iam_vars["policy"]["Statement"]: _statement = iam.PolicyStatement(actions=statement["Action"], resources=["*"]) role_policy_doc.add_statements(_statement) policy = iam.CfnPolicy(self, id="iam_policy", policy_document=role_policy_doc, policy_name="cdkPolicy", roles=[role.ref]) # Lambda shutil.make_archive("../lambda", 'zip', "../lambda/") s3_client = boto3.client('s3') s3_client.upload_file("../lambda.zip", "cloudevescops-zdays-demo", "cdk.zip") function = lmd.CfnFunction(self, id="lambda_function", handler="lambda.lambda_handler", role=role.attr_arn, runtime="python3.7", code={ "s3Bucket": "cloudevescops-zdays-demo", "s3Key": "cdk.zip" }, vpc_config={ "securityGroupIds": [lambda_sg.ref], "subnetIds": [s.ref for s in private_subnets] }, environment={"variables": { "TOOL": "CDK" }}) # LB lb = alb.CfnLoadBalancer(self, id="alb", name="lb-cdk", scheme="internet-facing", type="application", subnets=[s.ref for s in public_subnets], security_groups=[lb_sg.ref]) lmd.CfnPermission(self, id="lambda_permis", action="lambda:InvokeFunction", function_name=function.ref, principal="elasticloadbalancing.amazonaws.com") tg = alb.CfnTargetGroup(self, id="alb_tg", name="lambda-cdk", target_type="lambda", health_check_enabled=True, health_check_interval_seconds=40, health_check_path="/", health_check_timeout_seconds=30, targets=[{ "id": function.get_att("Arn").to_string() }], matcher={"httpCode": "200"}) alb.CfnListener(self, id="listener", default_actions=[{ "type": "forward", "targetGroupArn": tg.ref }], load_balancer_arn=lb.ref, port=80, protocol="HTTP") core.CfnOutput(self, id="fqdn", value=lb.attr_dns_name)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Contexts PRJ = self.node.try_get_context("prj") CIDR_VPC = self.node.try_get_context("cidr-out-vpc") CIDR_NGW_SUBNET = self.node.try_get_context("cidr-out-ngw-subnet") CIDR_TGW_SUBNET = self.node.try_get_context("cidr-out-tgw-subnet") # Parameters # Functions def nametag(x): return core.CfnTag(key="Name", value="{}/{}".format(PRJ, x)) # ### Resources # VPC self.vpc = ec2.CfnVPC(self, "vpc", cidr_block=CIDR_VPC, tags=[nametag("outVpc")]) # Ngw Subnet self.ngw_subnet = ec2.CfnSubnet(self, "ngwSubnet", cidr_block=CIDR_NGW_SUBNET, vpc_id=self.vpc.ref, map_public_ip_on_launch=False, availability_zone="ap-northeast-1a", tags=[nametag("outNgwSubnet")]) # Tgw Subnet self.tgw_subnet = ec2.CfnSubnet(self, "tgwSubnet", cidr_block=CIDR_TGW_SUBNET, vpc_id=self.vpc.ref, map_public_ip_on_launch=False, availability_zone="ap-northeast-1a", tags=[nametag("outTgwSubnet")]) # IGW self.igw = ec2.CfnInternetGateway(self, "igw", tags=[nametag("outIgw")]) igw_attachment = ec2.CfnVPCGatewayAttachment( self, "igwAttachment", vpc_id=self.vpc.ref, internet_gateway_id=self.igw.ref) # EIP for NATGW eip = ec2.CfnEIP(self, "eip", domain="vpc", tags=[nametag("outNatgwEip")]) eip.add_depends_on(igw_attachment) # NATGW self.natgw = ec2.CfnNatGateway(self, "natgw", allocation_id=eip.attr_allocation_id, subnet_id=self.ngw_subnet.ref, tags=[nametag("outNatgw")]) # RouteTable(NGW Subnet) self.ngw_rtb = ec2.CfnRouteTable(self, "ngwRtb", vpc_id=self.vpc.ref, tags=[nametag("outNgwRtb")]) ec2.CfnSubnetRouteTableAssociation(self, "ngwRtbAssoc", route_table_id=self.ngw_rtb.ref, subnet_id=self.ngw_subnet.ref) # RouteTable(TGW Subnet) self.tgw_rtb = ec2.CfnRouteTable(self, "tgwRtb", vpc_id=self.vpc.ref, tags=[nametag("outTgwRtb")]) ec2.CfnSubnetRouteTableAssociation(self, "tgwRtbAssoc", route_table_id=self.tgw_rtb.ref, subnet_id=self.tgw_subnet.ref)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # The code that defines your stack goes here # vpc network vpc = aws_ec2.CfnVPC(self, 'VPC', cidr_block='10.0.0.0/16', enable_dns_hostnames=True, enable_dns_support=True, instance_tenancy='default', tags=[core.CfnTag(key='Name', value='vpc')]) internetgateway = aws_ec2.CfnInternetGateway( self, 'internetgateway', tags=[core.CfnTag(key='Name', value='internetgateway')]) aws_ec2.CfnVPCGatewayAttachment( self, 'VPCGatewayAttachment', vpc_id=vpc.ref, internet_gateway_id=internetgateway.ref) networkacl = aws_ec2.CfnNetworkAcl( self, 'NetworkAcl', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='networkacl')]) aws_ec2.CfnNetworkAclEntry(self, 'NetworkAclEntry01', network_acl_id=networkacl.ref, protocol=-1, rule_action='allow', rule_number=100, cidr_block='0.0.0.0/0', egress=True) aws_ec2.CfnNetworkAclEntry(self, 'NetworkAclEntry03', network_acl_id=networkacl.ref, protocol=-1, rule_action='allow', rule_number=100, cidr_block='0.0.0.0/0', egress=False) # public network publicsubnet01 = aws_ec2.CfnSubnet( self, 'publicsubnet01', cidr_block='10.0.0.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name', value='publicsubnet01')]) publicsubnet02 = aws_ec2.CfnSubnet( self, 'publicsubnet02', cidr_block='10.0.1.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name', value='publicsubnet02')]) publicsubnet03 = aws_ec2.CfnSubnet( self, 'publicsubnet03', cidr_block='10.0.2.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name', value='publicsubnet03')]) publicroutetable01 = aws_ec2.CfnRouteTable( self, 'publicroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='publicroutetable01')]) publicroutetable02 = aws_ec2.CfnRouteTable( self, 'publicroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='publicroutetable02')]) publicroutetable03 = aws_ec2.CfnRouteTable( self, 'publicroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='publicroutetable03')]) aws_ec2.CfnRoute( self, 'publicroute01', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable01.ref, ) aws_ec2.CfnRoute(self, 'publicroute02', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable02.ref) aws_ec2.CfnRoute(self, 'publicroute03', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable03.ref) aws_ec2.CfnSubnetRouteTableAssociation( self, 'publicsubnetroutetableassociation01', route_table_id=publicroutetable01.ref, subnet_id=publicsubnet01.ref) aws_ec2.CfnSubnetRouteTableAssociation( self, 'publicsubnetroutetableassociation02', route_table_id=publicroutetable02.ref, subnet_id=publicsubnet02.ref) aws_ec2.CfnSubnetRouteTableAssociation( self, 'publicsubnetroutetableassociation03', route_table_id=publicroutetable03.ref, subnet_id=publicsubnet03.ref) aws_ec2.CfnSubnetNetworkAclAssociation( self, 'publicSubnetNetworkAclAssociation01', network_acl_id=networkacl.ref, subnet_id=publicsubnet01.ref) aws_ec2.CfnSubnetNetworkAclAssociation( self, 'publicSubnetNetworkAclAssociation02', network_acl_id=networkacl.ref, subnet_id=publicsubnet02.ref) aws_ec2.CfnSubnetNetworkAclAssociation( self, 'publicSubnetNetworkAclAssociation03', network_acl_id=networkacl.ref, subnet_id=publicsubnet03.ref) # private network privatesubnet01 = aws_ec2.CfnSubnet( self, 'privatesubnet01', cidr_block='10.0.11.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name', value='privatesubnet01')]) privatesubnet02 = aws_ec2.CfnSubnet( self, 'privatesubnet02', cidr_block='10.0.12.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name', value='privatesubnet02')]) privatesubnet03 = aws_ec2.CfnSubnet( self, 'privatesubnet03', cidr_block='10.0.13.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name', value='privatesubnet03')]) privateroutetable01 = aws_ec2.CfnRouteTable( self, 'privateroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='privateroutetable01')]) privateroutetable02 = aws_ec2.CfnRouteTable( self, 'privateroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='privateroutetable02')]) privateroutetable03 = aws_ec2.CfnRouteTable( self, 'privateroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='privateroutetable03')]) aws_ec2.CfnSubnetRouteTableAssociation( self, 'privatesubnetroutetableassociation01', route_table_id=privateroutetable01.ref, subnet_id=privatesubnet01.ref) aws_ec2.CfnSubnetRouteTableAssociation( self, 'privatesubnetroutetableassociation02', route_table_id=privateroutetable02.ref, subnet_id=privatesubnet02.ref) aws_ec2.CfnSubnetRouteTableAssociation( self, 'privatesubnetroutetableassociation03', route_table_id=privateroutetable03.ref, subnet_id=privatesubnet03.ref) eip01 = aws_ec2.CfnEIP(self, 'eip01', tags=[core.CfnTag(key='Name', value='eip01')]) eip02 = aws_ec2.CfnEIP(self, 'eip02', tags=[core.CfnTag(key='Name', value='eip02')]) eip03 = aws_ec2.CfnEIP(self, 'eip03', tags=[core.CfnTag(key='Name', value='eip03')]) natgateway01 = aws_ec2.CfnNatGateway( self, 'natgateway01', allocation_id=eip01.attr_allocation_id, subnet_id=publicsubnet01.ref, tags=[core.CfnTag(key='Name', value='natgateway01')]) natgateway02 = aws_ec2.CfnNatGateway( self, 'natgateway02', allocation_id=eip02.attr_allocation_id, subnet_id=publicsubnet02.ref, tags=[core.CfnTag(key='Name', value='natgateway02')]) natgateway03 = aws_ec2.CfnNatGateway( self, 'natgateway03', allocation_id=eip03.attr_allocation_id, subnet_id=publicsubnet03.ref, tags=[core.CfnTag(key='Name', value='natgateway03')]) aws_ec2.CfnRoute(self, 'privateroute01', destination_cidr_block='0.0.0.0/0', nat_gateway_id=natgateway01.ref, route_table_id=privateroutetable01.ref) aws_ec2.CfnRoute(self, 'privateroute02', destination_cidr_block='0.0.0.0/0', nat_gateway_id=natgateway02.ref, route_table_id=privateroutetable02.ref) aws_ec2.CfnRoute(self, 'privateroute03', destination_cidr_block='0.0.0.0/0', nat_gateway_id=natgateway03.ref, route_table_id=privateroutetable03.ref) aws_ec2.CfnSubnetNetworkAclAssociation( self, 'privateSubnetNetworkAclAssociation01', network_acl_id=networkacl.ref, subnet_id=privatesubnet01.ref) aws_ec2.CfnSubnetNetworkAclAssociation( self, 'privateSubnetNetworkAclAssociation02', network_acl_id=networkacl.ref, subnet_id=privatesubnet02.ref) aws_ec2.CfnSubnetNetworkAclAssociation( self, 'privateSubnetNetworkAclAssociation03', network_acl_id=networkacl.ref, subnet_id=privatesubnet03.ref) # isolate network ''' isolatesubnet01 = aws_ec2.CfnSubnet(self, 'isolatesubnet01', cidr_block='10.0.21.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name', value='isolatesubnet01')]) isolatesubnet02 = aws_ec2.CfnSubnet(self, 'isolatesubnet02', cidr_block='10.0.22.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name', value='isolatesubnet02')]) isolatesubnet03 = aws_ec2.CfnSubnet(self, 'isolatesubnet03', cidr_block='10.0.23.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name', value='isolatesubnet03')]) isolateroutetable01 = aws_ec2.CfnRouteTable(self, 'isolateroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='isolateroutetable01')]) isolateroutetable02 = aws_ec2.CfnRouteTable(self, 'isolateroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='isolateroutetable02')]) isolateroutetable03 = aws_ec2.CfnRouteTable(self, 'isolateroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='isolateroutetable03')]) aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation01', route_table_id=isolateroutetable01.ref, subnet_id=isolatesubnet01.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation02', route_table_id=isolateroutetable02.ref, subnet_id=isolatesubnet02.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation03', route_table_id=isolateroutetable03.ref, subnet_id=isolatesubnet03.ref) aws_ec2.CfnSubnetNetworkAclAssociation(self, 'isolateSubnetNetworkAclAssociation01', network_acl_id=networkacl.ref, subnet_id=isolatesubnet01.ref) aws_ec2.CfnSubnetNetworkAclAssociation(self, 'isolateSubnetNetworkAclAssociation02', network_acl_id=networkacl.ref, subnet_id=isolatesubnet02.ref) aws_ec2.CfnSubnetNetworkAclAssociation(self, 'isolateSubnetNetworkAclAssociation03', network_acl_id=networkacl.ref, subnet_id=isolatesubnet03.ref) ''' # output core.CfnOutput(self, 'output01', value=vpc.ref, description='vpcid', export_name='vpcid01') core.CfnOutput(self, 'output02', value=publicsubnet01.ref, description='publicsubnet01', export_name='publicsubnet01') core.CfnOutput(self, 'output03', value=publicsubnet02.ref, description='publicsubnet02', export_name='publicsubnet02') core.CfnOutput(self, 'output04', value=publicsubnet03.ref, description='publicsubnet03', export_name='publicsubnet03') core.CfnOutput(self, 'output05', value=privatesubnet01.ref, description='privatesubnet01', export_name='privatesubnet01') core.CfnOutput(self, 'output06', value=privatesubnet02.ref, description='privatesubnet02', export_name='privatesubnet02') core.CfnOutput(self, 'output07', value=privatesubnet03.ref, description='privatesubnet03', export_name='privatesubnet03')
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # create defalut vpc (us-east-1) # 1 VPC # 2 PublicSubnet, 2 Private Subnet # 4 Route Table, Each subnet will get each route table # Private Route Table will attach NATGateway (2 NATGateway, 2 EIP) # Public Route Table will attach InternetGateway # vpc = ec2.Vpc(self, "Mindy-VPC") # ############################# # # VPC # ############################# # # https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_ec2/Vpc.html # subnet_amount = 2 # subnet_list = [] # # public subnet # public_subnet = ec2.SubnetConfiguration( # name = 'My-Public', # subnet_type = ec2.SubnetType.PUBLIC, # cidr_mask=24 # ) # subnet_list.append(public_subnet) # # private subnet # # private_subnet = ec2.SubnetConfiguration( # # name = 'My-Private', # # subnet_type = ec2.SubnetType.PRIVATE, # # cidr_mask=24 # # ) # # subnet_list.append(private_subnet) # # vpc setting # VPC_id = 'My Lab VPC' # CIDR = '10.0.0.0/16' # vpc = ec2.Vpc( # self, # VPC_id, # cidr=CIDR, # max_azs=subnet_amount, # nat_gateways=0, # nat_gateway_subnets=None, # subnet_configuration=subnet_list, # vpn_connections=None, # vpn_gateway=None, # vpn_gateway_asn=None, # vpn_route_propagation=None # ) # # output # core.CfnOutput( # self, # 'VPC-CIDR', # value=vpc.vpc_cidr_block # ) # core.CfnOutput( # self, # 'VPC-id', # value=vpc.vpc_id # ) # for i in range(len(vpc.availability_zones)): # core.CfnOutput( # self, # 'VPC-AZ-%s'%(i+1), # value=vpc.availability_zones[i] # ) # for i in range(len(vpc.public_subnets)): # core.CfnOutput( # self, # 'VPC-Public-Subnet-%s'%(i+1), # value=vpc.public_subnets[i].subnet_id # ) # core.CfnOutput( # self, # 'VPC-Public-Subnet-%s-Route-Table-id'%(i+1), # value=vpc.public_subnets[i].route_table.route_table_id # ) # # for i in range(len(vpc.private_subnets)): # # core.CfnOutput( # # self, # # 'VPC-Private-Subnet-%s'%(i+1), # # value=vpc.private_subnets[i].subnet_id # # ) # # core.CfnOutput( # # self, # # 'VPC-Private-Subnet-%s-Route-Table-id'%(i+1), # # value=vpc.private_subnets[i].route_table.route_table_id # # ) ########################## # Resource ########################## ########################## # VPC setting ########################## # VPC # https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_ec2/CfnVPC.html# vpc = ec2.CfnVPC(self, 'My Lab VPC', cidr_block='10.0.0.0/16', enable_dns_hostnames=None, enable_dns_support=None, instance_tenancy=None, tags=[{ 'key': 'Name', 'value': 'My Lab VPC' }]) # Sets the deletion policy of the resource based on the removal policy specified. vpc.apply_removal_policy(policy=core.RemovalPolicy.DESTROY) # Internet Gateway # https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_ec2/CfnInternetGateway.html igw = ec2.CfnInternetGateway(self, 'My Internet Gateway', tags=[{ 'key': 'Name', 'value': 'My IGW' }]) igw.apply_removal_policy(policy=core.RemovalPolicy.DESTROY) # VPC Gateway Attachment # https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_ec2/CfnVPCGatewayAttachment.html vpc_gateway_attachment = ec2.CfnVPCGatewayAttachment( self, 'My VPC Gateway Attachment', vpc_id=vpc.ref, internet_gateway_id=igw.ref) # Public Route Table # https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_ec2/CfnRouteTable.html public_route_table = ec2.CfnRouteTable(self, 'My Public Route Table', vpc_id=vpc.ref, tags=[{ 'key': 'Name', 'value': 'My Public Route Table' }]) # Public Route # https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_ec2/CfnRoute.html public_route = ec2.CfnRoute(self, 'My Public Route', destination_cidr_block='0.0.0.0/0', route_table_id=public_route_table.ref, gateway_id=igw.ref) # get all az in this regions # https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.core/Fn.html azs = core.Fn.get_azs() # Public Subnet # https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_ec2/CfnSubnet.html public_sunet1 = ec2.CfnSubnet(self, 'Public-Subnet-1', cidr_block='10.0.1.0/24', vpc_id=vpc.ref, assign_ipv6_address_on_creation=None, availability_zone=core.Fn.select(0, azs), ipv6_cidr_block=None, map_public_ip_on_launch=True, tags=[{ 'key': 'Name', 'value': 'Public-Subnet-1' }]) public_sunet2 = ec2.CfnSubnet(self, 'Public-Subnet-2', cidr_block='10.0.3.0/24', vpc_id=vpc.ref, assign_ipv6_address_on_creation=None, availability_zone=core.Fn.select(1, azs), ipv6_cidr_block=None, map_public_ip_on_launch=True, tags=[{ 'key': 'Name', 'value': 'Public-Subnet-2' }]) # Route Table Association (Public-Subnet-1, Public-Subnet-2) # https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_ec2/CfnSubnetRouteTableAssociation.html associate_public_subnet1 = ec2.CfnSubnetRouteTableAssociation( self, 'PublicSubnet1RouteTableAssociation', route_table_id=public_route_table.ref, subnet_id=public_sunet1.ref) associate_public_subnet2 = ec2.CfnSubnetRouteTableAssociation( self, 'PublicSubnet2RouteTableAssociation', route_table_id=public_route_table.ref, subnet_id=public_sunet2.ref) # NACL Association to subnets # https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_ec2/CfnSubnetNetworkAclAssociation.html public_subnet1_network_acl_association = ec2.CfnSubnetNetworkAclAssociation( self, 'PublicSubnet1NetworkAclAssociation', network_acl_id=vpc.attr_default_network_acl, subnet_id=public_sunet1.ref) public_subnet2_network_acl_association = ec2.CfnSubnetNetworkAclAssociation( self, 'PublicSubnet2NetworkAclAssociation', network_acl_id=vpc.attr_default_network_acl, subnet_id=public_sunet2.ref) ########################## # Output ########################## core.CfnOutput(self, 'vpc-id', value=vpc.ref) core.CfnOutput(self, 'vpc-CIDR', value=vpc.cidr_block) core.CfnOutput(self, 'igw-id', value=igw.ref) core.CfnOutput(self, 'Public Sunet 1', value=public_sunet1.ref) core.CfnOutput(self, 'Public Sunet 2', value=public_sunet2.ref)
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) # Create an empty VPC # If you don't specify any other resources EXCEPT the VPC, there's a standard template applied vpc = ec2.Vpc( self, id="MyVPC", nat_gateways=0, cidr="192.168.0.0/20", max_azs=1, subnet_configuration=[], ) # A couple of subnets app_subnet = ec2.CfnSubnet( self, id="Application", vpc_id=vpc.vpc_id, availability_zone="eu-central-1a", cidr_block="192.168.1.0/24", map_public_ip_on_launch=False, tags=[core.CfnTag(key="Name", value="Application")]) web_subnet = ec2.CfnSubnet( self, id="Webhost", vpc_id=vpc.vpc_id, availability_zone="eu-central-1b", cidr_block="192.168.2.0/24", map_public_ip_on_launch=True, tags=[core.CfnTag(key="Name", value="WebHost")]) # A couple of route tables private_rt = ec2.CfnRouteTable( self, id="Private_RT", vpc_id=vpc.vpc_id, tags=[core.CfnTag(key="Name", value="Private_RT")]) public_rt = ec2.CfnRouteTable( self, id="Public_RT", vpc_id=vpc.vpc_id, tags=[core.CfnTag(key="Name", value="Public_RT")]) # How to associate a subnet with a route table ec2.CfnSubnetRouteTableAssociation(self, id="WebHostRTAssoc", subnet_id=web_subnet.ref, route_table_id=public_rt.ref) ec2.CfnSubnetRouteTableAssociation(self, id="ApplicationRTAssoc", subnet_id=app_subnet.ref, route_table_id=private_rt.ref) # A gateway (Internet Gateway in this case) igw = ec2.CfnInternetGateway( self, id="MyIGW", tags=[core.CfnTag(key="Name", value="IGW")]) # How to associate a gateway to a VPC (IGW in this case - for VGW use vpn_gateway_id=blablabla) ec2.CfnVPCGatewayAttachment(self, id="IGW_Assoc", vpc_id=vpc.vpc_id, internet_gateway_id=igw.ref) # Elastic IP eip_01 = ec2.CfnEIP(self, id="EIP01") # NAT gateway ngw = ec2.CfnNatGateway(self, id="NAT_GW", allocation_id=eip_01.attr_allocation_id, subnet_id=web_subnet.ref, tags=[core.CfnTag(key="Name", value="NAT_GW")]) ngw.add_depends_on(eip_01) # Add a route to a route table default_route_public = ec2.CfnRoute(self, id="DefaultRoutePublic", route_table_id=public_rt.ref, destination_cidr_block="0.0.0.0/0", gateway_id=igw.ref) default_route_public.add_depends_on(igw) default_route_private = ec2.CfnRoute( self, id="DefaultRouteprivate", route_table_id=private_rt.ref, destination_cidr_block="0.0.0.0/0", nat_gateway_id=ngw.ref) default_route_private.add_depends_on(ngw) ### Security Groups ### # PUBLIC SUBNET SG sg_public = ec2.CfnSecurityGroup( self, id="SG_PUBLIC", group_description="SG for the Public Subnet", group_name="SG_PUBLIC", vpc_id=vpc.vpc_id, tags=[core.CfnTag(key="Name", value="SG_Public")]) my_home_ip = requests.get("https://api.my-ip.io/ip.json").json()['ip'] ports_pub = {'tcp': [22, 80], 'icmp': [-1]} for protocl, ports_list in ports_pub.items(): for port in ports_list: ec2.CfnSecurityGroupIngress( self, id=f"sg_pub_in_{protocl}_{port}", group_id=sg_public.attr_group_id, ip_protocol=protocl, cidr_ip=f"{my_home_ip}/32", to_port=port, from_port=port, description=f"{protocl.upper()} {port} from home IP") # SG INGRESS ENTRIES - ICMP - EXAMPLE # sg_in_icmp = ec2.CfnSecurityGroupIngress(self, id="SG_PUB_IN_ICMP", # group_id=sg_public.attr_group_id, # ip_protocol = "icmp", # cidr_ip = f"{my_home_ip}/32", # to_port = -1, # from_port = -1, # description = "ICMP FROM HOME") # SG EGRESS ENTRIES - AUTO-IMPLIED IF NOT CONFIGURED # sg_out_all = ec2.CfnSecurityGroupEgress(self, id="SG_PUB_OUT_ALL", # group_id=sg_public.attr_group_id, # ip_protocol="-1", # cidr_ip="0.0.0.0/0") # PRIVATE SUBNET SG sg_private = ec2.CfnSecurityGroup( self, id="SG_PRIVATE", group_description="SG for the Private Subnet", group_name="SG_PRIVATE", vpc_id=vpc.vpc_id, tags=[core.CfnTag(key="Name", value="SG_Private")]) sg_private.add_depends_on(sg_public) ports_priv = {'tcp': [22, 21, 53, 3368, 80], 'icmp': [-1]} for protocl, ports_list in ports_priv.items(): for port in ports_list: ec2.CfnSecurityGroupIngress( self, id=f"sg_priv_in_{protocl}_{port}", group_id=sg_private.attr_group_id, description= f"{protocl.upper()}:{port} from the public subnet only", ip_protocol=protocl, from_port=port, to_port=port, source_security_group_id=sg_public.ref) ### EC2 Instances ### # Generate some user data _ WIP # user_data = ec2.UserData.custom # One in the public subnet webserver01 = ec2.CfnInstance( self, id="WebServer01", image_id="ami-0de9f803fcac87f46", instance_type="t2.micro", subnet_id=web_subnet.ref, key_name="proton_mail_kp", security_group_ids=[sg_public.ref], tags=[core.CfnTag(key="Name", value="WebServer01")]) appserver01 = ec2.CfnInstance( self, id="AppServer01", image_id="ami-0de9f803fcac87f46", instance_type="t2.micro", subnet_id=app_subnet.ref, key_name="proton_mail_kp", security_group_ids=[sg_private.ref], tags=[core.CfnTag(key="Name", value="AppServer01")])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) prefix = self.node.try_get_context("project_name") env_name = self.node.try_get_context("env") cidr = self.node.try_get_context("cidir") # cidr = "192.168.0.0/16" # prefix = "test" # def name(s): return "{0}/{1}".format(prefix, s) def name(s): return "{0} {1}".format(prefix, s) # VPC self.vpc = ec2.CfnVPC( self, "vpc", cidr_block=cidr, enable_dns_hostnames=True, enable_dns_support=True, tags=[ core.CfnTag(key="Name", value=prefix+' VPC') ] ) # InternetGateway igw = ec2.CfnInternetGateway( self, "igw", tags=[ core.CfnTag(key="Name", value=prefix+' IGW') ] ) igw_attachment = ec2.CfnVPCGatewayAttachment( self, "igw_attachment", vpc_id=self.vpc.ref, internet_gateway_id=igw.ref ) dhcpoptions = ec2.CfnDHCPOptions( self, "dhcpoptions", domain_name="ec2.internal "+prefix, domain_name_servers=["AmazonProvidedDNS"], tags=[ core.CfnTag(key="Name", value=prefix) ] ) dhcpoptionsassociation = ec2.CfnVPCDHCPOptionsAssociation( self, "dhcpoptionsassociation", dhcp_options_id=dhcpoptions.ref, vpc_id=self.vpc.ref ) # PrivateSubnetA # private_subnet_a = ec2.CfnSubnet( # self, "private_a", # vpc_id=vpc.ref, # cidr_block="192.168.0.0/24", # availability_zone="ap-northeast-1a", # tags=[ # core.CfnTag(key="Name", value=name("private_a")) # ] # ) # PrivateSubnetC # private_subnet_c = ec2.CfnSubnet( # self, "private_c", # vpc_id=vpc.ref, # cidr_block="192.168.1.0/24", # availability_zone="ap-northeast-1c", # tags=[ # core.CfnTag(key="Name", value=name("private_c")) # ] # ) # PublicSubnetA self.public_subnet_a = ec2.CfnSubnet( self, "public_a", vpc_id=self.vpc.ref, cidr_block="192.168.0.0/20", # availability_zone="ap-northeast-1a", map_public_ip_on_launch=True, availability_zone="us-east-1a", tags=[ core.CfnTag(key="Name", value=prefix+" public_a") ] ) # PublicSubnetC self.public_subnet_c = ec2.CfnSubnet( self, "public_c", vpc_id=self.vpc.ref, cidr_block="192.168.16.0/20", map_public_ip_on_launch=True, availability_zone="us-east-1c", tags=[ core.CfnTag(key="Name", value=prefix+" public_c") ] ) self.public_subnet_d = ec2.CfnSubnet( self, "public_d", vpc_id=self.vpc.ref, cidr_block="192.168.32.0/20", map_public_ip_on_launch=True, availability_zone="us-east-1d", tags=[ core.CfnTag(key="Name", value=prefix+" public_d") ] ) # EIP1 (for NATGW) # eip1 = ec2.CfnEIP( # self, "eip1", # domain="vpc", # ) # eip1.add_depends_on(igw_attachment) # EIP2 (for NATGW) # eip2 = ec2.CfnEIP( # self, "eip2", # domain="vpc", # ) # eip2.add_depends_on(igw_attachment) # NatGatewayA # natgw_a = ec2.CfnNatGateway( # self, "natgw_a", # allocation_id=eip1.attr_allocation_id, # subnet_id=self.public_subnet_a.ref, # tags=[ # core.CfnTag(key="Name", value=name("natgw_a")) # ] # ) # NatGatewayC # natgw_c = ec2.CfnNatGateway( # self, "natgw_c", # allocation_id=eip2.attr_allocation_id, # subnet_id=public_subnet_c.ref, # tags=[ # core.CfnTag(key="Name", value=name("natgw_c")) # ] # ) # RouteTable of PrivateSubnetA # rtb_private_a = ec2.CfnRouteTable( # self, "rtb_private_a", # vpc_id=vpc.ref, # tags=[ # core.CfnTag(key="Name", value=name("rtb_private_a")) # ] # ) # ec2.CfnSubnetRouteTableAssociation( # self, "rtb_private_a_association", # route_table_id=rtb_private_a.ref, # subnet_id=private_subnet_a.ref # ) # ec2.CfnRoute( # self, "route_private_a", # route_table_id=rtb_private_a.ref, # destination_cidr_block="0.0.0.0/0", # nat_gateway_id=natgw_a.ref # ) # RouteTable of PrivateSubnetC # rtb_private_c = ec2.CfnRouteTable( # self, "rtb_private_c", # vpc_id=vpc.ref, # tags=[ # core.CfnTag(key="Name", value=name("rtb_private_c")) # ] # ) # ec2.CfnSubnetRouteTableAssociation( # self, "rtb_private_c_association", # route_table_id=rtb_private_c.ref, # subnet_id=private_subnet_c.ref # ) # ec2.CfnRoute( # self, "route_private_c", # route_table_id=rtb_private_c.ref, # destination_cidr_block="0.0.0.0/0", # nat_gateway_id=natgw_c.ref # ) # RouteTable of PublicSubnetA self.rtb_public_a = ec2.CfnRouteTable( self, "rtb_public_a", vpc_id=self.vpc.ref, tags=[ core.CfnTag(key="Name", value=prefix+" rtb_public_a") ] ) ec2.CfnSubnetRouteTableAssociation( self, "rtb_public_a_association", route_table_id=self.rtb_public_a.ref, subnet_id=self.public_subnet_a.ref ) ec2.CfnSubnetRouteTableAssociation( self, "rtb_public_c_association", route_table_id=self.rtb_public_a.ref, subnet_id=self.public_subnet_c.ref ) ec2.CfnSubnetRouteTableAssociation( self, "rtb_public_d_association", route_table_id=self.rtb_public_a.ref, subnet_id=self.public_subnet_d.ref ) ec2.CfnRoute( self, "route_public_a", route_table_id=self.rtb_public_a.ref, destination_cidr_block="0.0.0.0/0", gateway_id=igw.ref ) # RouteTable of PublicSubnetC # rtb_public_c = ec2.CfnRouteTable( # self, "rtb_public_c", # vpc_id=vpc.ref, # tags=[ # core.CfnTag(key="Name", value=name("rtb_public_c")) # ] # ) # ec2.CfnSubnetRouteTableAssociation( # self, "rtb_public_c_association", # route_table_id=rtb_public_c.ref, # subnet_id=public_subnet_c.ref # ) # ec2.CfnRoute( # self, "route_public_c", # route_table_id=rtb_public_c.ref, # destination_cidr_block="0.0.0.0/0", # gateway_id=igw.ref # ) # ami_id = ec2.AmazonLinuxImage(generation = ec2.AmazonLinuxGeneration.AMAZON_LINUX_2).get_image(self).image_id # security_group = ec2.SecurityGroup( # self, # id='test', # vpc=self.vpc, # security_group_name='test-security-group' # ) # security_group.add_ingress_rule( # peer=ec2.Peer.ipv4(cidr), # connection=ec2.Port.tcp(22), # ) # test_web = ec2.CfnInstance(self, # "testInstance01", # image_id = ami_id, # instance_type = "t3a.micro", # monitoring = False, # key_name = "stg-intrinio-www01", # security_group_ids=[security_group.security_group_id], # block_device_mappings = [{ # "deviceName": "/dev/xvda", # "ebs": { # "volumeSize": 10, # "volumeType": "io1", # "iops": 150, # "deleteOnTermination": True # } # } # ], # tags = [ # { "key": "Name", "value": prefix } # ], # network_interfaces = [{ # "deviceIndex": "0", # "associatePublicIpAddress": True, # "subnetId": self.public_subnet_a.ref, # # "groupSet": [web_sg.security_group_id] # }], #https: //github.com/aws/aws-cdk/issues/3419 # ) core.CfnOutput(self, "Output", value=self.vpc.ref)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) self._ip_range = 0 # Crete a custom VPC id = hashlib.md5(f'VPC'.encode()).hexdigest() vpc = _ec2.CfnVPC( self, f'vpc-{id}', cidr_block='10.0.0.0/16', enable_dns_hostnames=True, enable_dns_support=True, instance_tenancy=None, tags=[{'key': 'Name', 'value': 'My Lab VPC'}] ) # TODO IPv6WorkAround for subnet cidr allocation. # https://github.com/aws/aws-cdk/issues/894#issuecomment-606140766 id = hashlib.md5(f'ipv6cidrblock'.encode()).hexdigest() assign_ipv6 = _ec2.CfnVPCCidrBlock(self, f'ipv6cidr-{id}', vpc_id=vpc.ref, amazon_provided_ipv6_cidr_block=True) # Create an Internet Gateway and attach it to the VPC id = hashlib.md5(f'IGWVPC'.encode()).hexdigest() igw = _ec2.CfnInternetGateway(self, id=f'igw-{id}', tags=[ {'key': 'Name', 'value': 'My Lab IGW'}] ) igw_vpc_attach = _ec2.CfnVPCGatewayAttachment(self, id=f'IGWVPCAttach-{id}', vpc_id=vpc.ref, internet_gateway_id=igw.ref) # Need to create 3 subnets per tier and attach it to custom route table for sub_type in ["web", "reserved", "db"]: id = hashlib.md5(f'RouteTable-{sub_type}'.encode()).hexdigest() route_table = _ec2.CfnRouteTable(self, f'rtb-{id}', vpc_id=vpc.ref, tags=[ {'key': 'Name', 'value': f'RouteTable-{sub_type}'}]) # Create Route to internet via IGW for Web Subnets if sub_type == 'web': route_to_internet = _ec2.CfnRoute(self, f'routetointernet-{id}', route_table_id=route_table.ref, destination_cidr_block='0.0.0.0/0', gateway_id=igw.ref) for i in range(0, 3): id = hashlib.md5(f'Subnet-{sub_type}{i}'.encode()).hexdigest() subnet = _ec2.CfnSubnet( self, id=f'subnet-{id}', cidr_block=f'10.0.{self._ip_range}.0/20', vpc_id=vpc.ref, availability_zone=core.Fn.select( i, core.Fn.get_azs(core.Aws.REGION)), tags=[ {'key': 'Name', 'value': f'Subnet-{sub_type}{i + 1}'}]) self._ip_range = self._ip_range + 16 # Associate subnets with RouteTable id = hashlib.md5( f'RouteTableAssoc-{sub_type}{i}'.encode()).hexdigest() route_table_association = _ec2.CfnSubnetRouteTableAssociation( self, f'rtbassoc-{id}', route_table_id=route_table.ref, subnet_id=subnet.ref, )
def __init__(self, scope: core.Construct, id: str, vpc_ip: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) if vpc_ip: print("VPC_IP " + vpc_ip) cidr = vpc_ip else: cidr = "10.0.0.0/16" # 01. VPC 생성 cfVpc = ec2.CfnVPC(self, "VPC", cidr_block=cidr, tags=[core.Tag(key="Name", value="CDKVPC")]) # 02. Subnet 생성 subnet_2a = ec2.CfnSubnet( self, id="subnet_2a", availability_zone="ap-northeast-2a", cidr_block="100.0.1.0/24", map_public_ip_on_launch=True, vpc_id=cfVpc.ref, tags=[core.Tag(key="Name", value="subnet-2a")]) subnet_2c = ec2.CfnSubnet( self, id="subnet_2c", availability_zone="ap-northeast-2c", cidr_block="100.0.2.0/24", map_public_ip_on_launch=True, vpc_id=cfVpc.ref, tags=[core.Tag(key="Name", value="subnet-2c")]) # 03. Internet Gateway 생성 internet_gateway = ec2.CfnInternetGateway( self, id="Internet_Gateway_DNS_Example", tags=[core.Tag(key="Name", value="Internet_Gateway_for_DNS")]) # 04. Internat Gateway Attach ec2.CfnVPCGatewayAttachment(self, id="vpcgw", vpc_id=cfVpc.ref, internet_gateway_id=internet_gateway.ref) #05. Route Table 생성 route_table = ec2.CfnRouteTable( self, id="dns_example_routetable", vpc_id=cfVpc.ref, tags=[core.Tag(key="Name", value="Route_for_DNS")]) #Route ec2.CfnRoute(self, id="IGW_Route", route_table_id=route_table.ref, destination_cidr_block="0.0.0.0/0", gateway_id=internet_gateway.ref) ec2.CfnSubnetRouteTableAssociation(self, id="DnsSubnet_Associate_2a", route_table_id=route_table.ref, subnet_id=subnet_2a.ref) ec2.CfnSubnetRouteTableAssociation(self, id="DnsSubnet_Associate_2c", route_table_id=route_table.ref, subnet_id=subnet_2c.ref) # 03. SG 생성 sg = ec2.CfnSecurityGroup(self, id="sg-ssh", vpc_id=cfVpc.ref, group_description="Default Group", tags=[core.Tag(key="Name", value="DNS_SG")]) #security_group_ingress=[ingress_ssh]) #security_group_egress=[egress_all]) ingress_ssh = ec2.CfnSecurityGroupIngress(self, "SSH", ip_protocol="tcp", group_id=sg.ref, from_port=22, to_port=22, cidr_ip="0.0.0.0/0") egress_all = ec2.CfnSecurityGroupEgress( self, id="OUTBOUND", group_id=sg.ref, ip_protocol="-1", #from_port=0, #to_port=65535, cidr_ip="0.0.0.0/0") # 04. DNS Server EC2 생성 dns_server = ec2.MachineImage.generic_linux( {"ap-northeast-2": "ami-00d293396a942208d"}) ec2.CfnInstance(self, id="dns_master", image_id=dns_server.get_image(self).image_id, instance_type="t2.small", key_name="SeoulRegion", security_group_ids=[sg.ref], subnet_id=subnet_2a.ref, tags=[{ "key": "Name", "value": "dns_master" }]) ec2.CfnInstance(self, id="dns_slave", image_id=dns_server.get_image(self).image_id, instance_type="t2.small", key_name="SeoulRegion", security_group_ids=[sg.ref], subnet_id=subnet_2c.ref, tags=[{ "key": "Name", "value": "dns_slave" }])
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) # IAMロールを作成 my_role_ec2 = iam.CfnRole( self, id="my-role-ec2", assume_role_policy_document={ "Version": "2012-10-17", "Statement": [{ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" } }] }, description="the ec2 role", managed_policy_arns=[ # "arn:aws:iam::aws:policy/AmazonS3FullAccess" # 付与したいアクセス権をリストする ], role_name="my-role-ec2", tags=[{ "key": "Name", "value": "my-role-ec2" }]) # Instance Profileを作成 my_instance_profile = iam.CfnInstanceProfile(self, id="my-instance-profile", roles=[my_role_ec2.ref]) # VPCを作成 my_vpc = ec2.CfnVPC(self, id="my-vpc", cidr_block="192.168.0.0/16", enable_dns_hostnames=True, tags=[{ "key": "Name", "value": "my-vpc" }]) # Subnetを作成 my_subnet_1 = ec2.CfnSubnet(self, id="my-subnet", cidr_block="192.168.0.0/24", vpc_id=my_vpc.ref, availability_zone=core.Fn.select( 0, core.Fn.get_azs("")), tags=[{ "key": "Name", "value": "my-subnet-1" }]) # Internet Gatewayを作成 my_igw = ec2.CfnInternetGateway(self, id="my-igw", tags=[{ "key": "Name", "value": "my-igw" }]) # Internet Gatewayをアタッチ ec2.CfnVPCGatewayAttachment(self, id="my-igw-attachment", vpc_id=my_vpc.ref, internet_gateway_id=my_igw.ref) # Routetableを作成 my_rtb = ec2.CfnRouteTable(self, id="my-rtb", vpc_id=my_vpc.ref, tags=[{ "key": "Name", "value": "my-rtb" }]) # Routetableとサブネットの関連付け ec2.CfnSubnetRouteTableAssociation(self, id="my-rtb-association", route_table_id=my_rtb.ref, subnet_id=my_subnet_1.ref) # Routeの設定 my_rt = ec2.CfnRoute(self, id="my-rt", route_table_id=my_rtb.ref, destination_cidr_block="0.0.0.0/0", gateway_id=my_igw.ref) # Security Groupの作成 my_sg_ec2 = ec2.CfnSecurityGroup( self, id="my-sg-ec2", vpc_id=my_vpc.ref, group_description="my-sg-ec2", group_name="my-sg-ec2", security_group_ingress=[ ec2.CfnSecurityGroup.IngressProperty(ip_protocol="tcp", cidr_ip="0.0.0.0/0", from_port=22, to_port=22) ], tags=[{ "key": "Name", "value": "my-sg-ec2" }]) # AMIを指定してimage_idを取得 amzn_linux = ec2.MachineImage.latest_amazon_linux( generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX, edition=ec2.AmazonLinuxEdition.STANDARD, virtualization=ec2.AmazonLinuxVirt.HVM, storage=ec2.AmazonLinuxStorage.GENERAL_PURPOSE, cpu_type=ec2.AmazonLinuxCpuType.X86_64).get_image(self).image_id # EC2を作成 my_ec2 = ec2.CfnInstance( self, id="my-ec2", availability_zone=core.Fn.select(0, core.Fn.get_azs("")), block_device_mappings=[ ec2.CfnInstance.BlockDeviceMappingProperty( device_name="/dev/sda1", ebs=ec2.CfnInstance.EbsProperty(delete_on_termination=True, encrypted=False, volume_size=10, volume_type="gp2")) ], credit_specification=ec2.CfnInstance.CreditSpecificationProperty( cpu_credits="standard"), iam_instance_profile=my_instance_profile.ref, image_id=amzn_linux, instance_type="t2.micro", security_group_ids=[my_sg_ec2.ref], subnet_id=my_subnet_1.ref, tags=[{ "key": "Name", "value": "my-ec2" }])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) prefix = "test" cidr = "192.168.0.0/16" # def name(s): return "{0}/{1}".format(prefix, s) def name(s): return "{0} {1}".format(prefix, s) # VPC self.vpc = ec2.CfnVPC(self, "vpc", cidr_block=cidr, enable_dns_hostnames=True, enable_dns_support=True, tags=[core.CfnTag(key="Name", value=prefix)]) # InternetGateway igw = ec2.CfnInternetGateway( self, "igw", tags=[core.CfnTag(key="Name", value=prefix)]) igw_attachment = ec2.CfnVPCGatewayAttachment( self, "igw_attachment", vpc_id=self.vpc.ref, internet_gateway_id=igw.ref) dhcpoptions = ec2.CfnDHCPOptions( self, "dhcpoptions", domain_name="ec2.internal " + prefix, domain_name_servers=["AmazonProvidedDNS"], tags=[core.CfnTag(key="Name", value=prefix)]) dhcpoptionsassociation = ec2.CfnVPCDHCPOptionsAssociation( self, "dhcpoptionsassociation", dhcp_options_id=dhcpoptions.ref, vpc_id=self.vpc.ref) # PrivateSubnetA # private_subnet_a = ec2.CfnSubnet( # self, "private_a", # vpc_id=vpc.ref, # cidr_block="192.168.0.0/24", # availability_zone="ap-northeast-1a", # tags=[ # core.CfnTag(key="Name", value=name("private_a")) # ] # ) # PrivateSubnetC # private_subnet_c = ec2.CfnSubnet( # self, "private_c", # vpc_id=vpc.ref, # cidr_block="192.168.1.0/24", # availability_zone="ap-northeast-1c", # tags=[ # core.CfnTag(key="Name", value=name("private_c")) # ] # ) # PublicSubnetA self.public_subnet_a = ec2.CfnSubnet( self, "public_a", vpc_id=self.vpc.ref, cidr_block="192.168.0.0/20", # availability_zone="ap-northeast-1a", availability_zone="us-east-1a", tags=[core.CfnTag(key="Name", value=prefix + " public_a")]) # PublicSubnetC self.public_subnet_c = ec2.CfnSubnet( self, "public_c", vpc_id=self.vpc.ref, cidr_block="192.168.16.0/20", availability_zone="us-east-1c", tags=[core.CfnTag(key="Name", value=prefix + " public_c")]) self.public_subnet_d = ec2.CfnSubnet( self, "public_d", vpc_id=self.vpc.ref, cidr_block="192.168.32.0/20", availability_zone="us-east-1d", tags=[core.CfnTag(key="Name", value=prefix + " public_d")]) # EIP1 (for NATGW) # eip1 = ec2.CfnEIP( # self, "eip1", # domain="vpc", # ) # eip1.add_depends_on(igw_attachment) # EIP2 (for NATGW) # eip2 = ec2.CfnEIP( # self, "eip2", # domain="vpc", # ) # eip2.add_depends_on(igw_attachment) # NatGatewayA # natgw_a = ec2.CfnNatGateway( # self, "natgw_a", # allocation_id=eip1.attr_allocation_id, # subnet_id=self.public_subnet_a.ref, # tags=[ # core.CfnTag(key="Name", value=name("natgw_a")) # ] # ) # NatGatewayC # natgw_c = ec2.CfnNatGateway( # self, "natgw_c", # allocation_id=eip2.attr_allocation_id, # subnet_id=public_subnet_c.ref, # tags=[ # core.CfnTag(key="Name", value=name("natgw_c")) # ] # ) # RouteTable of PrivateSubnetA # rtb_private_a = ec2.CfnRouteTable( # self, "rtb_private_a", # vpc_id=vpc.ref, # tags=[ # core.CfnTag(key="Name", value=name("rtb_private_a")) # ] # ) # ec2.CfnSubnetRouteTableAssociation( # self, "rtb_private_a_association", # route_table_id=rtb_private_a.ref, # subnet_id=private_subnet_a.ref # ) # ec2.CfnRoute( # self, "route_private_a", # route_table_id=rtb_private_a.ref, # destination_cidr_block="0.0.0.0/0", # nat_gateway_id=natgw_a.ref # ) # RouteTable of PrivateSubnetC # rtb_private_c = ec2.CfnRouteTable( # self, "rtb_private_c", # vpc_id=vpc.ref, # tags=[ # core.CfnTag(key="Name", value=name("rtb_private_c")) # ] # ) # ec2.CfnSubnetRouteTableAssociation( # self, "rtb_private_c_association", # route_table_id=rtb_private_c.ref, # subnet_id=private_subnet_c.ref # ) # ec2.CfnRoute( # self, "route_private_c", # route_table_id=rtb_private_c.ref, # destination_cidr_block="0.0.0.0/0", # nat_gateway_id=natgw_c.ref # ) # RouteTable of PublicSubnetA self.rtb_public_a = ec2.CfnRouteTable( self, "rtb_public_a", vpc_id=self.vpc.ref, tags=[core.CfnTag(key="Name", value=prefix + "rtb_public_a")]) ec2.CfnSubnetRouteTableAssociation( self, "rtb_public_a_association", route_table_id=self.rtb_public_a.ref, subnet_id=self.public_subnet_a.ref) ec2.CfnSubnetRouteTableAssociation( self, "rtb_public_c_association", route_table_id=self.rtb_public_a.ref, subnet_id=self.public_subnet_c.ref) ec2.CfnSubnetRouteTableAssociation( self, "rtb_public_d_association", route_table_id=self.rtb_public_a.ref, subnet_id=self.public_subnet_d.ref) ec2.CfnRoute(self, "route_public_a", route_table_id=self.rtb_public_a.ref, destination_cidr_block="0.0.0.0/0", gateway_id=igw.ref) # RouteTable of PublicSubnetC # rtb_public_c = ec2.CfnRouteTable( # self, "rtb_public_c", # vpc_id=vpc.ref, # tags=[ # core.CfnTag(key="Name", value=name("rtb_public_c")) # ] # ) # ec2.CfnSubnetRouteTableAssociation( # self, "rtb_public_c_association", # route_table_id=rtb_public_c.ref, # subnet_id=public_subnet_c.ref # ) # ec2.CfnRoute( # self, "route_public_c", # route_table_id=rtb_public_c.ref, # destination_cidr_block="0.0.0.0/0", # gateway_id=igw.ref # ) # ami_id = ec2.AmazonLinuxImage(generation = ec2.AmazonLinuxGeneration.AMAZON_LINUX_2).get_image(self).image_id # security_group = ec2.SecurityGroup( # self, # id='test', # vpc=self.vpc, # security_group_name='test-security-group' # ) # security_group.add_ingress_rule( # peer=ec2.Peer.ipv4(cidr), # connection=ec2.Port.tcp(22), # ) # red_web_inst = ec2.CfnInstance(self, # "testInstance01", # image_id = ami_id, # instance_type = "t3a.micro", # monitoring = False, # key_name = "stg-intrinio-www01", # security_group_ids=[security_group.security_group_id], # block_device_mappings = [{ # "deviceName": "/dev/xvda", # "ebs": { # "volumeSize": 10, # "volumeType": "io1", # "iops": 150, # "deleteOnTermination": True # } # } # ], # tags = [ # { "key": "Name", "value": prefix } # ], # network_interfaces = [{ # "deviceIndex": "0", # "associatePublicIpAddress": True, # "subnetId": self.public_subnet_a.ref, # # "groupSet": [web_sg.security_group_id] # }], #https: //github.com/aws/aws-cdk/issues/3419 # ) # RedisSecurityGroup redis_security_group = ec2.CfnSecurityGroup( self, "RedisSecurityGroup", group_name="stg-test-redis01", group_description="HTTP traffic", vpc_id=self.vpc.ref, security_group_ingress=[{ "ipProtocol": "tcp", "fromPort": 6379, "toPort": 6379, "cidrIp": "192.168.0.0/16" }], security_group_egress=[{ "ipProtocol": "tcp", "fromPort": 0, "toPort": 65535, "cidrIp": "0.0.0.0/0" }], ) # MyDBSubnetGroup redis_subnet_group = redis.CfnSubnetGroup( self, "RedisSubnetGroup", cache_subnet_group_name="stg-test-redis01", description="stg-test-redis01", subnet_ids=[ self.public_subnet_a.ref, self.public_subnet_c.ref, self.public_subnet_d.ref ]) redis_params = { 'auto_minor_version_upgrade': True, 'engine': 'redis', 'at_rest_encryption_enabled': True, 'automatic_failover_enabled': False, 'engine_version': '4.0.10', 'cache_node_type': 'cache.t3.micro', 'num_cache_clusters': 1, 'replication_group_description': "stg-test-redis01", 'security_group_ids': [redis_security_group.ref], 'cache_subnet_group_name': redis_subnet_group.ref } self.redis = redis.CfnReplicationGroup(self, 'staff-redis', **redis_params) core.CfnOutput(self, "OutputVpc", value=self.vpc.ref) core.CfnOutput(self, "OutputRedis", value=self.redis.ref)