def _add_autoscaling_group(
self,
vpc: ec2.Vpc,
public_subnet,
security_group: ec2.SecurityGroup,
key_name: str
) -> autoscaling.AutoScalingGroup:
"""
Add autoscaling group for running ec2 instance automatically
"""
Zach_Ec2_InstanceImage = ec2.GenericLinuxImage(ami_map={"ap-southeast-1":"ami-048a01c78f7bae4aa"})
ZachInitInstall=ec2.UserData.for_linux()
ZachInitInstall.add_commands("yum install -y psmisc nginx")
group = autoscaling.AutoScalingGroup(
self,
'zach-autoscale',
vpc=vpc,
instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO),
machine_image=Zach_Ec2_InstanceImage,
max_capacity=2,
vpc_subnets=public_subnet,
associate_public_ip_address=True,
key_name=key_name,
user_data=ec2.UserData.add_commands(self,"yum install -y psmisc nginx")
)
group.add_security_group(security_group)
core.CfnOutput(self, "ASG-GROUP-ARN", export_name="ASG-GROUP-ARN", value=group.auto_scaling_group_arn)
core.CfnOutput(self, "ASG-GROUP", export_name="ASG-GROUP", value=group.auto_scaling_group_name)
return group
def __init__(self, scope: core.Construct, id: str, vpc: ec2.IVpc, config: dict, region: str, **kwargs):
super().__init__(scope, id, **kwargs)
self._region = region
### EC2 Server for Jenkins
image = ec2.GenericLinuxImage(
{
region: config["ami_id"],
},
)
self._role = iam.Role(self, "InstanceRole", assumed_by=iam.ServicePrincipal("ec2.amazonaws.com"))
for policy in config["iam_role_policies"]:
self._role.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name(policy))
subnet = vpc.select_subnets(subnet_type=ec2.SubnetType.PRIVATE).subnets[0]
subnet_selection = ec2.SubnetSelection(subnets=[subnet])
self.security_group = ec2.SecurityGroup(
self, "EC2SG",
vpc=vpc
)
self._instance = ec2.Instance(
self, "EC2",
instance_type=ec2.InstanceType(config["instance_type"]),
machine_image=image,
vpc=vpc,
vpc_subnets=subnet_selection,
role=self._role,
security_group=self.security_group
)
core.CfnOutput(self, "CodeServerInstanceID", value=self._instance.instance_id)
def __create_asg(self, user_data: str, vpc: ec2.Vpc):
subnets = ec2.SubnetSelection(one_per_az=True,
subnet_type=ec2.SubnetType.PUBLIC)
asg = autoscaling.AutoScalingGroup(
self,
id=common.generate_id("ImagizerAutoscalingGroup"),
vpc=vpc,
vpc_subnets=subnets,
instance_type=ec2.InstanceType.of(
instance_class=ec2.InstanceClass[variables.ASG_INSTANCE_TYPE],
instance_size=ec2.InstanceSize[variables.ASG_INSTANCE_SIZE]),
machine_image=ec2.GenericLinuxImage(
ami_map={self.region: variables.IMAGIZER_AMI_ID}),
user_data=ec2.UserData.custom(user_data),
update_type=autoscaling.UpdateType.ROLLING_UPDATE,
health_check=autoscaling.HealthCheck.ec2(
grace=core.Duration.seconds(
variables.ASG_HEALTH_CHECK_GRACE_PERIOD)),
cooldown=core.Duration.seconds(
variables.ASG_HEALTH_CHECK_GRACE_PERIOD),
min_capacity=variables.ASG_MIN_CAPACITY,
max_capacity=variables.ASG_MAX_CAPACITY,
rolling_update_configuration=autoscaling.
RollingUpdateConfiguration(
min_instances_in_service=variables.ASG_ROLL_OUT_BATCH_SIZE,
max_batch_size=variables.ASG_ROLL_OUT_BATCH_SIZE,
wait_on_resource_signals=True,
pause_time=core.Duration.minutes(
variables.ASG_ROLL_OUT_PATCH_MINUTES)))
common.add_tags(self, asg, variables.IMAGIZER_CLUSTER_TAGS)
return asg
def __init__(self, scope: core.Construct, id: str, vpc, config,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
prj_name = self.node.try_get_context("project_name")
env_name = self.node.try_get_context("env")
name = config['ec2']['name']
key = config['ec2']['ssh_key']
ubuntu_ami = ec2.GenericLinuxImage(
{"ap-southeast-1": "ami-028be27cf930f7a43"})
# Create bastion host
self.bastion = ec2.Instance(
self,
'Instance',
instance_type=ec2.InstanceType("t3.small"),
instance_name=f"{name}-bastion",
key_name=f"{key}",
machine_image=ubuntu_ami,
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE),
)
self.bastion.apply_removal_policy(core.RemovalPolicy.DESTROY)
self.bastion.connections.allow_from_any_ipv4(
port_range=ec2.Port.tcp(22),
description='Allow public SSH connections')
self.bastion.connections.allow_from_any_ipv4(
port_range=ec2.Port.icmp_ping(),
description='Allow public ICMP ping')
core.CfnOutput(self,
f'{name}-private-ip',
value=self.bastion.instance_private_ip)
def __init__(self, scope: core.Construct, id: str, vpc, bastion, config,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
prj_name = self.node.try_get_context("project_name")
env_name = self.node.try_get_context("env")
name = config['ec2']['name']
key = config['ec2']['ssh_key']
ubuntu_ami = ec2.GenericLinuxImage(
{"ap-southeast-1": "ami-028be27cf930f7a43"})
# Create security group for webapp instances
webapp_sg = ec2.SecurityGroup(self,
'webapp-sg',
vpc=vpc,
security_group_name=prj_name + env_name +
'-webapp-sg',
description="SG for webapp Instances",
allow_all_outbound=True)
webapp_sg.add_ingress_rule(
peer=ec2.Peer.ipv4(f"{bastion.instance_private_ip}/32"),
connection=ec2.Port.tcp(22),
description='Allow all bastion instance to SSH')
for subnet in vpc.public_subnets:
webapp_sg.add_ingress_rule(
peer=ec2.Peer.ipv4(subnet.ipv4_cidr_block),
connection=ec2.Port.tcp(80),
description=
'Allow ELB public subnets to access webapp instances')
# Create launch template and attach to autoscaling group
webapp_launch_template = ec2.LaunchTemplate(
self,
'launch-template',
detailed_monitoring=False,
ebs_optimized=False,
instance_type=ec2.InstanceType("t3.small"),
launch_template_name=f"{name}-launch-template",
key_name=f"{key}",
machine_image=ubuntu_ami,
security_group=webapp_sg)
self.webapp_asg = autoscaling.AutoScalingGroup(
self,
'webapp-asg',
vpc=vpc,
auto_scaling_group_name=prj_name + env_name + '-webapp-asg',
instance_type=ec2.InstanceType("t3.small"),
machine_image=ubuntu_ami,
min_capacity=1,
max_capacity=1,
desired_capacity=1,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
# lookup existing VPC
vpc = ec2.Vpc(
self,
"yardstiqVpc",
)
# create a new security group
sec_group = ec2.SecurityGroup(
self,
"sec-group-allow-ssh",
vpc=vpc,
allow_all_outbound=True,
)
# add a new ingress rule to allow port 22 to internal hosts
sec_group.add_ingress_rule(
peer=ec2.Peer.any_ipv4(), #('10.0.0.0/16'),
description="Allow SSH connection",
connection=ec2.Port.tcp(22))
# Define commands to run on startup
user_data = ec2.UserData.for_linux()
# command = """
# git clone https://github.com/Roger-luo/quantum-benchmarks > /home/ubuntu/yardstiq.log \
# && cd quantum-benchmarks >> /home/ubuntu/yardstiq.log \
# && bin/benchmark setup >> /home/ubuntu/yardstiq.log \
# && bin/benchmark benchmark >> /home/ubuntu/yardstiq.log
# """
command = """
echo "Hello World" >> /home/ubuntu/yardstiq.log
echo "sudo halt" | at now + 1 minutes
"""
user_data.add_commands(command)
# define a new ec2 instance
ec2_instance = ec2.Instance(
self,
"ec2-instance",
key_name="yardstiqPem",
instance_name=instanceName,
instance_type=ec2.InstanceType(instanceType),
machine_image=ec2.GenericLinuxImage(
{'us-west-1': 'ami-031b673f443c2172c'}),
vpc=vpc,
security_group=sec_group,
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
user_data=user_data,
user_data_causes_replacement=True)
def generate_instances(count=4):
amazon_linux_2 = ec2_stacker.GenericLinuxImage(
{"us-east-1": "ami-0fc61db8544a617ed"})
ec2_objects = []
for i in range(count):
ec2_instnace = ec2_stacker.Instance(
self,
f"Instance number {i}",
instance_type=ec2_stacker.InstanceType('t2.micro'),
machine_image=amazon_linux_2,
vpc=covid_free_vpc,
security_group=get_web_sg(),
user_data=ec2_stacker.UserData.custom(get_userdata()))
ec2_objects.append(ec2_instnace)
return ec2_objects
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# to deploy in our default VPC
vpc = aws_ec2.Vpc.from_lookup(self, 'VPC', is_default=True)
linux = aws_ec2.GenericLinuxImage({
'us-west-2': 'i-1111111',
'ap-northeast-1': 'i-222222'
})
aws_ec2.Instance(self,
'EC2',
instance_type=aws_ec2.InstanceType.of(
aws_ec2.InstanceClass.BURSTABLE3,
aws_ec2.InstanceSize.LARGE),
machine_image=linux,
vpc=vpc),
def __init__(self, scope: core.Construct, id: str, vpc: ec2.IVpc,
config: dict, region: str, **kwargs):
super().__init__(scope, id, **kwargs)
### EC2 Server for Jenkins
image = ec2.GenericLinuxImage({
region: config["ami_id"],
}, )
role = iam.Role(self,
"InstanceSSM",
assumed_by=iam.ServicePrincipal("ec2.amazonaws.com"))
role.add_managed_policy(
iam.ManagedPolicy.from_aws_managed_policy_name(
"service-role/AmazonEC2RoleforSSM"))
subnet = vpc.select_subnets(
subnet_type=ec2.SubnetType.PRIVATE).subnets[0]
subnet_selection = ec2.SubnetSelection(subnets=[subnet])
self.security_group = ec2.SecurityGroup(self, "EC2SG", vpc=vpc)
self._instance = ec2.Instance(self,
"EC2",
instance_type=ec2.InstanceType(
config["instance_type"]),
machine_image=image,
vpc=vpc,
vpc_subnets=subnet_selection,
role=role,
security_group=self.security_group)
### Lambda for github webhooks
self._webhook_forwarder = _lambda.Function(
self,
"WebHookForwarder",
runtime=_lambda.Runtime.PYTHON_3_8,
code=_lambda.Code.from_asset(
os.path.join(dirname, "lambda", "webhook_forwarder")),
handler="lambda_function.lambda_handler",
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(subnets=vpc.select_subnets(
subnet_type=ec2.SubnetType.PRIVATE).subnets))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
def get_userdata():
with open('bootstrap.sh', 'r') as userdata:
return userdata.read()
vmie_ami = "ami-00bf35d2ab0bdb452"
default_vpc = "vpc-e94d1f93"
ec2_role = "arn:aws:iam::88888888888:role/KratosRole"
account_id = "8888888888"
vm_import_image = aws_ec2.GenericLinuxImage({"us-east-1": vmie_ami})
core.Environment(account=account_id)
kratos_role = aws_iam.Role.from_role_arn(self, 'KratosXL', role_arn=ec2_role)
aws_ec2.Instance(self, f"VMIE-{vmie_ami}", instance_type=aws_ec2.InstanceType('t2.micro'),
role=kratos_role, machine_image=vm_import_image, security_group=aws_ec2.CfnSecurityGroup(self, id=f"SG-{vmie_ami}",
group_description=f"SG-CDK-{vmie_ami}"), vpc=aws_ec2.Vpc.from_lookup(self, f'CDK-VPC--{vmie_ami}', vpc_id=default_vpc),
user_data=aws_ec2.UserData.custom(get_userdata()), key_name="covidQuarantine")
def _create_instance(self,num):
InitData = open("aws_cdk_python/Zach_EC2_Stack/init.sh", "rb").read()
ZachInitInstall=ec2.UserData.for_linux()
ZachInitInstall.add_commands(str(InitData,encoding='UTF-8'))
Zach_Ec2_InstanceImage = ec2.GenericLinuxImage(ami_map={"ap-southeast-1":"ami-048a01c78f7bae4aa"})
Zach_Ec2_Instance_Key="aws-sg-root"
try:
TypeClass=ec2.InstanceClass.BURSTABLE2
TypeSize=ec2.InstanceSize.MICRO
Zach_Ec2_InstanceType=ec2.InstanceType.of(TypeClass,TypeSize)
except Exception as e:
Zach_Ec2_InstanceType=ec2.InstanceType(instance_type_identifier="t2.micro")
vpc = ec2.Vpc.from_lookup(self,id="Zach_VPC_Stack_A",vpc_id="vpc-01e73b4b5c6f9f98a")
for ids in range(num):
ZachSequence = self.__class__.__name__+"-"+str(ids).zfill(5)
Zach_Ec2_Instance=ec2.Instance(self,id=ZachSequence,instance_name=ZachSequence,
instance_type=Zach_Ec2_InstanceType,
machine_image=Zach_Ec2_InstanceImage,
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
key_name=Zach_Ec2_Instance_Key,
user_data=ZachInitInstall)
Zach_Ec2_Instance.add_security_group(ec2.SecurityGroup.from_security_group_id(self,id=ZachSequence+"SSH",
security_group_id="sg-02fb046cddb80deca"))
Zach_Ec2_Instance.add_security_group(ec2.SecurityGroup.from_security_group_id(self, id=ZachSequence+"WEB",
security_group_id="sg-07a1d71bba92f38ca"))
Zach_Ec2_Instance_Tag=[]
Zach_Ec2_Instance_Tag.append(core.Tag.add(self,"OStype","Linux"))
Zach_Ec2_Instance_Tag.append(core.Tag.add(self,"K8S","False"))
Zach_Ec2_Instance_Tag.append(core.Tag.add(self,"Publish","True"))
core.CfnOutput(self, "InstanceID-"+str(ids), value=Zach_Ec2_Instance.instance_id)
core.CfnOutput(self, "InstancePubIP-"+str(ids), value=Zach_Ec2_Instance.instance_public_ip)
core.CfnOutput(self, "InstancePrivIP-"+str(ids),value=Zach_Ec2_Instance.instance_private_ip)
core.CfnOutput(self, "InstanceOS-"+str(ids), value=Zach_Ec2_Instance.os_type.value)
core.CfnOutput(self, "InstanceRole-"+str(ids), value=Zach_Ec2_Instance.role.role_arn)
core.CfnOutput(self, "InstanceBindSG-"+str(ids),value=str(Zach_Ec2_Instance.connections.security_groups))
core.CfnOutput(self, "InstanceLogicID-"+str(ids), value=Zach_Ec2_Instance.instance.logical_id)
def generate_instances(count=1):
amazon_linux_2 = aws_ec2.GenericLinuxImage(
{"us-east-1": "ami-0fc61db8544a617ed"})
ec2_objects = []
for i in range(count):
ec2_instnace = aws_ec2.Instance(
self,
f"CDK-Instance-{i + int(1)}",
instance_type=aws_ec2.InstanceType('t2.micro'),
role=kratos_role,
machine_image=amazon_linux_2,
security_group=aws_ec2.CfnSecurityGroup(
self,
id=f"SG{i + int(1)}",
group_description=f"SG-CDK-{i}"),
vpc=aws_ec2.Vpc.from_lookup(self,
f'CDK-VPC-{i + int(1)}',
vpc_id="vpc-eeeee3"),
user_data=aws_ec2.UserData.custom(get_userdata()),
key_name="covidQuarantine")
ec2_objects.append(ec2_instnace)
return ec2_objects
def _add_autoscaling_group(self, vpc: ec2.Vpc,
public_subnet: ec2.SubnetConfiguration,
security_group: ec2.SecurityGroup,
role: iam.Role) -> autoscaling.AutoScalingGroup:
"""
Add autoscaling group for running ec2 instance automatically
"""
Zach_Ec2_InstanceImage = ec2.GenericLinuxImage(
ami_map={"ap-southeast-1": "ami-048a01c78f7bae4aa"})
group = autoscaling.AutoScalingGroup(
self,
'zach-autoscale',
vpc=vpc,
instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2,
ec2.InstanceSize.MICRO),
machine_image=Zach_Ec2_InstanceImage,
max_capacity=1,
vpc_subnets=public_subnet,
associate_public_ip_address=True,
key_name='aws-sg-root',
role=role)
group.add_security_group(security_group)
return group
from aws_cdk import core
import aws_cdk.aws_ec2 as ec2
vpc_id = "vpc-ebe75a8c" # Import an Exist VPC
ec2_type = "t3a.micro"
key_name = "stg-intrinio-www01"
linux_ami = ec2.GenericLinuxImage({
"us-east-1": "ami-0323c3dd2da7fb37d"
})
with open("./user_data/user_data.sh") as f:
user_data = f.read()
class CdkVpcEc2Stack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=vpc_id)
host = ec2.Instance(self, "myEC2",
instance_type=ec2.InstanceType(
instance_type_identifier=ec2_type),
instance_name="mySingleHost",
machine_image=linux_ami,
vpc=vpc,
key_name=key_name,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PUBLIC),
# user_data=ec2.UserData.custom(user_data)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Some error prevented me from creating the subnets properly
# Will investigate soon-ish
vpc = ec2.Vpc(
self,
"VPC",
)
sg_default = ec2.SecurityGroup.from_security_group_id(
self, "SG", vpc.vpc_default_security_group)
# Ensure:
# 1) password is derived from SM ✓
# 2) placement is in private subnets ✓
# 3) Slave in other subnet -
# Defaults:
# - master password stored in SM
# - default placement in private subnets
db = rds.DatabaseInstance(self,
"RDS",
master_username="******",
database_name="db1",
engine_version="8.0.16",
engine=rds.DatabaseInstanceEngine.MYSQL,
vpc=vpc,
port=3306,
instance_class=ec2.InstanceType.of(
ec2.InstanceClass.MEMORY4,
ec2.InstanceSize.LARGE,
),
security_groups=[sg_default],
removal_policy=core.RemovalPolicy.DESTROY,
deletion_protection=False)
default_userdata = ec2.UserData.for_linux()
db_password = db.secret.secret_value.to_string()
db_host = db.instance_endpoint.hostname
default_userdata.add_commands(
"echo \"username=admin\npassword={}\nhost={}\" > /home/ubuntu/.mysql.creds"
.format(db_password, db_host))
asg = autoscaling.AutoScalingGroup(
self,
"ASG",
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2,
ec2.InstanceSize.MICRO),
machine_image=ec2.GenericLinuxImage(
{"eu-west-1": "ami-02df9ea15c1778c9c"}),
desired_capacity=2,
# Probably ensure we can access the machines...
associate_public_ip_address=True,
key_name="nicolai-test",
user_data=default_userdata,
)
# asg.add_security_group(ssh_from_everywhere)
alb = elb2.ApplicationLoadBalancer(
self,
"ALB",
vpc=vpc,
internet_facing=True,
)
listener = alb.add_listener(
"ALBListener",
protocol=elb2.ApplicationProtocol.HTTP,
)
listener.add_targets("ASGTarget", targets=[asg], port=8080)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, tags=default_tags, **kwargs)
# VPC
vpc = ec2.Vpc(
self,
'k8s-real-hard-way-vpc',
cidr=vpc_cidr,
subnet_configuration=[
ec2.SubnetConfiguration(
cidr_mask=24,
name='Public',
subnet_type=ec2.SubnetType.PUBLIC,
),
ec2.SubnetConfiguration(
cidr_mask=24,
name='Private',
subnet_type=ec2.SubnetType.PRIVATE
)
]
)
# Ubuntu AMI from dict mapping
ubuntu_ami = ec2.GenericLinuxImage(
ami_map={
aws_region: ami_region_map.get(aws_region)
}
)
# Get HostedZone ID from HostedZone Name
zoneid = route53.HostedZone.from_lookup(
self,
"k8s-real-hard-way-zone",
domain_name=zone_fqdn
)
zoneid_str = zoneid.hosted_zone_id
# IAM Policy for Bastion Instance Profile
iampolicystatement = iam.PolicyStatement(
actions=[
"ec2:CreateRoute",
"ec2:CreateTags",
"ec2:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"elasticloadbalancing:DescribeLoadBalancers",
"route53:ListHostedZonesByName"
],
effect=iam.Effect.ALLOW,
resources=[
"*"
]
)
iampolicystatement_route53 = iam.PolicyStatement(
actions=[
"route53:ChangeResourceRecordSets"
],
effect=iam.Effect.ALLOW,
resources=[
"arn:aws:route53:::" + zoneid_str[1:]
]
)
# BASTION HOST
# AutoScalingGroup
bastion = autoscaling.AutoScalingGroup(
self,
"bastion",
vpc=vpc,
min_capacity=bastion_min_capacity,
max_capacity=bastion_max_capacity,
desired_capacity=bastion_desired_capacity,
instance_type=ec2.InstanceType(bastion_instance_type),
machine_image=ec2.AmazonLinuxImage(),
key_name=ssh_key_pair,
vpc_subnets=ec2.SubnetSelection(
subnet_name='Private'
),
associate_public_ip_address=False
)
bastion.add_to_role_policy(iampolicystatement)
bastion.add_to_role_policy(iampolicystatement_route53)
cfn_bastion = bastion.node.default_child
cfn_bastion.auto_scaling_group_name = "bastion"
cfn_bastion_lc = bastion.node.find_child('LaunchConfig')
cfn_bastion_lc.launch_configuration_name = "bastion"
# Classic LoadBalancer
bastion_lb = elb.LoadBalancer(
self,
"bastion-lb",
vpc=vpc,
internet_facing=True,
health_check=elb.HealthCheck(
port=22,
protocol=elb.LoadBalancingProtocol.TCP
)
)
cfn_bastion_lb = bastion_lb.node.default_child
cfn_bastion_lb.load_balancer_name = "bastion"
bastion_lb.add_listener(
external_port=22,
external_protocol=elb.LoadBalancingProtocol.TCP,
allow_connections_from=[ec2.Peer().ipv4(myipv4)]
)
bastion_lb.add_target(
target=bastion
)
# UserData
bastion.add_user_data(
"sudo yum update",
"sudo yum upgrade -y",
"sudo yum install jq tmux -y",
"wget https://gist.githubusercontent.com/dmytro/3984680/raw/1e25a9766b2f21d7a8e901492bbf9db672e0c871/ssh-multi.sh -O /home/ec2-user/tmux-multi.sh",
"chmod +x /home/ec2-user/tmux-multi.sh",
"wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 && chmod +x cfssl_linux-amd64 && sudo mv cfssl_linux-amd64 /usr/local/bin/cfssl && sudo chown ec2-user:ec2-user /usr/local/bin/cfssl",
"wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 && chmod +x cfssljson_linux-amd64 && sudo mv cfssljson_linux-amd64 /usr/local/bin/cfssljson && sudo chown ec2-user:ec2-user /usr/local/bin/cfssljson",
"curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x ./kubectl && sudo mv kubectl /usr/local/bin/kubectl && chown ec2-user:ec2-user /usr/local/bin/kubectl",
"sudo hostname " + "bastion" + "." + zone_fqdn,
"echo \"AWS_DEFAULT_REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep region | awk -F\\\" '{print $4}')\" | sudo tee -a /etc/environment",
"echo \"HOSTEDZONE_NAME=" + zone_fqdn + "\" | sudo tee -a /etc/environment"
)
# Route53 Alias Target for LB
route53_target = route53_targets.ClassicLoadBalancerTarget(bastion_lb)
# Route53 Record for Bastion Host LB
route53_bastion = route53.ARecord(
self,
"bastion-lb-route53",
target=route53.RecordTarget.from_alias(route53_target),
zone=zoneid,
comment="Bastion Host LB",
record_name='bastion'
)
# ETCD
# AutoScalingGroup
etcd = autoscaling.AutoScalingGroup(
self,
"etcd",
vpc=vpc,
min_capacity=etcd_min_capacity,
max_capacity=etcd_max_capacity,
desired_capacity=etcd_desired_capacity,
instance_type=ec2.InstanceType(etcd_instance_type),
machine_image=ubuntu_ami,
key_name=ssh_key_pair,
vpc_subnets=ec2.SubnetSelection(
subnet_name='Private'
),
associate_public_ip_address=False
)
etcd.add_to_role_policy(iampolicystatement)
cfn_etcd = etcd.node.default_child
cfn_etcd.auto_scaling_group_name = "etcd"
cfn_etcd_lc = etcd.node.find_child('LaunchConfig')
cfn_etcd_lc.launch_configuration_name = "etcd"
# UserData
etcd.add_user_data(
"sudo apt-get update",
"sudo apt-get upgrade -y",
"sudo apt-get install python3-pip -y",
"sudo pip3 install awscli",
"echo \"AWS_DEFAULT_REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep region | awk -F\\\" '{print $4}')\" | sudo tee -a /etc/environment",
"echo \"HOSTEDZONE_NAME=" + zone_fqdn + "\" | sudo tee -a /etc/environment",
"echo \"INTERNAL_IP=$(curl -s http://169.254.169.254/1.0/meta-data/local-ipv4)\" | sudo tee -a /etc/environment"
)
# KUBERNETES MASTER Load Balancer
# Public Load Balancer (for remote kubectl access)
master_public_lb = elb.LoadBalancer(
self,
"k8s-real-hard-way-master-public-lb",
vpc=vpc,
internet_facing=True,
health_check=elb.HealthCheck(
port=6443,
protocol=elb.LoadBalancingProtocol.TCP
)
)
master_public_lb.add_listener(
external_port=6443,
external_protocol=elb.LoadBalancingProtocol.TCP,
allow_connections_from=[ec2.Peer().ipv4(myipv4)]
)
cfn_master_public_lb = master_public_lb.node.default_child
cfn_master_public_lb.load_balancer_name = "master-public"
# Private Load Balancer (fronting kube-apiservers)
master_private_lb = elb.LoadBalancer(
self,
"k8s-real-hard-way-master-private-lb",
vpc=vpc,
internet_facing=False,
health_check=elb.HealthCheck(
port=6443,
protocol=elb.LoadBalancingProtocol.TCP
)
)
master_private_lb.add_listener(
external_port=6443,
external_protocol=elb.LoadBalancingProtocol.TCP,
allow_connections_from=[]
)
cfn_master_private_lb = master_private_lb.node.default_child
cfn_master_private_lb.load_balancer_name = "master-private"
# AutoScalingGroup
master = autoscaling.AutoScalingGroup(
self,
"master",
vpc=vpc,
min_capacity=master_min_capacity,
max_capacity=master_max_capacity,
desired_capacity=master_desired_capacity,
instance_type=ec2.InstanceType(master_instance_type),
machine_image=ubuntu_ami,
key_name=ssh_key_pair,
vpc_subnets=ec2.SubnetSelection(
subnet_name='Private'
),
associate_public_ip_address=False
)
master.add_to_role_policy(iampolicystatement)
cfn_master = master.node.default_child
cfn_master.auto_scaling_group_name = "master"
cfn_master_lc = master.node.find_child('LaunchConfig')
cfn_master_lc.launch_configuration_name = "master"
# Add ASG as target for LBs
master_public_lb.add_target(
target=master
)
master_private_lb.add_target(
target=master
)
# UserData
master.add_user_data(
"sudo apt-get update",
"sudo apt-get upgrade -y",
"sudo apt-get install python3-pip -y",
"sudo pip3 install awscli",
"echo \"AWS_DEFAULT_REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep region | awk -F\\\" '{print $4}')\" | sudo tee -a /etc/environment",
"echo \"HOSTEDZONE_NAME=" + zone_fqdn + "\" | sudo tee -a /etc/environment",
"echo \"INTERNAL_IP=$(curl -s http://169.254.169.254/1.0/meta-data/local-ipv4)\" | sudo tee -a /etc/environment"
)
# KUBERNETES WORKER
worker = autoscaling.AutoScalingGroup(
self,
"worker",
vpc=vpc,
min_capacity=worker_min_capacity,
max_capacity=worker_max_capacity,
desired_capacity=worker_desired_capacity,
instance_type=ec2.InstanceType(worker_instance_type),
machine_image=ubuntu_ami,
key_name=ssh_key_pair,
vpc_subnets=ec2.SubnetSelection(
subnet_name='Private'
),
associate_public_ip_address=False
)
worker.add_to_role_policy(iampolicystatement)
cfn_worker = worker.node.default_child
cfn_worker.auto_scaling_group_name = "worker"
cfn_worker_lc = worker.node.find_child('LaunchConfig')
cfn_worker_lc.launch_configuration_name = "worker"
# UserData
worker.add_user_data(
"sudo apt-get update",
"sudo apt-get upgrade -y",
"sudo apt-get install python3-pip -y",
"sudo pip3 install awscli",
"RANDOM_NUMBER=$(shuf -i 10-250 -n 1)",
"echo \"POD_CIDR=" + pod_cidr + ".$RANDOM_NUMBER.0/24\" | sudo tee -a /etc/environment",
"echo \"AWS_DEFAULT_REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep region | awk -F\\\" '{print $4}')\" | sudo tee -a /etc/environment",
"echo \"HOSTEDZONE_NAME=" + zone_fqdn + "\" | sudo tee -a /etc/environment",
"echo \"INTERNAL_IP=$(curl -s http://169.254.169.254/1.0/meta-data/local-ipv4)\" | sudo tee -a /etc/environment"
)
# SecurityGroups
# Bastion LB
bastion_lb_sg = ec2.SecurityGroup(
self,
"bastion-lb-sg",
vpc=vpc,
allow_all_outbound=True,
description="Bastion-LB",
)
# Kubernetes Master Public LB
master_public_lb_sg = ec2.SecurityGroup(
self,
"k8s-real-hard-way-master-public-lb-sg",
vpc=vpc,
allow_all_outbound=True,
description="K8s MasterPublicLB",
)
# Kubernetes Master Private LB
master_private_lb_sg = ec2.SecurityGroup(
self,
"k8s-real-hard-way-master-private-lb-sg",
vpc=vpc,
allow_all_outbound=True,
description="K8s MasterPrivateLB",
)
# Bastion
bastion_security_group = ec2.SecurityGroup(
self,
"bastion-security-group",
vpc=vpc,
allow_all_outbound=True,
description="Bastion"
)
# etcd
etcd_security_group = ec2.SecurityGroup(
self,
"etcd-security-group",
vpc=vpc,
allow_all_outbound=True,
description="etcd"
)
# Kubernetes Master
master_securiy_group = ec2.SecurityGroup(
self,
"master-security-group",
vpc=vpc,
allow_all_outbound=True,
description="K8s Master",
)
# Kubernetes Worker
worker_security_group = ec2.SecurityGroup(
self,
"worker-security-group",
vpc=vpc,
allow_all_outbound=True,
description="K8s Worker"
)
# SecurityGroup Rules
# Bastion LB
bastion_lb_sg.add_ingress_rule(
peer=ec2.Peer().ipv4(myipv4),
connection=ec2.Port.tcp(22),
description="SSH: Workstation - MasterPublicLB"
)
# Master Public LB
master_public_lb_sg.add_ingress_rule(
peer=ec2.Peer().ipv4(myipv4),
connection=ec2.Port.tcp(6443),
description="kubectl: Workstation - MasterPublicLB"
)
master_public_lb_sg.add_ingress_rule(
peer=master_securiy_group,
connection=ec2.Port.tcp(6443),
description="kubeapi: Workers - MasterPublicLB"
)
# Master Private LB
# master_private_lb_sg.add_ingress_rule(
# peer=master_securiy_group,
# connection=ec2.Port.tcp(6443),
# description="kubectl: Masters - MasterPrivateLB"
# )
# master_private_lb_sg.add_ingress_rule(
# peer=worker_security_group,
# connection=ec2.Port.tcp(6443),
# description="kubeapi: Workers - MasterPrivateLB"
# )
master_private_lb_sg.add_ingress_rule(
peer=ec2.Peer.any_ipv4(),
connection=ec2.Port.tcp(6443),
description="kubectl: ALL - MasterPrivateLB"
)
# Bastion Host
bastion_security_group.add_ingress_rule(
peer=bastion_lb_sg,
connection=ec2.Port.tcp(22),
description="SSH: Bastion-LB - Bastio"
)
# etcd
etcd_security_group.add_ingress_rule(
peer=bastion_security_group,
connection=ec2.Port.tcp(22),
description="SSH: Bastion - Etcds"
)
etcd_security_group.add_ingress_rule(
peer=master_securiy_group,
connection=ec2.Port.tcp_range(start_port=2379, end_port=2380),
description="etcd: Masters - Etcds"
)
etcd_security_group.add_ingress_rule(
peer=etcd_security_group,
connection=ec2.Port.tcp_range(start_port=2379, end_port=2380),
description="etcd: Etcds - Etcds"
)
# K8s-Master
master_securiy_group.add_ingress_rule(
peer=worker_security_group,
connection=ec2.Port.all_traffic(),
description="ALL: Workers - Masters"
)
master_securiy_group.add_ingress_rule(
peer=bastion_security_group,
connection=ec2.Port.tcp(22),
description="SSH: Bastion - Masters"
)
master_securiy_group.add_ingress_rule(
peer=bastion_security_group,
connection=ec2.Port.tcp(6443),
description="kubectl: Bastion - Masters"
)
master_securiy_group.add_ingress_rule(
peer=master_public_lb_sg,
connection=ec2.Port.tcp(6443),
description="kubectl: MasterPublicLB - Masters"
)
master_securiy_group.add_ingress_rule(
peer=master_private_lb_sg,
connection=ec2.Port.tcp(6443),
description="kubectl: MasterPrivateLB - Masters"
)
master_securiy_group.add_ingress_rule(
peer=worker_security_group,
connection=ec2.Port.tcp(6443),
description="kubectl: Workers - Masters"
)
# K8s-Worker
worker_security_group.add_ingress_rule(
peer=master_securiy_group,
connection=ec2.Port.all_traffic(),
description="ALL: Master - Workers"
)
worker_security_group.add_ingress_rule(
peer=bastion_security_group,
connection=ec2.Port.tcp(22),
description="SSH: Bastion - Workers"
)
worker_security_group.add_ingress_rule(
peer=bastion_security_group,
connection=ec2.Port.tcp(6443),
description="kubectl: Bastion - Workers"
)
# Add SecurityGroups to resources
bastion.add_security_group(bastion_security_group)
etcd.add_security_group(etcd_security_group)
master.add_security_group(master_securiy_group)
worker.add_security_group(worker_security_group)
cfn_master_public_lb.security_groups = [
master_public_lb_sg.security_group_id
]
cfn_master_private_lb.security_groups = [
master_private_lb_sg.security_group_id
]
# Add specific Tags to resources
core.Tag.add(
bastion,
apply_to_launched_instances=True,
key='Name',
value=tag_project + '-bastion'
)
core.Tag.add(
bastion_lb,
apply_to_launched_instances=True,
key='Name',
value=tag_project + '-bastion-lb'
)
core.Tag.add(
master_public_lb,
apply_to_launched_instances=True,
key='Name',
value=tag_project + '-master-lb'
)
core.Tag.add(
etcd,
apply_to_launched_instances=True,
key='Name',
value=tag_project + '-etcd'
)
core.Tag.add(
master,
apply_to_launched_instances=True,
key='Name',
value=tag_project + '-k8s-master'
)
core.Tag.add(
worker,
apply_to_launched_instances=True,
key='Name',
value=tag_project + '-k8s-worker'
)
for subnet in vpc.private_subnets:
core.Tag.add(
subnet,
key='Attribute',
value='private'
)
for subnet in vpc.public_subnets:
core.Tag.add(
subnet,
key='Attribute',
value='public'
)
from aws_cdk import core
import aws_cdk.aws_ec2 as ec2
vpc_id = "vpc-111111" # Import an Exist VPC
ec2_type = "m5.xlarge"
key_name = "id_rsa"
linux_ami = ec2.GenericLinuxImage({
"cn-northwest-1": "ami-0f62e91915e16cfc2",
"eu-west-1": "ami-1111111"
})
with open("./user_data/user_data.sh") as f:
user_data = f.read()
class CdkVpcEc2Stack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=vpc_id)
host = ec2.Instance(
self,
"myEC2",
instance_type=ec2.InstanceType(instance_type_identifier=ec2_type),
instance_name="mySingleHost",
machine_image=linux_ami,
vpc=vpc,
key_name=key_name,
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
user_data=ec2.UserData.custom(user_data))
# EMQ Full Stack
from aws_cdk import core
from aws_cdk import aws_ec2 as ec2
from aws_cdk import aws_elasticloadbalancingv2 as elb
from aws_cdk import aws_autoscaling as autoscaling
from aws_cdk.core import Duration, CfnParameter
from aws_cdk.aws_autoscaling import HealthCheck
from aws_cdk import aws_rds as rds
# from cdk_stack import AWS_ENV
linux_ami = ec2.GenericLinuxImage({
#"eu-west-1": "ami-06fd78dc2f0b69910", # ubuntu 18.04 latest
"eu-west-1": "ami-09c60c18b634a5e00", # ubuntu 20.04 latest
})
with open("./user_data/user_data.sh") as f:
user_data = f.read()
class EmqFullStack(core.Stack):
def __init__(self, scope: core.Construct, construct_id: str, env,
**kwargs) -> None:
super().__init__(scope, construct_id, env=env, **kwargs)
# The code that defines your stack goes here
vpc = ec2.Vpc(
self,
"VPC_EMQ",
max_azs=2,
cidr="10.10.0.0/16",
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
#return userdata script
def get_userdata():
with open('userdata.sh') as userdata:
script = userdata.read()
return script
#get public subnet
def get_public_subnet():
public_subnet = covid_free_vpc.select_subnets(
subnet_type=ec2_stacker.SubnetType.PUBLIC)
return public_subnet.subnets[0]
def get_web_sg():
return covid_free_sg
#Generate 4 EC2 Instances
def generate_instances(count=4):
amazon_linux_2 = ec2_stacker.GenericLinuxImage(
{"us-east-1": "ami-0fc61db8544a617ed"})
ec2_objects = []
for i in range(count):
ec2_instnace = ec2_stacker.Instance(
self,
f"Instance number {i}",
instance_type=ec2_stacker.InstanceType('t2.micro'),
machine_image=amazon_linux_2,
vpc=covid_free_vpc,
security_group=get_web_sg(),
user_data=ec2_stacker.UserData.custom(get_userdata()))
ec2_objects.append(ec2_instnace)
return ec2_objects
#utilty script, fetches instance ids/ references in cloudformation
def get_instance_reference_ids():
data = generate_instances()
for i in data:
yield (i.instance_id)
#create vpc with public & private subnet
covid_free_vpc = ec2_stacker.Vpc(
self,
'CovidFreeVPC',
enable_dns_support=True,
enable_dns_hostnames=True,
max_azs=3,
subnet_configuration=[
ec2_stacker.SubnetConfiguration(
subnet_type=ec2_stacker.SubnetType.PUBLIC,
name='InternetFacingSubnetGroup',
cidr_mask=24)
])
#ec2_stacker.SubnetConfiguration(subnet_type=ec2_stacker.SubnetType.PRIVATE, name='PrivateSubnetGroup', cidr_mask=24 )
#])
#creating security group requires vpc param
covid_free_sg = ec2_stacker.SecurityGroup(self,
'CovidFreeSG',
allow_all_outbound=True,
vpc=covid_free_vpc)
covid_free_sg.add_ingress_rule(peer=ec2_stacker.Peer.any_ipv4(),
connection=ec2_stacker.Port.tcp(80),
description="allow http traffic")
covid_free_sg.add_ingress_rule(ec2_stacker.Peer.any_ipv4(),
ec2_stacker.Port.tcp(22),
description="allow ssh traffic")
#create launch config (userdata is also a valid param)
covid_free_lc = ats_stacker.CfnLaunchConfiguration(
self,
'CovidFreeLC',
instance_type='t2.micro',
image_id='ami-0fc61db8544a617ed')
#set up autoscaling group - better to add userdata from asg, does not throw base64 error. Able to use strings
instance_type = ec2_stacker.InstanceType.of(
ec2_stacker.InstanceClass.BURSTABLE2,
ec2_stacker.InstanceSize.MICRO)
amazon_linux_2 = ec2_stacker.GenericLinuxImage(
{"us-east-1": "ami-0fc61db8544a617ed"})
covid_free_asg = ats_stacker.AutoScalingGroup(
self,
'CovidFreeASG',
vpc=covid_free_vpc,
associate_public_ip_address=True,
key_name="CoronaVirusKP",
instance_type=instance_type,
machine_image=amazon_linux_2,
min_capacity=5,
max_capacity=10)
covid_free_asg.add_user_data(get_userdata())
#Register targets to ELB is an Autoscaling group, must be a list/array ot targets
elb = elb_stacker.LoadBalancer(self,
'CovidFreeELB',
cross_zone=True,
vpc=covid_free_vpc,
health_check={"port": 80},
internet_facing=True,
subnet_selection=get_public_subnet(),
targets=[covid_free_asg])
elb.add_listener(external_port=80)
from aws_cdk import core
from aws_cdk.aws_iam import (Role, ServicePrincipal, ManagedPolicy)
import aws_cdk.aws_ec2 as ec2
import aws_cdk.aws_elasticloadbalancingv2 as elb
import aws_cdk.aws_autoscaling as autoscaling
ec2_type = "t2.micro"
#key_name = "keypair" #EC2 keyname
linux_ami = ec2.GenericLinuxImage({"ap-northeast-2": "ami-0bea7fd38fabe821a"})
with open("./userdata/userdata.sh") as f:
userdata = f.read()
class SampleEC2Stack(core.Stack):
def __init__(self, scope: core.Construct, id: str, vpc, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
alb = elb.ApplicationLoadBalancer(self,
"myALB",
vpc=vpc,
internet_facing=True,
load_balancer_name="myALB")
alb.connections.allow_from_any_ipv4(ec2.Port.tcp(80),
"Internet access ALB 80")
listener = alb.add_listener("my80", port=80, open=True)
self.asg = autoscaling.AutoScalingGroup(
self,
"myASG",
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE),
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Set a vpc
vpc = ec2.Vpc.from_lookup(self, "VPC", is_default=True)
vpc_subnets = ec2.SubnetSelection()
# Set access policies for the instance
policies = [
# Read only access for all our s3 buckets
iam.ManagedPolicy.from_aws_managed_policy_name(
"AdministratorAccess"),
# Allow us login by the ssm manger
iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonSSMManagedInstanceCore")
]
# Get role object with set policies
role = iam.Role(self,
"EC2Role",
assumed_by=iam.ServicePrincipal("ec2.amazonaws.com"),
managed_policies=policies)
# Get a root ebs volume with specified sizw (mount: /dev/sda1)
ebs_root_vol = ec2.BlockDeviceVolume.ebs(
volume_size=int(self.node.try_get_context("ROOT_VOLUME_SIZE")))
ebs_root_block_device = ec2.BlockDevice(device_name="/dev/sda1",
volume=ebs_root_vol)
# Get volume - contains a block device volume and a block device
ebs_extended_vol = ec2.BlockDeviceVolume.ebs(
volume_size=int(self.node.try_get_context("EXTENDED_VOLUME_SIZE")))
# Place volume on a block device with a set mount point
ebs_extended_block_device = ec2.BlockDevice(device_name=EXT_DEV_NAME,
volume=ebs_extended_vol)
# # Run boot strap - User Data
mappings = {
"__EXT_DEV_NAME__": EXT_DEV_NAME,
"__EXT_DEV_MOUNT__": '/mnt/gen3'
}
with open("user_data/user_data.sh", 'r') as user_data_h:
user_data_sub = core.Fn.sub(user_data_h.read(), mappings)
user_data = ec2.UserData.custom(user_data_sub)
# Set instance type from ec2-type in context
instance_type = ec2.InstanceType(
instance_type_identifier=self.node.try_get_context("EC2_TYPE"))
machine_image = ec2.GenericLinuxImage({
self.region:
self.node.try_get_context(
"MACHINE_IMAGE"), # Refer to an existing AMI type
})
# The code that defines your stack goes here
# We take all of the parameters we have and place this into the ec2 instance class
# Except LaunchTemplate which is added as a property to the instance
host = ec2.Instance(
self,
id="Gen3AdminVm",
instance_type=instance_type,
instance_name=self.node.try_get_context("INSTANCE_NAME"),
machine_image=machine_image,
vpc=vpc,
vpc_subnets=vpc_subnets,
role=role,
user_data=user_data,
block_devices=[ebs_root_block_device, ebs_extended_block_device],
)
# Return instance ID
core.CfnOutput(self, "Output", value=host.instance_id)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Get/set stack name for context
self.node.set_context("STACK_NAME", self.stack_name)
# The code that defines your stack goes here
# Set a vpc
vpc = ec2.Vpc.from_lookup(self, "VPC", is_default=True)
vpc_subnets = ec2.SubnetSelection()
# Set access policies for the instance
policies = [
# Read only access for all our s3 buckets
iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonS3ReadOnlyAccess"),
# Set the container registry policy so we can pull docker containers from our ECR repo
iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonEC2ContainerRegistryReadOnly"),
# Allow us login by the ssm manger
iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonSSMManagedInstanceCore")
]
# Get role object with set policies
role = iam.Role(self,
"EC2Role",
assumed_by=iam.ServicePrincipal("ec2.amazonaws.com"),
managed_policies=policies)
# Get a root ebs volume (we mount it on /dev/xvda1)
ebs_var_vol = ec2.BlockDeviceVolume.ebs(
volume_size=int(self.node.try_get_context("VAR_VOLUME_SIZE")))
# Place volume on a block device with the set mount point
ebs_var_block_device = ec2.BlockDevice(device_name="/dev/sdf",
volume=ebs_var_vol)
# Get volume - contains a block device volume and a block device
ebs_extended_vol = ec2.BlockDeviceVolume.ebs(
volume_size=int(self.node.try_get_context("EXTENDED_VOLUME_SIZE")))
# Place volume on a block device with a set mount point
ebs_extended_block_device = ec2.BlockDevice(device_name="/dev/sdg",
volume=ebs_extended_vol)
# Run boot strap -
"""
The code under userdata.sh completes the following steps
1. Installs docker into ec2 instance
2. Mounts our volume to /mnt/
3. Log into docker
"""
mappings = {
"__ACCOUNT_ID__": str(self.account),
"__REGION__": str(self.region)
}
with open("user_data/user_data.sh", 'r') as user_data_h:
# Use a substitution
user_data_sub = core.Fn.sub(user_data_h.read(), mappings)
# Import substitution object into user_data set
user_data = ec2.UserData.custom(user_data_sub)
# Set instance type from ec2-type in context
instance_type = ec2.InstanceType(
instance_type_identifier=self.node.try_get_context("EC2_TYPE"))
# Get machine type from context
machine_image = ec2.GenericLinuxImage({
self.region:
self.node.try_get_context(
"MACHINE_IMAGE"), # Refer to an existing AMI type
})
# The code that defines your stack goes here
# We take all of the parameters we have and place this into the ec2 instance class
# Except LaunchTemplate which is added as a property to the instance
host = ec2.Instance(
self,
id="{}-instance".format(self.node.try_get_context("STACK_NAME")),
instance_type=instance_type,
instance_name=self.node.try_get_context("INSTANCE_NAME"),
machine_image=machine_image,
vpc=vpc,
vpc_subnets=vpc_subnets,
role=role,
user_data=user_data,
block_devices=[ebs_var_block_device, ebs_extended_block_device],
)
if self.node.try_get_context("USE_SPOT_INSTANCE").lower() == 'true':
# Spot pricing via ec2 fleet
spot_price = self.node.try_get_context("MAX_SPOT_PRICE")
market_options = {"MarketType": "spot"}
if spot_price is not None:
spot_options = {"MaxPrice": spot_price}
market_options["SpotOptions"] = spot_options
launch_template_data = {"InstanceMarketOptions": market_options}
launch_template = ec2.CfnLaunchTemplate(self, "LaunchTemplate")
launch_template.add_property_override("LaunchTemplateData",
launch_template_data)
host.instance.add_property_override(
"LaunchTemplate", {
"LaunchTemplateId": launch_template.ref,
"Version": launch_template.attr_latest_version_number
})
# Return public IP address s.t we can ssh into it
# Note that we may return an IP prior to the user_data shell script completing so not
# all of our goodies may be here yet
core.CfnOutput(self, "Output", value=host.instance_id)
from aws_cdk import core
from aws_cdk import aws_ec2 as ec2
from aws_cdk import aws_elasticloadbalancingv2 as elb
from aws_cdk import aws_autoscaling as autoscaling
from aws_cdk.core import Duration, CfnParameter
from aws_cdk.aws_autoscaling import HealthCheck
# from cdk_stack import AWS_ENV
# ec2_type = "t2.micro"
# key_name = "key_ireland"
# linux_ami = ec2.LookupMachineImage(name="emqx429")
linux_ami = ec2.GenericLinuxImage({
"eu-west-1": "ami-06fd78dc2f0b69910", # ubuntu 18.04 latest
})
with open("./user_data/user_data.sh") as f:
user_data = f.read()
class CdkEc2Stack(core.Stack):
def __init__(self, scope: core.Construct, id: str, vpc, env,
**kwargs) -> None:
super().__init__(scope, id, env=env, **kwargs)
# Define cfn parameters
ec2_type = CfnParameter(
self,
"ec2-instance-type",
type="String",
default="t2.micro",
from aws_cdk import core
import aws_cdk.aws_ec2 as ec2
vpc_id = "MY-VPC-ID" # Import an Exist VPC
ec2_type = "t2.micro"
key_name = "id_rsa"
linux_ami = ec2.GenericLinuxImage({
"cn-northwest-1": "AMI-ID-IN-cn-northwest-1-REGION", # Refer to an Exist AMI
"eu-west-1": "AMI-ID-IN-eu-west-1-REGION"
})
with open("./user_data/user_data.sh") as f:
user_data = f.read()
class CdkVpcEc2Stack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=vpc_id)
host = ec2.Instance(self, "myEC2",
instance_type=ec2.InstanceType(
instance_type_identifier=ec2_type),
instance_name="mySingleHost",
machine_image=linux_ami,
vpc=vpc,
key_name=key_name,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PUBLIC),
ManagedPolicy,
ServicePrincipal,
CfnInstanceProfile,
Effect,
PolicyStatement,
)
from constant import Constant
import uuid
# 中国两个区域会用到不同的ami_id
ami_map = {
'cn-northwest-1': Constant.ZHY_EC2_AMI_ID,
'cn-north-1': Constant.BJ_EC2_AMI_ID,
}
my_ami = ec2.GenericLinuxImage(ami_map)
with open("./user_data/user_data.sh") as f:
user_data_content = f.read()
class CdkInfraStack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# s3
s3_bucket_name = "{}-s3-{}".format(Constant.PROJECT_NAME,
self._get_UUID(4))
_s3.Bucket(
self,
id=s3_bucket_name,
