class CoreFinancialServices(VpcLandingZone):
"""
Represents dedicated environment with shared services
This avoids lengthy deployments and reduces costs
"""
def __init__(self, scope: Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = self.networking.vpc
# Add endpoints...
self.vpc_endpoints = VpcEndpointsForAWSServices(self,
'Endpoints',
vpc=vpc)
self.vpc_endpoints.add_ssm_support()
# Add services...
self.fsi = FsiRootConstruct(self, 'FsiRoot', landing_zone=self)
#DirectoryServicesConstruct(self,'Identity',landing_zone=self,subnet_group_name='Default')
# Add JumpBox
#JumpBoxConstruct(self,'DevBox',landing_zone=self)
@property
def cidr_block(self) -> str:
return '10.20.0.0/16'
@property
def zone_name(self) -> str:
return 'CoreSvc'
def __init__(self, scope: Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = self.networking.vpc
# Add endpoints...
self.vpc_endpoints = VpcEndpointsForAWSServices(self,
'Endpoints',
vpc=vpc)
self.vpc_endpoints.add_ssm_support()
# Add services...
self.fsi = FsiRootConstruct(self, 'FsiRoot', landing_zone=self)
class Hybrid(VpcLandingZone):
"""
Represents the default landing environment for HomeNet Hybrid
"""
def __init__(self, scope: Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = self.networking.vpc
# Add endpoints...
self.vpc_endpoints = VpcEndpointsForAWSServices(self,
'Endpoints',
vpc=self.vpc)
self.vpc_endpoints.add_ssm_support()
self.vpc_endpoints.add_apigateway_support()
# Add Core Services...
ds = DirectoryServicesConstruct(self, 'Identity', landing_zone=self)
ca = CertificateAuthority(self,
'Certificates',
common_name='cert.virtual.world')
# Setup name resolutions...
hosts = HostedZones(self, 'HostedZones', landing_zone=self)
ResolverSubnet(self, 'NameResolution', landing_zone=self)
# Add filesystems...
nfs = NetworkFileSystemsConstruct(self,
'NetFs',
landing_zone=self,
ds=ds)
nfs.configure_dns(hosts.virtual_world)
# Add app-level services...
video = VideoSubnet(self, 'Cameras', landing_zone=self)
video.configure_dns(zone=hosts.virtual_world, ca=ca)
# Add JumpBox
jumpbox = JumpBoxConstruct(self, 'JumpBox', landing_zone=self)
jumpbox.add_dns_records(zone=hosts.virtual_world,
resource_name='devbox')
@property
def cidr_block(self) -> str:
return '10.10.0.0/16'
@property
def zone_name(self) -> str:
return 'Hybrid'
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self.vpc = ec2.Vpc(self, 'Network')
VpcEndpointsForAWSServices(self, 'Endpoints', vpc=self.vpc)
self.product_descr_bucket = s3.Bucket(
self, 'AndroidProducts', removal_policy=core.RemovalPolicy.DESTROY)
self.efs_sg = ec2.SecurityGroup(
self,
'EfsGroup',
vpc=self.vpc,
allow_all_outbound=True,
description='Security Group for ApkStore EFS')
self.efs_sg.add_ingress_rule(peer=ec2.Peer.any_ipv4(),
connection=ec2.Port.all_traffic(),
description='Allow any traffic')
self.efs = efs.FileSystem(
self,
'ApkStore',
vpc=self.vpc,
security_group=self.efs_sg,
lifecycle_policy=efs.LifecyclePolicy.AFTER_14_DAYS,
performance_mode=efs.PerformanceMode.GENERAL_PURPOSE)
def __init__(self, scope:Construct, id:str, **kwargs)->None:
super().__init__(scope, id, **kwargs)
core.Tags.of(self).add('zone_name',self.zone_name)
# Deploy the VPC and networking components
self.networking = NetworkingLayer(self,self.zone_name,
cidr=self.cidr_block,
subnet_configuration=self.subnet_configuration)
# Automatically backup anything with backup-tags
self.backup_policy = BackupStrategyConstruct(self,'Backup', landing_zone=self)
# Support AWS services within isolated subnets
self.vpc_endpoints = VpcEndpointsForAWSServices(self,'Endpoints',vpc=self.vpc)
self.vpc_endpoints.add_s3_and_dynamodb()
self.vpc_endpoints.add_ssm_support()
self.vpc_endpoints.add_emr_support()
class LandingZone(ILandingZone):
"""
Define a deployment instance
"""
def __init__(self, scope:Construct, id:str, **kwargs)->None:
super().__init__(scope, id, **kwargs)
core.Tags.of(self).add('zone_name',self.zone_name)
# Deploy the VPC and networking components
self.networking = NetworkingLayer(self,self.zone_name,
cidr=self.cidr_block,
subnet_configuration=self.subnet_configuration)
# Automatically backup anything with backup-tags
self.backup_policy = BackupStrategyConstruct(self,'Backup', landing_zone=self)
# Support AWS services within isolated subnets
self.vpc_endpoints = VpcEndpointsForAWSServices(self,'Endpoints',vpc=self.vpc)
self.vpc_endpoints.add_s3_and_dynamodb()
self.vpc_endpoints.add_ssm_support()
self.vpc_endpoints.add_emr_support()
@property
def cidr_block(self)->str:
raise NotImplementedError()
@property
def zone_name(self)->str:
raise NotImplementedError()
@property
def subnet_configuration(self)->List[ec2.SubnetConfiguration]:
raise NotImplementedError()
@property
def vpc(self)->ec2.IVpc:
return self.networking.vpc