def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
CfnVPC=aws_ec2.CfnVPC(self,
'CfnVPC',
cidr_block='10.0.0.0/16',
enable_dns_hostnames=True,
enable_dns_support=True,
instance_tenancy='default',
tags=[core.CfnTag(key='Name',value='vpc')]
)
core.CfnOutput(self, 'CfnVPCid', value=CfnVPC.ref, export_name='CfnVPCid')
CfnSubnet=aws_ec2.CfnSubnet(self,
'CfnSubnet',
cidr_block='10.0.0.0/24',
vpc_id=CfnVPC.ref,
availability_zone='ap-northeast-1a',
tags=[core.CfnTag(key='Name',value='CfnSubnet')]
)
core.CfnOutput(self, 'CfnSubnetid', value=CfnSubnet.ref, export_name='CfnSubnetid')
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
# vpc network
vpc = aws_ec2.CfnVPC(self, 'vpc', cidr_block='10.0.0.0/16', enable_dns_hostnames=True, enable_dns_support=True, instance_tenancy='default', tags=[core.CfnTag(key='Name',value='vpc')])
internetgateway = aws_ec2.CfnInternetGateway(self, 'internetgateway', tags=[core.CfnTag(key='Name',value='internetgateway')])
aws_ec2.CfnVPCGatewayAttachment(self, 'VPCGatewayAttachment', vpc_id=vpc.ref, internet_gateway_id=internetgateway.ref)
# public network
publicsubnet01 = aws_ec2.CfnSubnet(self, 'publicsubnet01', cidr_block='10.0.0.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name',value='publicsubnet01')])
publicsubnet02 = aws_ec2.CfnSubnet(self, 'publicsubnet02', cidr_block='10.0.1.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name',value='publicsubnet02')])
publicsubnet03 = aws_ec2.CfnSubnet(self, 'publicsubnet03', cidr_block='10.0.2.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name',value='publicsubnet03')])
publicroutetable01 = aws_ec2.CfnRouteTable(self, 'publicroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='publicroutetable01')])
publicroutetable02 = aws_ec2.CfnRouteTable(self, 'publicroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='publicroutetable02')])
publicroutetable03 = aws_ec2.CfnRouteTable(self, 'publicroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='publicroutetable03')])
aws_ec2.CfnRoute(self, 'publicroute01', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable01.ref,)
aws_ec2.CfnRoute(self, 'publicroute02', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable02.ref)
aws_ec2.CfnRoute(self, 'publicroute03', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable03.ref)
aws_ec2.CfnSubnetRouteTableAssociation(self, 'publicsubnetroutetableassociation01', route_table_id=publicroutetable01.ref, subnet_id=publicsubnet01.ref)
aws_ec2.CfnSubnetRouteTableAssociation(self, 'publicsubnetroutetableassociation02', route_table_id=publicroutetable02.ref, subnet_id=publicsubnet02.ref)
aws_ec2.CfnSubnetRouteTableAssociation(self, 'publicsubnetroutetableassociation03', route_table_id=publicroutetable03.ref, subnet_id=publicsubnet03.ref)
# private network
privatesubnet01 = aws_ec2.CfnSubnet(self, 'privatesubnet01', cidr_block='10.0.11.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name',value='privatesubnet01')])
privatesubnet02 = aws_ec2.CfnSubnet(self, 'privatesubnet02', cidr_block='10.0.12.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name',value='privatesubnet02')])
privatesubnet03 = aws_ec2.CfnSubnet(self, 'privatesubnet03', cidr_block='10.0.13.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name',value='privatesubnet03')])
privateroutetable01 = aws_ec2.CfnRouteTable(self, 'privateroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='privateroutetable01')])
privateroutetable02 = aws_ec2.CfnRouteTable(self, 'privateroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='privateroutetable02')])
privateroutetable03 = aws_ec2.CfnRouteTable(self, 'privateroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='privateroutetable03')])
aws_ec2.CfnSubnetRouteTableAssociation(self, 'privatesubnetroutetableassociation01', route_table_id=privateroutetable01.ref, subnet_id=privatesubnet01.ref)
aws_ec2.CfnSubnetRouteTableAssociation(self, 'privatesubnetroutetableassociation02', route_table_id=privateroutetable02.ref, subnet_id=privatesubnet02.ref)
aws_ec2.CfnSubnetRouteTableAssociation(self, 'privatesubnetroutetableassociation03', route_table_id=privateroutetable03.ref, subnet_id=privatesubnet03.ref)
eip01 = aws_ec2.CfnEIP(self, 'eip01', tags=[core.CfnTag(key='Name',value='eip01')])
eip02 = aws_ec2.CfnEIP(self, 'eip02', tags=[core.CfnTag(key='Name',value='eip02')])
eip03 = aws_ec2.CfnEIP(self, 'eip03', tags=[core.CfnTag(key='Name',value='eip03')])
natgateway01 = aws_ec2.CfnNatGateway(self, 'natgateway01', allocation_id=eip01.attr_allocation_id, subnet_id=publicsubnet01.ref, tags=[core.CfnTag(key='Name',value='natgateway01')])
natgateway02 = aws_ec2.CfnNatGateway(self, 'natgateway02', allocation_id=eip02.attr_allocation_id, subnet_id=publicsubnet02.ref, tags=[core.CfnTag(key='Name',value='natgateway02')])
natgateway03 = aws_ec2.CfnNatGateway(self, 'natgateway03', allocation_id=eip03.attr_allocation_id, subnet_id=publicsubnet03.ref, tags=[core.CfnTag(key='Name',value='natgateway03')])
aws_ec2.CfnRoute(self, 'privateroute01', destination_cidr_block='0.0.0.0/0' ,nat_gateway_id=natgateway01.ref, route_table_id=privateroutetable01.ref)
aws_ec2.CfnRoute(self, 'privateroute02', destination_cidr_block='0.0.0.0/0' ,nat_gateway_id=natgateway02.ref, route_table_id=privateroutetable02.ref)
aws_ec2.CfnRoute(self, 'privateroute03', destination_cidr_block='0.0.0.0/0' ,nat_gateway_id=natgateway03.ref, route_table_id=privateroutetable03.ref)
# isolate network
isolatesubnet01 = aws_ec2.CfnSubnet(self, 'isolatesubnet01', cidr_block='10.0.21.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name',value='isolatesubnet01')])
isolatesubnet02 = aws_ec2.CfnSubnet(self, 'isolatesubnet02', cidr_block='10.0.22.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name',value='isolatesubnet02')])
isolatesubnet03 = aws_ec2.CfnSubnet(self, 'isolatesubnet03', cidr_block='10.0.23.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name',value='isolatesubnet03')])
isolateroutetable01 = aws_ec2.CfnRouteTable(self, 'isolateroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='isolateroutetable01')])
isolateroutetable02 = aws_ec2.CfnRouteTable(self, 'isolateroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='isolateroutetable02')])
isolateroutetable03 = aws_ec2.CfnRouteTable(self, 'isolateroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='isolateroutetable03')])
aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation01', route_table_id=isolateroutetable01.ref, subnet_id=isolatesubnet01.ref)
aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation02', route_table_id=isolateroutetable02.ref, subnet_id=isolatesubnet02.ref)
aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation03', route_table_id=isolateroutetable03.ref, subnet_id=isolatesubnet03.ref)
def __init__(self, scope: core.Construct, id: str, env, instance_id) -> None:
super().__init__(scope, id, env=env)
self.instance_id = instance_id
# pelican.com ACM cert
self.sel_cert_arn = "arn:aws:acm:us-east-2:111111111111:certificate/b8299bf5-ae3b-4f69-a696-f1d839428f5f"
self.vpc = ec2.Vpc.from_vpc_attributes(
self, "VPC", vpc_id='vpc-44a44b44',
availability_zones=['us-east-2a', 'us-east-2c'],
public_subnet_ids=['subnet-bbbbbbbb', 'subnet-cccccccc'])
self.target = elbv2.InstanceTarget(instance_id=instance_id)
self.lb = elbv2.CfnLoadBalancer(
scope=self,
id='LB',
ip_address_type='ipv4',
name='pelican-alb',
security_groups=['sg-13a02c7a', 'sg-12a02c7b', 'sg-3bb23e52', 'sg-14a02c7d'],
type='application',
scheme='internet-facing',
subnets=['subnet-bbbbbbbb', 'subnet-cccccccc'],
tags=[core.CfnTag(key='env', value='dev')],
load_balancer_attributes=[elbv2.CfnLoadBalancer.LoadBalancerAttributeProperty(
key='idle_timeout.timeout_seconds',
value='180'
)]
)
core.Tag.add(self.lb, key='cfn.single-env.stack', value='alb-stack')
self.alb_dns = self.lb.attr_dns_name
self.listener_443 = None
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id)
self._id = id
self._vpc_id = kwargs['vpc_id']
self._tags = kwargs['tags']
try:
kwargs['tags']
except:
self._tags_wk = None
else:
self._tags_wk = [
core.CfnTag(key=kwargs['tags'][i]['key'],
value=kwargs['tags'][i]['value'])
if kwargs['tags'] else None for i in range(len(kwargs['tags']))
]
self._internetgateway = aws_ec2.CfnInternetGateway(self,
self._id,
tags=self._tags_wk)
aws_ec2.CfnVPCGatewayAttachment(
self,
'VPCGatewayAttachment',
vpc_id=self._vpc_id.ref,
internet_gateway_id=self._internetgateway.ref,
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id)
self._id = id
try: kwargs['cidr_block']
except: self._cidr_block = None
else: self._cidr_block = kwargs['cidr_block']
try: kwargs['enable_dns_hostnames']
except: self._enable_dns_hostnames = None
else: self._enable_dns_hostnames = kwargs['enable_dns_hostnames']
try: kwargs['enable_dns_support']
except: self._enable_dns_support = None
else: self._enable_dns_support = kwargs['enable_dns_support']
try: kwargs['instance_tenancy']
except: self._instance_tenancy = None
else: self._instance_tenancy = kwargs['instance_tenancy']
try: kwargs['tags']
except: self._tags_wk = None
else: self._tags_wk = [core.CfnTag(key=kwargs['tags'][i]['key'] ,value=kwargs['tags'][i]['value']) if kwargs['tags'] else None for i in range(len(kwargs['tags']))]
self._vpc = aws_ec2.CfnVPC(self,
self._id,
cidr_block = self._cidr_block,
enable_dns_hostnames = self._enable_dns_hostnames,
enable_dns_support = self._enable_dns_support,
instance_tenancy = self._instance_tenancy,
tags = self._tags_wk
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# launchtemplate
# https://aws.amazon.com/marketplace/pp/B00O7WM7QW ami-06a46da680048c8ae
template01=aws_ec2.CfnLaunchTemplate(self, 'template01',
launch_template_data={'imageId':'ami-06a46da680048c8ae',
'blockDeviceMappings':[{'deviceName':'/dev/sda1','ebs':{'deleteOnTermination':True, 'volumeSize':20, 'volumeType':'gp2'}}],
'securityGroupIds':[core.Fn.import_value('publicsecuritygroup01')],
'instanceType':'t3.micro'},
launch_template_name='public01')
template02=aws_ec2.CfnLaunchTemplate(self, 'template02',
launch_template_data={'imageId':'ami-06a46da680048c8ae',
'blockDeviceMappings':[{'deviceName':'/dev/sda1','ebs':{'deleteOnTermination':True, 'volumeSize':20, 'volumeType':'gp2'}}],
'securityGroupIds':[core.Fn.import_value('privatesecuritygroup01')],
'instanceType':'t3.micro'},
launch_template_name='private01')
# public instance
instance01=aws_ec2.CfnInstance(self, 'instance01',
launch_template={'launchTemplateId': template01.ref, 'version': template01.attr_latest_version_number},
key_name='aws-example-key',
subnet_id=core.Fn.import_value('publicsubnet01'))
aws_ec2.CfnEIP(self, 'eip',
domain='vpc',
instance_id=instance01.ref,
tags=[core.CfnTag(key='Name', value='eip01')])
# private instance
aws_ec2.CfnInstance(self, 'instance02',
launch_template={'launchTemplateId': template02.ref, 'version': template01.attr_latest_version_number},
key_name='aws-example-key',
subnet_id=core.Fn.import_value('publicsubnet02'))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id)
self._id = id
self._cidr_block = kwargs['cidr_block']
self._vpc_id = kwargs['vpc_id']
self._availability_zone = kwargs['availability_zone']
try:
kwargs['tags']
except:
self._tags_wk = None
else:
self._tags_wk = [
core.CfnTag(key=kwargs['tags'][i]['key'],
value=kwargs['tags'][i]['value'])
if kwargs['tags'] else None for i in range(len(kwargs['tags']))
]
self._subnet = aws_ec2.CfnSubnet(
self,
self._id,
cidr_block=self._cidr_block,
vpc_id=self._vpc_id.ref,
availability_zone=self._availability_zone,
tags=self._tags_wk)
def create_privagte_route_table(
scope: core.Construct, vpc: aws_ec2.CfnVPC,
nat_gateway: aws_ec2.CfnNatGateway) -> aws_ec2.CfnRouteTable:
prefix = scope.node.try_get_context("prefix")
az_name = [
tag['value'] for tag in nat_gateway.tags.render_tags()
if tag['key'] == 'Name'
].pop()
az_end = az_name[-2:]
route_table = aws_ec2.CfnRouteTable(
scope,
f'{prefix}-route-table-nat-{az_end}',
vpc_id=vpc.ref,
tags=[core.CfnTag(
key='Name',
value=f'{prefix}-route-table-nat',
)],
)
aws_ec2.CfnRoute(
scope,
f'{prefix}-route-nat-{az_end}',
route_table_id=route_table.ref,
destination_cidr_block='0.0.0.0/0',
nat_gateway_id=nat_gateway.ref,
)
return route_table
def __init__(self, scope:core.Construct, id:str, landing_zone:LandingZone, peers:List[LandingZone], amazon_asn:int, **kwargs):
"""
Configure the Transit Gateways
"""
super().__init__(scope,id, **kwargs)
self.landing_zone = landing_zone
self.peers = peers
self.gateway = ec2.CfnTransitGateway(self,'TransitGateway',
amazon_side_asn=amazon_asn,
auto_accept_shared_attachments='enable',
default_route_table_association='enable',
default_route_table_propagation='enable',
description='HomeNet TransitGateway',
dns_support='enable',
vpn_ecmp_support='enable',
tags=[
core.CfnTag(key='Name',value='HomeNet/TGW')
])
entries = []
for peer in peers:
if peer == landing_zone:
continue
entries.append(ec2.CfnPrefixList.EntryProperty(cidr=peer.cidr_block,description=peer.zone_name))
ec2.CfnPrefixList(self,'PeerPrefix',
address_family='IPv4',
entries= entries,
max_entries=100,
prefix_list_name='nbachmei.homenet.tgw-peers',
tags=[core.CfnTag(key='Name',value='HomeNet TGW Prefixes')])
ec2.CfnTransitGatewayAttachment(self,'VpcAttachment',
subnet_ids= landing_zone.vpc.select_subnets(subnet_group_name='TGW').subnet_ids,
transit_gateway_id= self.gateway.ref,
vpc_id= landing_zone.vpc.vpc_id,
tags=[core.CfnTag(key='Name',value='HomeNet')])
ssm.CfnParameter(self,'RegionalGatewayParameter',
name='/homenet/{}/transit-gateway/gateway-id'.format(landing_zone.region),
value=self.gateway.ref,
type='String')
self.__add_peers()
def __init__(self, scope: core.Construct, id: str, nw_stack: core.Stack,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
tgwRt = _ec2.CfnTransitGatewayRouteTable(
self,
id='TgwRt',
transit_gateway_id=nw_stack.tgw.ref,
tags=[core.CfnTag(key='Name', value='TGW-Nat-Rt')])
_ec2.CfnTransitGatewayRouteTablePropagation(
self,
id='tgw-natvpc-propagation',
transit_gateway_route_table_id=tgwRt.ref,
transit_gateway_attachment_id=nw_stack.tgw_nat_attachment.ref)
_ec2.CfnTransitGatewayRouteTableAssociation(
self,
id='tgw-natvpc-rt-association',
transit_gateway_route_table_id=tgwRt.ref,
transit_gateway_attachment_id=nw_stack.tgw_nat_attachment.ref)
_ec2.CfnTransitGatewayRouteTablePropagation(
self,
id='tgw-appvpc-propagation',
transit_gateway_route_table_id=tgwRt.ref,
transit_gateway_attachment_id=nw_stack.tgw_app_attachment.ref)
_ec2.CfnTransitGatewayRouteTableAssociation(
self,
id='tgw-appvpc-rt-association',
transit_gateway_route_table_id=tgwRt.ref,
transit_gateway_attachment_id=nw_stack.tgw_app_attachment.ref)
# TGW Routing
# All traffic is routed to NAT GW VPC
_ec2.CfnTransitGatewayRoute(
self,
id='tgw-nat-route',
transit_gateway_route_table_id=tgwRt.ref,
destination_cidr_block='0.0.0.0/0',
transit_gateway_attachment_id=nw_stack.tgw_nat_attachment.ref)
for subnet in nw_stack.app_vpc.isolated_subnets:
_ec2.CfnRoute(self,
id='app-vpc-route-all-tgw',
route_table_id=subnet.route_table.route_table_id,
destination_cidr_block='0.0.0.0/0',
transit_gateway_id=nw_stack.tgw.ref)
for subnet in nw_stack.nat_vpc.public_subnets:
_ec2.CfnRoute(
self,
id='nat-vpc-route-to-app',
route_table_id=subnet.route_table.route_table_id,
destination_cidr_block=nw_stack.app_vpc.vpc_cidr_block,
transit_gateway_id=nw_stack.tgw.ref)
def create_subnets(self) -> None:
netwk = ipaddress.ip_network(self.vpc.cidr_block)
cidrs = list(netwk.subnets(new_prefix=self.cidr_mask))
cidrs.reverse()
az_name = self._azs
vpc_id = [
tag['value'] for tag in self.vpc.tags.render_tags()
if tag['key'] == 'Name'
].pop()
for layer in range(self.reserved_layers):
for az_number in range(self.reserved_azs):
current = [layer, az_number]
cidr = str(cidrs.pop())
if current in self.desired_subnet_points:
az_end = az_name[az_number][-2:]
subnet_type = "private" if self.private_enabled and layer > 0 else "public"
subnet = aws_ec2.CfnSubnet(
self.scope,
f'{vpc_id}-{subnet_type}-{az_end}',
cidr_block=cidr,
vpc_id=self.vpc.ref,
availability_zone=az_name[az_number],
tags=[
core.CfnTag(
key='Name',
value=f'{vpc_id}-{subnet_type}-{az_end}',
),
core.CfnTag(
key='Layer',
value=f'{layer}',
),
core.CfnTag(
key='AZNumber',
value=f'{az_number}',
),
],
)
if self.private_enabled and layer > 0:
self._private_subnets.append(subnet)
else:
self._public_subnets.append(subnet)
def __init__(self, scope: core.Construct, id: str, vpc_id1: str,
vpc_id2: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
tag = core.CfnTag(key='Name', value=vpc_id1 + vpc_id2)
self.vpc_peer = VPCPeeringConnection(self,
'vpc_peering_connection',
vpc_id=vpc_id1,
peer_vpc_id=vpc_id2,
tags=[tag])
self.vpc_peer_ref = self.vpc_peer.ref
def create_internet_gateway(self):
# インターネットゲートウェイ
internet_gateway = _ec2.CfnInternetGateway(
self,
'CfnInternetGateway',
tags=[core.CfnTag(
key='Name',
value='DEMO-IGW',
)])
return internet_gateway
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# def __init__(self, scope: core.Construct, id: str, cidr_range: str, tgw_asn: int, **kwargs) -> None:
# super().__init__(scope, id, **kwargs)
this_dir = path.dirname(__file__)
# VPC Creation
self.vpc = ec2.Vpc(
self,
"TransitVPC",
max_azs=1,
cidr="172.16.0.0/24",
# configuration will create 1 subnet in a single AZ.
subnet_configuration=[
ec2.SubnetConfiguration(subnet_type=ec2.SubnetType.ISOLATED,
name="Isolated",
cidr_mask=25)
])
# Transit Gateway creation
self.tgw = ec2.CfnTransitGateway(
self,
id="TGW-USe1",
amazon_side_asn=64512,
auto_accept_shared_attachments="enable",
default_route_table_association="enable",
default_route_table_propagation="enable",
tags=[core.CfnTag(key='Name', value="tgw-us-east-1")])
# Transit Gateway attachment to the VPC
self.tgw_attachment = ec2.CfnTransitGatewayAttachment(
self,
id="TGW-Attachment",
transit_gateway_id=self.tgw.ref,
vpc_id=self.vpc.vpc_id,
subnet_ids=[
subnet.subnet_id for subnet in self.vpc.isolated_subnets
],
tags=[
core.CfnTag(key='Name',
value=f"tgw-{self.vpc.vpc_id}-attachment")
])
def create_vpc(self):
# VPC
vpc = _ec2.CfnVPC(self,
'CfnVPC',
cidr_block='10.5.5.0/24',
enable_dns_hostnames=True,
enable_dns_support=True,
tags=[core.CfnTag(
key='Name',
value='DEMO-VPC',
)])
return vpc
def create_subnet(self, vpc, subnet_name, cidr_block, availability_zone):
subnet = _ec2.CfnSubnet(
self,
subnet_name,
vpc_id=vpc.ref,
cidr_block=cidr_block,
availability_zone=availability_zone,
tags=[core.CfnTag(
key='Name',
value=subnet_name,
)])
return subnet
def create_vpc(scope: core.Construct, id: str) -> aws_ec2.CfnVPC:
vpc = aws_ec2.CfnVPC(
scope,
f'{scope.node.try_get_context("prefix")}-vpc',
cidr_block=scope.node.try_get_context("vpc_cidr"),
enable_dns_hostnames=True,
enable_dns_support=True,
tags=[
core.CfnTag(key='Name',
value=f'{scope.node.try_get_context("prefix")}')
])
return vpc
def create_elastic_ip(self, internet_gateway_attachment):
# EIP1 (for NATGW)
elastic_ip = _ec2.CfnEIP(
self,
'CfnEIP',
domain="vpc",
tags=[core.CfnTag(
key='Name',
value='DEMO-EIP',
)])
elastic_ip.add_depends_on(internet_gateway_attachment)
return elastic_ip
def create_nat_gateway(self, subnet_dictionary, elastic_ip):
# NatGateway
nat_gateway = _ec2.CfnNatGateway(
self,
'CfnNatGateway',
allocation_id=elastic_ip.attr_allocation_id,
subnet_id=subnet_dictionary.get('DEMO-PUBLIC-SUBNET-A').ref,
tags=[core.CfnTag(
key='Name',
value='DEMO-NAT-GATEWAY',
)])
return nat_gateway
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self.gateway = ec2.CfnTransitGateway(
self,
'TransitGateway',
amazon_side_asn=64512,
auto_accept_shared_attachments='enable',
default_route_table_association='enable',
default_route_table_propagation='enable',
description='HomeNet TransitGateway',
dns_support='enable',
vpn_ecmp_support='enable',
tags=[core.CfnTag(key='Name', value='HomeNet/TGW')])
def __init__(self,
scope: core.Construct,
id: str,
landing_zone: IVpcLandingZone,
ds: DirectoryServicesConstruct,
subnet_group_name: str = 'Default',
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
core.Tags.of(self).add(key='Source',
value=NetworkFileSystemsConstruct.__name__)
subnet_ids = landing_zone.vpc.select_subnets(
subnet_group_name=subnet_group_name).subnet_ids
single_subnet = subnet_ids[0:1]
preferred_subnet_id = single_subnet[0]
self.windows_storage = fsx.CfnFileSystem(
self,
'WinFs',
subnet_ids=single_subnet,
file_system_type='WINDOWS',
security_group_ids=[landing_zone.security_group.security_group_id],
# HDD min = 2TB / SSD = 32
storage_type='SSD',
storage_capacity=500,
tags=[
core.CfnTag(key='Name', value='winfs.virtual.world'),
],
windows_configuration=fsx.CfnFileSystem.
WindowsConfigurationProperty(
weekly_maintenance_start_time='1:11:00', # Mon 6AM (UTC-5)
# 2^n MiB/s with n between 8 and 2048
throughput_capacity=16,
active_directory_id=ds.mad.ref,
automatic_backup_retention_days=30,
copy_tags_to_backups=True,
deployment_type='SINGLE_AZ_2', # MULTI_AZ_1,
preferred_subnet_id=preferred_subnet_id))
self.app_data = efs.FileSystem(
self,
'AppData',
vpc=landing_zone.vpc,
enable_automatic_backups=True,
file_system_name='app-data.efs.virtual.world',
security_group=landing_zone.security_group,
vpc_subnets=ec2.SubnetSelection(
subnet_group_name=subnet_group_name),
lifecycle_policy=efs.LifecyclePolicy.AFTER_14_DAYS,
removal_policy=core.RemovalPolicy.SNAPSHOT)
def create_internet_gateway(scope: core.Construct, vpc: aws_ec2.CfnVPC) -> aws_ec2.CfnInternetGateway:
internet_gateway = aws_ec2.CfnInternetGateway(scope, 'InternetGateway',
tags=[core.CfnTag(
key='Name',
value='InternetGateway',
)]
)
aws_ec2.CfnVPCGatewayAttachment(scope, 'VPCGatewayAttachment',
vpc_id=vpc.ref,
internet_gateway_id=internet_gateway.ref,
)
return internet_gateway
def create_public_route_table(self, vpc, internet_gateway):
# RouteTable of PublicSubnet
route_table_public = _ec2.CfnRouteTable(
self,
'CfnRouteTablePublic',
vpc_id=vpc.ref,
tags=[
core.CfnTag(key="Name", value='DEMO-ROUTE-TABLE-PUBLIC'),
])
_ec2.CfnRoute(self,
'CfnRoutePublic',
route_table_id=route_table_public.ref,
destination_cidr_block="0.0.0.0/0",
gateway_id=internet_gateway.ref)
return route_table_public
def create_private_route_table(self, vpc, nat_gateway):
# RouteTable of PrivateSubnet
route_table_private = _ec2.CfnRouteTable(
self,
'CfnRouteTablePrivate',
vpc_id=vpc.ref,
tags=[
core.CfnTag(key="Name", value='DEMO-ROUTE-TABLE-PRIVATE'),
])
_ec2.CfnRoute(self,
'CfnRoutePrivate',
route_table_id=route_table_private.ref,
destination_cidr_block="0.0.0.0/0",
nat_gateway_id=nat_gateway.ref)
return route_table_private
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id)
self._id = id
try:
kwargs['tags']
except:
self._tags_wk = None
else:
self._tags_wk = [
core.CfnTag(key=kwargs['tags'][i]['key'],
value=kwargs['tags'][i]['value'])
if kwargs['tags'] else None for i in range(len(kwargs['tags']))
]
self._eip = aws_ec2.CfnEIP(self, self._id, tags=self._tags_wk)
def create_nat_gateway(scope: core.Construct, vpc: aws_ec2.CfnVPC,
subnet: aws_ec2.CfnSubnet) -> aws_ec2.CfnNatGateway:
prefix = scope.node.try_get_context("prefix")
az_end = subnet.availability_zone[-2:]
eip = aws_ec2.CfnEIP(scope, f'{prefix}-eip-{az_end}')
nat_gateway = aws_ec2.CfnNatGateway(
scope,
f'{prefix}-nat-{az_end}',
allocation_id=eip.attr_allocation_id,
subnet_id=subnet.ref,
tags=[core.CfnTag(
key='Name',
value=f'{prefix}-nat-{az_end}',
)],
)
return nat_gateway
def create_vpc(scope: core.Construct, id: str, *,
cidr_block='10.0.0.0/16',
enable_dns_hostnames=True,
enable_dns_support=True,
instance_tenancy='default',
tags='vpc01') -> aws_ec2.CfnVPC:
vpc = aws_ec2.CfnVPC(scope, 'vpc',
cidr_block=cidr_block,
enable_dns_hostnames=enable_dns_hostnames,
enable_dns_support=enable_dns_support,
tags=[core.CfnTag(
key='Name',
value=tags,
)]
)
return vpc
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id)
self._id = id
self._routetable_id = kwargs['routetable_id']
self._internetgateway_id = kwargs['internetgateway_id']
try: kwargs['tags']
except: self._tags_wk = None
else: self._tags_wk = [core.CfnTag(key=kwargs['tags'][i]['key'] ,value=kwargs['tags'][i]['value']) if kwargs['tags'] else None for i in range(len(kwargs['tags']))]
self._internetgateway_id = kwargs['internetgateway_id']
self._route = aws_ec2.CfnRoute(self,
self._id,
gateway_id=self._internetgateway_id.ref,
destination_cidr_block='0.0.0.0/0',
route_table_id=self._routetable_id.ref
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Create the VPC
vpc = ec2.Vpc(self, "VPC", max_azs=1, cidr='10.0.0.0/16',
subnet_configuration=[
{
'cidrMask': 24,
'name': 'Ingress',
'subnetType': ec2.SubnetType.PUBLIC,
},
{
'cidrMask': 24,
'name': 'Application',
'subnetType': ec2.SubnetType.PRIVATE,
}
]
)
publicsubnet = vpc.public_subnets[0].subnet_id
privatesubnet = vpc.private_subnets[0].subnet_id
publicinstancetags = [
core.CfnTag(key="Name", value="MyPublicLabHost"),
core.CfnTag(key="Project", value="lab"),
core.CfnTag(key="CostCenter", value="1520")
]
privateinstancetags = [
core.CfnTag(key="Name", value="MyPrivateLabHost"),
core.CfnTag(key="Project", value="lab"),
core.CfnTag(key="CostCenter", value="1520")
]
mypublicinstance = ec2.CfnInstance(self, 'MyPublicLabHost',
instance_type='t3.nano',
subnet_id=publicsubnet,
image_id=ec2.AmazonLinuxImage().get_image(self).image_id,
tags=publicinstancetags)
myprivateinstance = ec2.CfnInstance(self, 'MyPrivateLabHost',
instance_type='t3.nano',
subnet_id=privatesubnet,
image_id=ec2.AmazonLinuxImage().get_image(self).image_id,
tags=privateinstancetags)
iid = mypublicinstance.ref
eip = ec2.CfnEIP(self,'MyLabEip',domain='vpc',instance_id=iid)
def create_internet_gateway(scope: core.Construct,
vpc: aws_ec2.CfnVPC) -> aws_ec2.CfnInternetGateway:
prefix = scope.node.try_get_context("prefix")
internet_gateway = aws_ec2.CfnInternetGateway(
scope,
f'{prefix}-igw',
tags=[core.CfnTag(
key='Name',
value=f'{prefix}-igw',
)])
aws_ec2.CfnVPCGatewayAttachment(
scope,
f'{prefix}-vpc-gateway-attachment',
vpc_id=vpc.ref,
internet_gateway_id=internet_gateway.ref,
)
return internet_gateway
