def create_redis(self, vpc):
subnetGroup = ec.CfnSubnetGroup(
self,
"RedisClusterPrivateSubnetGroup",
cache_subnet_group_name="recommendations-redis-subnet-group",
subnet_ids=[subnet.subnet_id for subnet in vpc.private_subnets],
description="Redis subnet for recommendations"
)
redis_security_group = ec2.SecurityGroup(self, "redis-security-group", vpc=vpc)
redis_connections = ec2.Connections(
security_groups=[redis_security_group], default_port=ec2.Port.tcp(6379)
)
redis_connections.allow_from_any_ipv4(port_range=ec2.Port.tcp(6379))
redis = ec.CfnCacheCluster(
self,
"RecommendationsRedisCacheCluster",
engine="redis",
cache_node_type="cache.t2.small",
num_cache_nodes=1,
cluster_name="redis-gw",
vpc_security_group_ids=[redis_security_group.security_group_id],
cache_subnet_group_name=subnetGroup.cache_subnet_group_name
)
redis.add_depends_on(subnetGroup)
def __init__(self, app: core.App, id: str) -> None:
super().__init__(app, id)
vpc = ec2.Vpc(
self,
"VPC",
max_azs = 2
)
instanceSecurityGroup = ec2.SecurityGroup(
self,
"INSTANCESECURITYGROUP",
vpc = vpc
)
loadBalancerSecurityGroup = ec2.SecurityGroup(
self,
"LOADBALANCERSECURITYGROUP",
vpc = vpc
)
connection = ec2.Connections(
default_port = ec2.Port.tcp(80),
security_groups = [
instanceSecurityGroup,
loadBalancerSecurityGroup
]
)
connection.allow_default_port_internally()
connection.allow_default_port_from_any_ipv4()
instanceRole = iam.Role(
self,
"INSTANCEROLE",
assumed_by = iam.ServicePrincipal('ec2.amazonaws.com'),
managed_policies = [
iam.ManagedPolicy.from_aws_managed_policy_name("service-role/AmazonEC2RoleforSSM")
]
)
instanceProfile = iam.CfnInstanceProfile(
self,
"INSTANCEPROFILE",
roles = [
instanceRole.role_name
]
)
core.CfnOutput(
self,
"vpc",
value = vpc.vpc_id
)
core.CfnOutput(
self,
"publicSubnet1",
value = vpc.public_subnets[0].subnet_id
)
core.CfnOutput(
self,
"publicSubnet2",
value = vpc.public_subnets[1].subnet_id
)
core.CfnOutput(
self,
"instanceSecurityGroup",
value = instanceSecurityGroup.security_group_name
)
core.CfnOutput(
self,
"loadBalancerSecurityGroup",
value = loadBalancerSecurityGroup.security_group_name
)
core.CfnOutput(
self,
"instanceProfile",
value = instanceProfile.attr_arn
)
def __init__(self): self._connections = ec2.Connections(peer=self)
def __init__(self, scope: core.Construct, id: str,
props: AmazonRayStackProps, **kwargs) -> None:
super().__init__(scope,
id,
stack_name=f"{props.prefix}-amzn-ray-cdk",
**kwargs)
self.props = props
# Add IAM pass role for a head instance to launch worker nodes
# w/ an instance profile
ray_iam_pass_ps = iam.PolicyStatement(effect=iam.Effect.ALLOW,
actions=["iam:PassRole"],
resources=["*"])
# Add minimum policies for an ec2 instance to launch a ray cluster
# that creates/updates an associated CloudFormation stack.
ray_cloudformation_ps = iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=[
"cloudformation:UpdateStack",
"cloudformation:ValidateTemplate", "cloudformation:ListStacks",
"cloudformation:DescribeStacks"
],
resources=["*"])
ray_exec_role_policies = iam.PolicyDocument(
statements=[ray_iam_pass_ps, ray_cloudformation_ps])
# Ray execution Role
ray_exec_role = iam.Role(
self,
"RayExecutionRole",
assumed_by=iam.ServicePrincipal("ec2.amazonaws.com"),
role_name=f"{props.prefix}RayClusterRoleCDK",
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonEC2FullAccess"),
iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonS3FullAccess"),
iam.ManagedPolicy.from_aws_managed_policy_name(
"CloudWatchFullAccess"),
iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonSSMFullAccess")
],
inline_policies=[ray_exec_role_policies])
# Add instance profile
# Get the underlying CfnInstanceProfile from the L2 construct
# CDK escape hatch docs:
# https://docs.aws.amazon.com/cdk/latest/guide/cfn_layer.html
ray_instance_profile = iam.CfnInstanceProfile(
self,
"InstanceProfile",
roles=[ray_exec_role.role_name],
path="/",
instance_profile_name=f"{props.prefix}RayClusterInstanceProfileCDK"
)
# Configure VPC
vpc = ec2.Vpc.from_lookup(self, "default_vpc", is_default=True)
ray_sg = ec2.SecurityGroup(
self,
"RayClusterSecurityGroup",
vpc=vpc,
description="Ray cluster security group.",
security_group_name=f"{props.prefix}RayClusterSecurityGroupCDK",
allow_all_outbound=True,
)
ray_sg_connections = ec2.Connections(security_groups=[ray_sg])
# Enable ray intracluster communication
ray_sg_connections.allow_from(ray_sg, ec2.Port.tcp_range(0, 65535))
# Enable ssh to the instance
ray_sg_connections.allow_from(ec2.Peer.any_ipv4(), ec2.Port.tcp(22))
# Launch template
launch_template_data_property = lt.LaunchTemplateDataProperty(
iam_instance_profile=lt.IamInstanceProfileProperty(
arn=ray_instance_profile.attr_arn),
image_id=props.ami,
security_group_ids=[ray_sg.security_group_id])
lt(self,
"RayClusterLaunchTemplate",
launch_template_name=f"{props.prefix}RayClusterLaunchTemplateCDK",
launch_template_data=launch_template_data_property)
def create_redis(stack, vpc, is_group=False):
print(vpc.private_subnets)
subnetGroup = ec.CfnSubnetGroup(
stack,
"RedisClusterPrivateSubnetGroup-test",
cache_subnet_group_name="recommendations-redis-subnet-group-test",
description="Redis subnet for recommendations",
subnet_ids=[subnet.subnet_id for subnet in vpc.private_subnets]
)
redis_security_group = ec2.SecurityGroup(
stack,
"redis-security-group-test",
vpc=vpc
)
redis_connections = ec2.Connections(
security_groups=[redis_security_group],
default_port=ec2.Port.tcp(6379)
)
redis_connections.allow_from_any_ipv4(port_range=ec2.Port.tcp(6379))
if is_group:
#group
redis = ec.CfnReplicationGroup(
stack,
"RecommendationsRedisCacheCluster",
engine="redis",
cache_node_type="cache.t2.small",
replicas_per_node_group=1,
num_node_groups=3,
replication_group_description="redis-gw-test",
automatic_failover_enabled=True,
security_group_ids=[redis_security_group.security_group_id],
cache_subnet_group_name=subnetGroup.cache_subnet_group_name
)
else:
# one node
redis = ec.CfnCacheCluster(
stack,
"RecommendationsRedisCacheCluster",
engine="redis",
cache_node_type="cache.t2.small",
num_cache_nodes=1,
cluster_name="redis-gw-test",
vpc_security_group_ids=[redis_security_group.security_group_id],
cache_subnet_group_name=subnetGroup.cache_subnet_group_name
)
# no python sample, this is nodejs sample for group mode
'''
const redisReplication = new CfnReplicationGroup(
this,
`RedisReplicaGroup`,
{
engine: "redis",
cacheNodeType: "cache.m5.xlarge",
replicasPerNodeGroup: 1,
numNodeGroups: 3,
automaticFailoverEnabled: true,
autoMinorVersionUpgrade: true,
replicationGroupDescription: "cluster redis di produzione",
cacheSubnetGroupName: redisSubnetGroup.cacheSubnetGroupName
}
);
'''
redis.add_depends_on(subnetGroup)
if is_group:
return redis.attr_primary_end_point_address,redis.attr_primary_end_point_port
else:
return redis.attr_redis_endpoint_address, redis.attr_redis_endpoint_port