def __init__(self, scope: core.Construct, id: str, vpc, asg_security_groups, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Creat DB Low Level API - MySQL M-AZs db_security_group = ec2.CfnSecurityGroup( self, "dbSG", group_description="All EC2 access DB", group_name="DB_SG", vpc_id=vpc.vpc_id) for asg_sg in asg_security_groups: ec2.CfnSecurityGroupIngress( self, "SG_ingress", ip_protocol="tcp", description="ASG EC2 access DB", to_port=3306, from_port=3306, group_id=db_security_group.attr_group_id, source_security_group_id=asg_sg.security_group_id) subnet_ids = [] for i in vpc.isolated_subnets: subnet_ids.append(i.subnet_id) db_subnet_group = rds.CfnDBSubnetGroup( self, "db_subnet", db_subnet_group_description="DB_subnet", db_subnet_group_name="db_subnet", subnet_ids=subnet_ids) db_mysql = rds.CfnDBInstance( self, "MyDB", db_name="mysqldb", db_instance_class="db.t2.small", allocated_storage="100", storage_type="gp2", engine="MySQL", engine_version="5.7.22", master_username=db_master_username, master_user_password=db_master_user_password, multi_az=True, vpc_security_groups=[db_security_group.attr_group_id], db_subnet_group_name=db_subnet_group.db_subnet_group_name, backup_retention_period=7, allow_major_version_upgrade=False, enable_cloudwatch_logs_exports=[ "audit", "error", "general", "slowquery" ], delete_automated_backups=False) db_mysql.add_depends_on(db_subnet_group) db_mysql.add_depends_on(db_security_group)
def __init__(self, scope: core.Construct, id: str, *, app_env: str, vpc: ec2.Vpc, **kwargs) -> None: super().__init__(scope, id, **kwargs) rds_params = { 'engine': "postgres", 'db_name': Param.value_for_string_parameter(self, f'/{app_env}/ssm/DATABASE_NAME'), 'master_username': Param.value_for_string_parameter(self, f'/{app_env}/ssm/DATABASE_USER'), 'master_user_password': Param.value_for_string_parameter( self, f'/{app_env}/ssm/DATABASE_PASSWORD'), 'db_instance_class': 'db.t3.micro', 'db_instance_identifier': f'staff-{app_env}-ssm', 'backup_retention_period': 7, 'delete_automated_backups': True, 'storage_type': 'gp2', 'allocated_storage': '20', 'engine_version': '11.5', 'deletion_protection': False, 'auto_minor_version_upgrade': True, 'publicly_accessible': True, 'storage_encrypted': False, 'copy_tags_to_snapshot': False, 'multi_az': False, } self._rds = rds.CfnDBInstance(self, 'staff-rds', **rds_params)
def __init__(self, scope: core.Construct, id: str, vpc, public_subnet_a, public_subnet_c, public_subnet_d, ec2_sg_id, **kwargs) -> None: super().__init__(scope, id, **kwargs) prefix = "test" # print(ec2_sg_id.ref) # RdsSecurityGroup RdsSecurityGroupStg = ec2.CfnSecurityGroup(self, "RdsSecurityGroupStg", group_name = 'stg-'+prefix+'-db01', group_description = 'stg-'+prefix+'-db01', vpc_id = vpc.ref, security_group_ingress = [ ec2.CfnSecurityGroup.IngressProperty( ip_protocol="tcp", to_port=3306, from_port=3306, cidr_ip='0.0.0.0/0', ), ec2.CfnSecurityGroup.IngressProperty( ip_protocol="tcp", to_port=3306, from_port=3306, source_security_group_id=ec2_sg_id.ref, ), ], security_group_egress = [ { "ipProtocol" : "tcp", "fromPort" : 0, "toPort" : 65535, "cidrIp" : "0.0.0.0/0" } ], ) # MyDBSubnetGroup rds_subnet_group = rds.CfnDBSubnetGroup(self, "DBSubnetGroup", db_subnet_group_description = "DBSubnetGroup", subnet_ids = [ public_subnet_a.ref, public_subnet_c.ref, public_subnet_d.ref ] ) DBParameterGroupStg = rds.CfnDBParameterGroup(self, "DBParameterGroupStg", description = 'stg-'+prefix+'db01', family = "MySQL5.6", parameters = { 'character_set_client': "utf8", 'character_set_connection': "utf8", 'character_set_database': "utf8", 'character_set_results': "utf8", 'character_set_server': "utf8", 'collation_connection': "utf8_general_ci", 'collation_server': "utf8_general_ci", 'long_query_time': "1.2", 'slow_query_log': "1", 'time_zone': "Asia/Tokyo", }, tags=[ core.CfnTag(key="Name", value='stg-'+prefix+'db01') ] ) rds_params = { 'db_instance_identifier': "stg-test-db01", 'engine': "mysql", 'engine_version': '5.6.39', 'db_instance_class': 'db.t3.micro', 'allocated_storage': '5', 'storage_type': 'gp2', 'db_name': "test", 'master_username': "******", 'master_user_password': "******", 'db_subnet_group_name' : rds_subnet_group.ref, 'publicly_accessible': False, 'multi_az': False, 'preferred_backup_window': "18:00-18:30", 'preferred_maintenance_window': "sat:19:00-sat:19:30", 'auto_minor_version_upgrade': False, 'db_parameter_group_name': DBParameterGroupStg.ref, 'vpc_security_groups': [RdsSecurityGroupStg.ref], 'copy_tags_to_snapshot': True, 'backup_retention_period': 7, # 'enable_performance_insights': True, 'delete_automated_backups': True, 'deletion_protection': False, 'availability_zone': "us-east-1a", 'enable_cloudwatch_logs_exports': ["error","slowquery"] # 'storage_encrypted': False, } self.rds = rds.CfnDBInstance(self, 'staff-rds', **rds_params, tags=[ core.CfnTag(key="Name", value='stg-'+prefix+'db01') ] ) core.CfnOutput(self, "OutputVpc", value=vpc.ref) core.CfnOutput(self, "OutputRds", value=self.rds.ref)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) prefix = "test" cidr = "192.168.0.0/16" # def name(s): return "{0}/{1}".format(prefix, s) def name(s): return "{0} {1}".format(prefix, s) # VPC self.vpc = ec2.CfnVPC(self, "vpc", cidr_block=cidr, enable_dns_hostnames=True, enable_dns_support=True, tags=[core.CfnTag(key="Name", value=prefix)]) # InternetGateway igw = ec2.CfnInternetGateway( self, "igw", tags=[core.CfnTag(key="Name", value=prefix)]) igw_attachment = ec2.CfnVPCGatewayAttachment( self, "igw_attachment", vpc_id=self.vpc.ref, internet_gateway_id=igw.ref) dhcpoptions = ec2.CfnDHCPOptions( self, "dhcpoptions", domain_name="ec2.internal " + prefix, domain_name_servers=["AmazonProvidedDNS"], tags=[core.CfnTag(key="Name", value=prefix)]) dhcpoptionsassociation = ec2.CfnVPCDHCPOptionsAssociation( self, "dhcpoptionsassociation", dhcp_options_id=dhcpoptions.ref, vpc_id=self.vpc.ref) # PrivateSubnetA # private_subnet_a = ec2.CfnSubnet( # self, "private_a", # vpc_id=vpc.ref, # cidr_block="192.168.0.0/24", # availability_zone="ap-northeast-1a", # tags=[ # core.CfnTag(key="Name", value=name("private_a")) # ] # ) # PrivateSubnetC # private_subnet_c = ec2.CfnSubnet( # self, "private_c", # vpc_id=vpc.ref, # cidr_block="192.168.1.0/24", # availability_zone="ap-northeast-1c", # tags=[ # core.CfnTag(key="Name", value=name("private_c")) # ] # ) # PublicSubnetA self.public_subnet_a = ec2.CfnSubnet( self, "public_a", vpc_id=self.vpc.ref, cidr_block="192.168.0.0/20", # availability_zone="ap-northeast-1a", availability_zone="us-east-1a", tags=[core.CfnTag(key="Name", value=prefix + " public_a")]) # PublicSubnetC self.public_subnet_c = ec2.CfnSubnet( self, "public_c", vpc_id=self.vpc.ref, cidr_block="192.168.16.0/20", availability_zone="us-east-1c", tags=[core.CfnTag(key="Name", value=prefix + " public_c")]) self.public_subnet_d = ec2.CfnSubnet( self, "public_d", vpc_id=self.vpc.ref, cidr_block="192.168.32.0/20", availability_zone="us-east-1d", tags=[core.CfnTag(key="Name", value=prefix + " public_d")]) # EIP1 (for NATGW) # eip1 = ec2.CfnEIP( # self, "eip1", # domain="vpc", # ) # eip1.add_depends_on(igw_attachment) # EIP2 (for NATGW) # eip2 = ec2.CfnEIP( # self, "eip2", # domain="vpc", # ) # eip2.add_depends_on(igw_attachment) # NatGatewayA # natgw_a = ec2.CfnNatGateway( # self, "natgw_a", # allocation_id=eip1.attr_allocation_id, # subnet_id=self.public_subnet_a.ref, # tags=[ # core.CfnTag(key="Name", value=name("natgw_a")) # ] # ) # NatGatewayC # natgw_c = ec2.CfnNatGateway( # self, "natgw_c", # allocation_id=eip2.attr_allocation_id, # subnet_id=public_subnet_c.ref, # tags=[ # core.CfnTag(key="Name", value=name("natgw_c")) # ] # ) # RouteTable of PrivateSubnetA # rtb_private_a = ec2.CfnRouteTable( # self, "rtb_private_a", # vpc_id=vpc.ref, # tags=[ # core.CfnTag(key="Name", value=name("rtb_private_a")) # ] # ) # ec2.CfnSubnetRouteTableAssociation( # self, "rtb_private_a_association", # route_table_id=rtb_private_a.ref, # subnet_id=private_subnet_a.ref # ) # ec2.CfnRoute( # self, "route_private_a", # route_table_id=rtb_private_a.ref, # destination_cidr_block="0.0.0.0/0", # nat_gateway_id=natgw_a.ref # ) # RouteTable of PrivateSubnetC # rtb_private_c = ec2.CfnRouteTable( # self, "rtb_private_c", # vpc_id=vpc.ref, # tags=[ # core.CfnTag(key="Name", value=name("rtb_private_c")) # ] # ) # ec2.CfnSubnetRouteTableAssociation( # self, "rtb_private_c_association", # route_table_id=rtb_private_c.ref, # subnet_id=private_subnet_c.ref # ) # ec2.CfnRoute( # self, "route_private_c", # route_table_id=rtb_private_c.ref, # destination_cidr_block="0.0.0.0/0", # nat_gateway_id=natgw_c.ref # ) # RouteTable of PublicSubnetA self.rtb_public_a = ec2.CfnRouteTable( self, "rtb_public_a", vpc_id=self.vpc.ref, tags=[core.CfnTag(key="Name", value=prefix + "rtb_public_a")]) ec2.CfnSubnetRouteTableAssociation( self, "rtb_public_a_association", route_table_id=self.rtb_public_a.ref, subnet_id=self.public_subnet_a.ref) ec2.CfnSubnetRouteTableAssociation( self, "rtb_public_c_association", route_table_id=self.rtb_public_a.ref, subnet_id=self.public_subnet_c.ref) ec2.CfnSubnetRouteTableAssociation( self, "rtb_public_d_association", route_table_id=self.rtb_public_a.ref, subnet_id=self.public_subnet_d.ref) ec2.CfnRoute(self, "route_public_a", route_table_id=self.rtb_public_a.ref, destination_cidr_block="0.0.0.0/0", gateway_id=igw.ref) # RouteTable of PublicSubnetC # rtb_public_c = ec2.CfnRouteTable( # self, "rtb_public_c", # vpc_id=vpc.ref, # tags=[ # core.CfnTag(key="Name", value=name("rtb_public_c")) # ] # ) # ec2.CfnSubnetRouteTableAssociation( # self, "rtb_public_c_association", # route_table_id=rtb_public_c.ref, # subnet_id=public_subnet_c.ref # ) # ec2.CfnRoute( # self, "route_public_c", # route_table_id=rtb_public_c.ref, # destination_cidr_block="0.0.0.0/0", # gateway_id=igw.ref # ) ami_id = ec2.AmazonLinuxImage(generation=ec2.AmazonLinuxGeneration. AMAZON_LINUX_2).get_image(self).image_id # security_group = ec2.SecurityGroup( # self, # id='test', # vpc=self.vpc, # security_group_name='test-security-group' # ) # security_group.add_ingress_rule( # peer=ec2.Peer.ipv4(cidr), # connection=ec2.Port.tcp(22), # ) # red_web_inst = ec2.CfnInstance(self, # "testInstance01", # image_id = ami_id, # instance_type = "t3a.micro", # monitoring = False, # key_name = "stg-intrinio-www01", # security_group_ids=[security_group.security_group_id], # block_device_mappings = [{ # "deviceName": "/dev/xvda", # "ebs": { # "volumeSize": 10, # "volumeType": "io1", # "iops": 150, # "deleteOnTermination": True # } # } # ], # tags = [ # { "key": "Name", "value": prefix } # ], # network_interfaces = [{ # "deviceIndex": "0", # "associatePublicIpAddress": True, # "subnetId": self.public_subnet_a.ref, # # "groupSet": [web_sg.security_group_id] # }], #https: //github.com/aws/aws-cdk/issues/3419 # ) # RdsSecurityGroup RdsSecurityGroupStg = ec2.CfnSecurityGroup( self, "RdsSecurityGroupStg", group_name='stg-' + prefix + '-db01', group_description='stg-' + prefix + '-db01', vpc_id=self.vpc.ref, security_group_ingress=[{ "ipProtocol": "tcp", "fromPort": 3306, "toPort": 3306, "cidrIp": "0.0.0.0/0" }], security_group_egress=[{ "ipProtocol": "tcp", "fromPort": 0, "toPort": 65535, "cidrIp": "0.0.0.0/0" }], ) # MyDBSubnetGroup rds_subnet_group = rds.CfnDBSubnetGroup( self, "DBSubnetGroup", db_subnet_group_description="DBSubnetGroup", subnet_ids=[ self.public_subnet_a.ref, self.public_subnet_c.ref, self.public_subnet_d.ref ]) DBParameterGroupStg = rds.CfnDBParameterGroup( self, "DBParameterGroupStg", description='stg-' + prefix + 'db01', family="MySQL5.6", parameters={ 'character_set_client': "utf8", 'character_set_connection': "utf8", 'character_set_database': "utf8", 'character_set_results': "utf8", 'character_set_server': "utf8", 'collation_connection': "utf8_general_ci", 'collation_server': "utf8_general_ci", 'long_query_time': "1.2", 'slow_query_log': "1", 'time_zone': "Asia/Tokyo", }, tags=[core.CfnTag(key="Name", value='stg-' + prefix + 'db01')]) rds_params = { 'db_instance_identifier': "stg-test-db01", 'engine': "mysql", 'engine_version': '5.6.39', 'db_instance_class': 'db.t3.micro', 'allocated_storage': '5', 'storage_type': 'gp2', 'db_name': "test", 'master_username': "******", 'master_user_password': "******", 'db_subnet_group_name': rds_subnet_group.ref, 'publicly_accessible': False, 'multi_az': False, 'preferred_backup_window': "18:00-18:30", 'preferred_maintenance_window': "sat:19:00-sat:19:30", 'auto_minor_version_upgrade': False, 'db_parameter_group_name': DBParameterGroupStg.ref, 'vpc_security_groups': [RdsSecurityGroupStg.ref], 'copy_tags_to_snapshot': True, 'backup_retention_period': 7, # 'enable_performance_insights': True, 'delete_automated_backups': True, 'deletion_protection': False, 'availability_zone': "us-east-1a", 'enable_cloudwatch_logs_exports': ["error", "slowquery"] # 'storage_encrypted': False, } self.rds = rds.CfnDBInstance( self, 'staff-rds', **rds_params, tags=[core.CfnTag(key="Name", value='stg-' + prefix + 'db01')]) core.CfnOutput(self, "OutputVpc", value=self.vpc.ref) core.CfnOutput(self, "OutputRds", value=self.rds.ref)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) az1 = core.Fn.select(0, core.Fn.get_azs(region=core.Aws.REGION)) az2 = core.Fn.select(1, core.Fn.get_azs(region=core.Aws.REGION)) ########## # VPC ########## # VPC vpc = ec2.Vpc(self, "vpc", cidr="10.0.0.0/16", subnet_configuration=[]) # Internet gateway internet_gateway = ec2.CfnInternetGateway(self, "internet-gateway") ec2.CfnVPCGatewayAttachment(self, "internet_gateway_attatchment", vpc_id=vpc.vpc_id, internet_gateway_id=internet_gateway.ref) # Public Subnet az1 public_subnet_az1 = ec2.PublicSubnet(self, "subnet-public-1a", availability_zone=az1, cidr_block="10.0.0.0/24", vpc_id=vpc.vpc_id, map_public_ip_on_launch=True) public_subnet_az1.add_route("internet-gateway-route", router_id=internet_gateway.ref, router_type=ec2.RouterType.GATEWAY) # Public Subnet az2 public_subnet_az2 = ec2.PublicSubnet(self, "subnet-public-1c", availability_zone=az2, cidr_block="10.0.1.0/24", vpc_id=vpc.vpc_id, map_public_ip_on_launch=True) public_subnet_az2.add_route("internet-gateway-route", router_id=internet_gateway.ref, router_type=ec2.RouterType.GATEWAY) # Private Subnet az1 private_subnet_az1 = ec2.PrivateSubnet(self, "subnet-private-1a", availability_zone=az1, cidr_block="10.0.2.0/24", vpc_id=vpc.vpc_id) # Private Subnet az2 private_subnet_az2 = ec2.PrivateSubnet(self, "subnet-private-1c", availability_zone=az2, cidr_block="10.0.3.0/24", vpc_id=vpc.vpc_id) ########## # EC2 ########## # # EC2 Security Group ec2_security_group = ec2.SecurityGroup(self, "ec2-security-group", vpc=vpc) # ec2_security_group.add_ingress_rule(peer=ec2.Peer.any_ipv4(),connection=ec2.Port.tcp(80)) # User Data user_data = ec2.UserData.for_linux() user_data.add_commands( "yum -y update", "amazon-linux-extras install php7.2 -y", "yum -y install mysql httpd php-mbstring php-xml", "wget http://ja.wordpress.org/latest-ja.tar.gz -P /tmp/", "tar zxvf /tmp/latest-ja.tar.gz -C /tmp", "cp -r /tmp/wordpress/* /var/www/html/", "chown apache:apache -R /var/www/html", "systemctl enable httpd.service", "systemctl start httpd.service") # EC2 Instance instance_az1 = ec2.CfnInstance( self, "wordpress-instance-az1", subnet_id=public_subnet_az1.subnet_id, image_id=ec2.AmazonLinuxImage( generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2).get_image( self).image_id, instance_type=ec2.InstanceType.of( instance_class=ec2.InstanceClass.BURSTABLE3, instance_size=ec2.InstanceSize.MICRO).to_string(), security_group_ids=[ec2_security_group.security_group_id], user_data=core.Fn.base64(user_data.render())) core.CfnOutput(self, "EC2 PublicDnsName", value=instance_az1.attr_public_dns_name) ########## # RDS ########## # RDS Security Group rds_security_group = ec2.SecurityGroup(self, "rds-security-group", vpc=vpc) ec2.CfnSecurityGroupIngress( self, "rds-security-group-ingress", group_id=rds_security_group.security_group_id, ip_protocol="tcp", from_port=3306, to_port=3306, source_security_group_id=ec2_security_group.security_group_id) # RDS Subnet Group rds_subnet_group = rds.CfnDBSubnetGroup( self, "rds-subnet-group", db_subnet_group_description="rds-subnet-group", subnet_ids=[ private_subnet_az1.subnet_id, private_subnet_az2.subnet_id ]) # RDS Instance rds_instance = rds.CfnDBInstance( self, "rds-instance", db_instance_identifier="wordpress-rds", engine=rds.DatabaseInstanceEngine.mysql( version=rds.MysqlEngineVersion.VER_8_0_20).engine_type, db_instance_class="db.t3.micro", master_username="******", master_user_password="******", db_name="wordpress", multi_az=False, vpc_security_groups=[rds_security_group.security_group_id], db_subnet_group_name=rds_subnet_group.ref, allocated_storage="20") core.CfnOutput(self, "RDS EndpointAddress", value=rds_instance.attr_endpoint_address) core.CfnOutput(self, "RDS EndpointPort", value=rds_instance.attr_endpoint_port) ########## # ALB ########## # ALB Security Group alb_security_group = ec2.SecurityGroup(self, "alb-security-group", vpc=vpc) alb_security_group.add_ingress_rule(peer=ec2.Peer.any_ipv4(), connection=ec2.Port.tcp(80)) # ALB Instance alb_instance = elb.ApplicationLoadBalancer( self, "alb", vpc=vpc, vpc_subnets=ec2.SubnetSelection( subnets=[public_subnet_az1, public_subnet_az2]), internet_facing=True, security_group=alb_security_group) # ALB Target Group alb_target_group = elb.ApplicationTargetGroup( self, "alb-target-group", vpc=vpc, target_type=elb.TargetType.INSTANCE, targets=[elb.InstanceTarget(instance_az1.ref)], protocol=elb.ApplicationProtocol.HTTP, port=80, health_check=elb.HealthCheck(protocol=elb.ApplicationProtocol.HTTP, path="/wp-includes/images/blank.gif")) # ALB Listener alb_listener = elb.ApplicationListener( self, "alb-listener", load_balancer=alb_instance, default_target_groups=[alb_target_group], protocol=elb.ApplicationProtocol.HTTP, port=80) core.CfnOutput(self, "ALB DNS Name", value=alb_instance.load_balancer_dns_name) # EC2 Security Group Ingress ec2.CfnSecurityGroupIngress( self, "ec2-security-group-ingress", group_id=ec2_security_group.security_group_id, ip_protocol="tcp", from_port=80, to_port=80, source_security_group_id=alb_security_group.security_group_id)