internal MadStack(Construct scope, string id, Vpc vpc, string domainName, string edition, SecretStack secret, IStackProps props = null) : base(scope, id, props) { AD = new CfnMicrosoftAD(this, "MAD", new CfnMicrosoftADProps { VpcSettings = new CfnMicrosoftAD.VpcSettingsProperty { SubnetIds = vpc.SelectSubnets(new SubnetSelection { SubnetType = SubnetType.PRIVATE }).SubnetIds, VpcId = vpc.VpcId }, Name = domainName, Password = secret.ClearTextSecret, Edition = edition }); var mad_dns_ip1 = Fn.Select(0, AD.AttrDnsIpAddresses); var mad_dns_ip2 = Fn.Select(1, AD.AttrDnsIpAddresses); new CfnOutput(this, "mad-dns1", new CfnOutputProps { Value = mad_dns_ip1, ExportName = "mad-dns1" }); new CfnOutput(this, "mad-dns2", new CfnOutputProps { Value = mad_dns_ip2, ExportName = "mad-dns2" }); }
//this class is a pretty thin useless wrapper now that I look at it... public static ApiStack CreateApiStack(this Construct scope, string apiName, Cluster cluster, Vpc vpc, Repository ecrRepo, string subDomain, string hostedZoneName, string hostedZoneId, ICertificate sslCert, Dictionary <string, string> containerEnvVars = null, Dictionary <string, Secret> containerSecrets = null, Environment env = null) { env ??= Constants.DefaultEnv; containerEnvVars ??= new Dictionary <string, string>(); containerSecrets ??= new Dictionary <string, Secret>(); containerEnvVars.Add("AWS__REGION", env.Region); var serviceName = $"{apiName.ToLowerInvariant()}-api"; return(new ApiStack(scope, $"{serviceName}-stack", new ApiProps { Vpc = vpc, Env = env, ServiceName = serviceName, EcsCluster = cluster, EcrRepository = ecrRepo, ContainerEnvVars = containerEnvVars, ContainerSecrets = containerSecrets, SubDomain = subDomain, HostedZoneName = hostedZoneName, HostedZoneId = hostedZoneId, Certificate = sslCert })); }
internal DotnetStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { var vpc = new Vpc(this, "MyVpc", new VpcProps { MaxAzs = 3 // Max zones }); var cluster = new Cluster(this, "MyCluster", new ClusterProps { Vpc = vpc }); var serviceProps = new ApplicationLoadBalancedFargateServiceProps() { Cluster = cluster, // Required DesiredCount = 5, // Default is 1 TaskImageOptions = new ApplicationLoadBalancedTaskImageOptions { Image = ContainerImage.FromRegistry("amazon/amazon-ecs-sample") // PHP Sample :-( my bad => https://hub.docker.com/r/amazon/amazon-ecs-sample }, MemoryLimitMiB = 2048, // Default is 256 PublicLoadBalancer = true, // Default is false }; // Create Loadbalancer fargate and make it public new ApplicationLoadBalancedFargateService(this, "MyFargateService", serviceProps); }
private DatabaseConstructOutput CreateDbInstanceConstruct(Construct parent, Vpc vpc, SecretValue databasePasswordSecret) { var database = new DatabaseInstance(parent, $"{this.Settings.ScopeName}-Database-{this.Settings.DbEngine}", new DatabaseInstanceProps { InstanceClass = this.InstanceType, Vpc = vpc, VpcPlacement = new SubnetSelection { SubnetType = this.Settings.DbSubnetType }, DeletionProtection = this.Settings.DotNetEnvironment != "Development", InstanceIdentifier = $"{this.Settings.ScopeName}-Database-{this.Settings.DbEngine}", Engine = this.DbInstanceEgnine, MasterUsername = this.Settings.DbUsername, MasterUserPassword = databasePasswordSecret, RemovalPolicy = RemovalPolicy.DESTROY } ); return(new DatabaseConstructOutput { EndpointAddress = database.InstanceEndpoint.Hostname, Connections = database.Connections, Port = database.DbInstanceEndpointPort }); }
internal BastionStack(Construct scope, string id, Vpc vpc, string keyPairName, IStackProps props = null) : base(scope, id, props) { Role = new Role(this, "ec2-bastion-role", new RoleProps { AssumedBy = new ServicePrincipal("ec2.amazonaws.com") }); Role.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName("SecretsManagerReadWrite")); Bastion = new Instance_(this, id, new InstanceProps { InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.MICRO), MachineImage = new WindowsImage(WindowsVersion.WINDOWS_SERVER_2019_ENGLISH_FULL_BASE), Vpc = vpc, UserData = UserData.Custom(Utils.GetResource("bastion_user_data.ps1")), KeyName = keyPairName, Role = Role, VpcSubnets = new SubnetSelection { SubnetType = SubnetType.PUBLIC } }); Bastion.Connections.AllowFromAnyIpv4(Port.Tcp(3389), "Internet access RDP"); new CfnOutput(this, "Bastion Host", new CfnOutputProps { Value = Bastion.InstancePublicDnsName }); }
internal Database(CdkStack stack, Vpc vpc, SecurityGroup asgSecurityGroup) { var dbSecurityGroup = new SecurityGroup(vpc, "DBSecurityGroup", new SecurityGroupProps { Vpc = vpc, Description = "Allows database access to the specified." }); dbSecurityGroup.AddIngressRule(asgSecurityGroup, Port.Tcp(1433), "Allow SQL Server"); var db = new DatabaseInstance(stack, $"{stack.StackName}-DatabaseCluster", new DatabaseInstanceProps { Vpc = vpc, VpcPlacement = new SubnetSelection { SubnetType = SubnetType.PRIVATE }, SecurityGroups = new[] { dbSecurityGroup }, Engine = DatabaseInstanceEngine.SQL_SERVER_EX, MasterUsername = "******", AllocatedStorage = 20, MultiAz = false, InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.SMALL), DeletionProtection = false }); DatabaseResource = db; ServerAddress = db.DbInstanceEndpointAddress; Password = db.Secret; }
public Template(string stackName, string keyPairName, string vpcName, string vpcCidrBlock, string description) : this(stackName, description) { this.Parameters.Add(ParameterKeyPairName, new ParameterBase(ParameterKeyPairName, "AWS::EC2::KeyPair::KeyName", keyPairName, "Key Pair to decrypt instance password.")); Vpc vpc = new Vpc(vpcCidrBlock); this.Resources.Add(vpcName, vpc); }
internal NetworkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { //UsingLevel2Constructs(); var vpc = new CfnVPC(this, Program.PREFIX + "primary-vpc", new CfnVPCProps { CidrBlock = "10.20.0.0/16" }); vpc.Tags.SetTag(Program.NAME, Program.PREFIX + "primary-vpc"); VpcRef = vpc.Ref; //var vpcId = (string)this.Node.TryGetContext(Program.PREFIX + "primary-vpc"); var L1Vpc = Vpc.FromLookup(this, "VPC", new VpcLookupOptions { VpcName = Program.PREFIX + "primary-vpc" }); /*var L1VPC = Vpc.FromLookup(this, VpcRef, new VpcLookupOptions{ * VpcId = VpcRef * });*/ var privateSubnetA = new CfnSubnet(this, Program.PREFIX + "private-subnet-a", new CfnSubnetProps { CidrBlock = "10.20.0.0/24", AvailabilityZone = this.AvailabilityZones[0], VpcId = vpc.Ref }); privateSubnetA.Tags.SetTag(Program.NAME, Program.PREFIX + "private-subnet-a"); var privateSubnetB = new CfnSubnet(this, Program.PREFIX + "private-subnet-b", new CfnSubnetProps { CidrBlock = "10.20.1.0/24", AvailabilityZone = this.AvailabilityZones[1], VpcId = vpc.Ref }); privateSubnetB.Tags.SetTag(Program.NAME, Program.PREFIX + "private-subnet-b"); }
internal CommonStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { Vpc = new Vpc(this, "Vpc", new VpcProps { Cidr = "10.0.0.0/21", MaxAzs = 3, NatGateways = 0, SubnetConfiguration = new SubnetConfiguration[] { new SubnetConfiguration { SubnetType = SubnetType.PUBLIC, Name = "Public" } } }); /* * new InterfaceVpcEndpoint(this, "ECREndpoint", new InterfaceVpcEndpointProps * { * Vpc = Vpc, * Service = InterfaceVpcEndpointAwsService.ECR_DOCKER * }); * * new InterfaceVpcEndpoint(this, "LogsEndpoint", new InterfaceVpcEndpointProps * { * Vpc = Vpc, * Service = InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS * }); */ Cluster = new Cluster(this, "Cluster", new ClusterProps { Vpc = Vpc }); }
public ClassicLoadBalancerStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { var vpc = new Vpc(this, "VPC"); var asg = new AutoScalingGroup(this, "ASG", new AutoScalingGroupProps { Vpc = vpc, InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.MICRO), MachineImage = new AmazonLinuxImage() }); var lb = new LoadBalancer(this, "LB", new LoadBalancerProps { Vpc = vpc, InternetFacing = true, HealthCheck = new Amazon.CDK.AWS.ElasticLoadBalancing.HealthCheck { Port = 80 } }); lb.AddTarget(asg); var listener = lb.AddListener(new LoadBalancerListener { ExternalPort = 80 }); listener.Connections.AllowDefaultPortFromAnyIpv4("Open to the world"); }
public CustomVpc(Construct scope, string id, string cidr) : base(scope, id) { SubnetConfiguration privateSubnetConfig = new SubnetConfiguration { CidrMask = 26, SubnetType = SubnetType.PRIVATE, Name = "privateSubnet" }; SubnetConfiguration publicSubnetConfig = new SubnetConfiguration { CidrMask = 26, SubnetType = SubnetType.PUBLIC, Name = "publicSubnet" }; VpcProps props = new VpcProps { Cidr = cidr, DefaultInstanceTenancy = DefaultInstanceTenancy.DEFAULT, MaxAzs = 99, SubnetConfiguration = new ISubnetConfiguration[] { privateSubnetConfig, publicSubnetConfig }, NatGateways = 99, EnableDnsHostnames = true, EnableDnsSupport = true }; var vpc = new Vpc(this, id + $"{id}-vpc", props); this.Vpc = vpc; }
internal SetDHCPOption(Construct scope, string id, Vpc vpc, DHCPOption dhcpOption, IStackProps props = null) : base(scope, id, props) { var dhcpOptionsAssociation = new CfnVPCDHCPOptionsAssociation(this, id, new CfnVPCDHCPOptionsAssociationProps { VpcId = vpc.VpcId, DhcpOptionsId = dhcpOption.DhcpOptions.Ref }); }
public ApplicationLoadBalancerStack(Construct parent, string id, IStackProps props) : base(parent, id, props) { var vpc = new Vpc(this, "VPC"); var asg = new AutoScalingGroup(this, "ASG", new AutoScalingGroupProps { Vpc = vpc, InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.MICRO), MachineImage = new AmazonLinuxImage() }); var lb = new Amazon.CDK.AWS.ElasticLoadBalancingV2.ApplicationLoadBalancer(this, "LB", new ApplicationLoadBalancerProps { Vpc = vpc, InternetFacing = true }); var listener = lb.AddListener("Listener", new BaseApplicationListenerProps { Port = 80 }); listener.AddTargets("Target", new AddApplicationTargetsProps { Port = 80, Targets = new IApplicationLoadBalancerTarget[] { asg } }); listener.Connections.AllowDefaultPortFromAnyIpv4("Open to the world"); asg.ScaleOnRequestCount("AModestLoad", new RequestCountScalingProps { TargetRequestsPerSecond = 1 }); }
public TodoInfraStack(Construct parent, string id, IStackProps props) : base(parent, id, props) { IVpc todoVpc = new Vpc(this, Constants.VPC_NAME, new VpcProps { Cidr = Constants.CIDR_RANGE, MaxAzs = 4 }); # region ECS-taskdefinition-service
public VpcData( Vpc vpc, Subnet privateSubnet0, Subnet privateSubnet1, Subnet publicSubnet0, Subnet publicSubnet1) { }
internal DHCPOption(Construct scope, string id, CfnMicrosoftAD directory, Vpc vpc, IStackProps props = null) : base(scope, id, props) { DhcpOptions = new CfnDHCPOptions(this, id, new CfnDHCPOptionsProps { DomainName = directory.Name, DomainNameServers = new string[] { Fn.ImportValue("mad-dns1"), Fn.ImportValue("mad-dns2") }, NtpServers = new[] { "169.254.169.123" } }); }
public NetworkStack(Construct parent, string id) : base(parent, id) { this.vpc = new Vpc(this, "VPC", new VpcProps { NatGateways = 1, MaxAzs = 2 }); }
public VirtualNetwork(AwsObjectRetriever awsObjectRetriever, Vpc sourceVpc) { _Source = sourceVpc; foreach (Amazon.EC2.Model.Subnet amazonSubnet in awsObjectRetriever.GetSubnets(this.Id)) { Subnet sourceSubnet = new Subnet(awsObjectRetriever, amazonSubnet); _Subnets.Add(sourceSubnet); } }
private async Task DeleteVpc(Vpc vpc) { _context.Logger.WriteLine($"DeleteVpc: {vpc.CidrBlock} Id: {vpc.VpcId}"); var request = new DeleteVpcRequest { VpcId = vpc.VpcId }; await _client.DeleteVpcAsync(request); }
public CreateVpcModelWorkItemImpl NewCreateVpcModelWorkItem(Package pkg, Vpc vpc, bool enableDnsSupport, bool enableDnsHostnames) { CreateVpcModelWorkItemImpl workItem = new CreateVpcModelWorkItemImpl(); workItem.Pkg = pkg; workItem.Vpc = vpc; workItem.EnableDnsSupport = enableDnsSupport; workItem.EnableDnsHostnames = enableDnsHostnames; return(workItem); }
public static SecurityGroup CreateHostToRDS(Constructs.Construct construct, Vpc vpc, string name, string description, SecurityGroup elbSecurityGroup) { var ports = new Port[] { new Port(Utils.Ports.GetPortProps(3306, 3306, "MySQL/Auora")) }; var sg = CreatePeer(construct, vpc, name, description, elbSecurityGroup, ports); return(sg); }
internal CdkFargateStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { var vpc = new Vpc(this, "SatellytesVpc", new VpcProps { Cidr = "10.0.0.0/16", MaxAzs = 1, SubnetConfiguration = new[] { new SubnetConfiguration() { Name = "Satellytes/public", SubnetType = SubnetType.PUBLIC, } }, }); var cluster = new Cluster(this, "SatellytesCluster", new ClusterProps { Vpc = vpc, }); var taskDefinition = new TaskDefinition(this, "SatellytesWebTask", new TaskDefinitionProps { TaskRole = Role.FromRoleArn(this, "taskRole", "arn:aws:iam::576853867587:role/ecsTaskExecutionRole", new FromRoleArnOptions() { Mutable = false }), ExecutionRole = Role.FromRoleArn(this, "taskExecutionRole", "arn:aws:iam::576853867587:role/ecsTaskExecutionRole", new FromRoleArnOptions() { Mutable = false }), Compatibility = Compatibility.FARGATE, Cpu = "256", MemoryMiB = "512", }); var inboundSecurityGrp = new SecurityGroup(this, "satellytesSecurityGrpInboundInet", new SecurityGroupProps { Vpc = vpc }); inboundSecurityGrp.AddIngressRule(Peer.AnyIpv4(), Port.Tcp(8080), "inbound http"); taskDefinition.AddContainer("satellytesWebImage", new ContainerDefinitionProps { Image = ContainerImage.FromEcrRepository(Repository.FromRepositoryName(this, "repo", "satellytes-website/backend"), "1cfb651f73fcd20895fc44c06f7bb180ca0e8322"), }); new FargateService(this, "SatellytesWebService", new FargateServiceProps { Cluster = cluster, TaskDefinition = taskDefinition, VpcSubnets = new SubnetSelection { SubnetType = SubnetType.PUBLIC }, AssignPublicIp = true, }); }
private Function CreateTitlesSynchrnisationLambda(Vpc vpc, IBucket lambdaBucket) { return(new Function(this, "dev-titles-synchronisation-lambda", new FunctionProps { Runtime = Runtime.DOTNET_CORE_2_1, Handler = "S3BackupFunction::S3BackupFunction.Function::FunctionHandler", Code = Code.FromBucket(lambdaBucket, "S3BackupFunction.zip"), Timeout = Duration.Seconds(30), Vpc = vpc, })); }
private Vpc CreateVpc() { var vpc = new Vpc(this, "vpc-dev-aws-sandbox", new VpcProps { MaxAzs = 3, }); vpc.AddInterfaceEndpoint("ecr-docker-endpoint", new InterfaceVpcEndpointOptions { Service = InterfaceVpcEndpointAwsService.ECR_DOCKER, }); vpc.AddInterfaceEndpoint("ecr-endpoint", new InterfaceVpcEndpointOptions { Service = InterfaceVpcEndpointAwsService.ECR, }); vpc.AddInterfaceEndpoint("ecs-endpoint", new InterfaceVpcEndpointOptions { Service = InterfaceVpcEndpointAwsService.ECS, }); vpc.AddInterfaceEndpoint("ecs-agent-endpoint", new InterfaceVpcEndpointOptions { Service = InterfaceVpcEndpointAwsService.ECS_AGENT, }); vpc.AddInterfaceEndpoint("ecs-telemetry-endpoint", new InterfaceVpcEndpointOptions { Service = InterfaceVpcEndpointAwsService.ECS_TELEMETRY, }); vpc.AddInterfaceEndpoint("sqs-endpoint", new InterfaceVpcEndpointOptions { Service = InterfaceVpcEndpointAwsService.SQS, }); vpc.AddInterfaceEndpoint("cloudwatch-logs-endpoint", new InterfaceVpcEndpointOptions { Service = InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS, }); vpc.AddGatewayEndpoint("s3-endpoint", new GatewayVpcEndpointOptions { Service = GatewayVpcEndpointAwsService.S3, }); vpc.AddGatewayEndpoint("dynamo-endpoint", new GatewayVpcEndpointOptions { Service = GatewayVpcEndpointAwsService.DYNAMODB, }); return(vpc); }
internal Stack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { //setup the image var asset = new DockerImageAsset(this, $"{Config.AppName}Image", new DockerImageAssetProps { Directory = Path.Combine(System.Environment.CurrentDirectory, "api"), }); //Create the Fargate service var vpc = Vpc.FromLookup( this, "sandbox", new VpcLookupOptions { VpcName = "sandbox_vpc" } ); var cluster = new Cluster(this, $"{Config.AppName}Cluster", new ClusterProps { Vpc = vpc }); var applicationDomain = $"{Config.ApplicationSubdomain}.{Config.DomainName}"; var hostedZone = HostedZone.FromLookup( this, "HostedZone", new HostedZoneProviderProps { DomainName = $"{Config.DomainName}.", PrivateZone = false } ); // Create a load-balanced Fargate service and make it public var fargateService = new ApplicationLoadBalancedFargateService(this, $"{Config.AppName}Service", new ApplicationLoadBalancedFargateServiceProps { Cluster = cluster, // Required DesiredCount = 1, // Default is 1 TaskImageOptions = new ApplicationLoadBalancedTaskImageOptions { Image = ContainerImage.FromDockerImageAsset(asset) }, MemoryLimitMiB = 1024, // Default is 256 PublicLoadBalancer = true, // Default is false DomainName = applicationDomain, DomainZone = hostedZone, } ); new CfnOutput( this, "Route53Url", new CfnOutputProps { Value = applicationDomain, Description = "Nice Route53 Url" } ); }
public VpcSettings(Vpc vpc, params Subnet[] subnets) { SubnetIds = new List <object>(); VpcId = new ReferenceProperty(vpc); foreach (var subnet in subnets) { this.SubnetIds.Add(new ReferenceProperty(subnet)); } }
public DhcpOptions(object domainName, Vpc vpc, FnJoin dnsServers, FnJoin netBiosNameServers) : base(ResourceType.DhcpOptions) { if (domainName != null) { this.DomainName = domainName; } this.Vpc = vpc; this.DomainNameServers = dnsServers; this.NetbiosNameServers = netBiosNameServers; }
public static SecurityGroup CreatePeer(Constructs.Construct construct, Vpc vpc, string name, string description, SecurityGroup peer, Port[] ports) { var sg = CreateHostSG(construct, vpc, name, description); foreach (var port in ports) { sg.AddIngressRule(peer, port); } return(sg); }
private (Subnet Subnet, RouteTable RouteTable) AddSubnet( string vpcResourceName, Vpc vpc, string type, string availabilityZone, int subnetNumber, int cidrBlockSegment, int cidrPartition) { var name = $"{vpcResourceName}-{type}-{subnetNumber}"; var subnet = new Subnet( name, new SubnetArgs { CidrBlock = $"10.{cidrBlockSegment}.{cidrPartition}.0/18", AvailabilityZone = availabilityZone, VpcId = vpc.Id, Tags = new InputMap <string> { { "Name", $"{name}" }, { "pulumi:ResourceName", name } } }, new CustomResourceOptions { Parent = vpc }); var routeTable = new RouteTable( name, new RouteTableArgs { VpcId = vpc.Id, }, new CustomResourceOptions { Parent = subnet }); new RouteTableAssociation( name, new RouteTableAssociationArgs { RouteTableId = routeTable.Id, SubnetId = subnet.Id }, new CustomResourceOptions { Parent = subnet }); return(subnet, routeTable); }
public DatabaseStack(Construct scope, string name, Vpc vpc, StackProps props = null) : base(scope, $"database-{name}", props) { // pricing - rds // 750 horas de uso de instâncias db.t2.micro Single-AZ do Amazon RDS para execução de // MySQL, MariaDB, PostgreSQL, Oracle BYOL ou SQL Server(executando SQL Server Express Edition) // // 20 GB de armazenamento de banco de dados de SSD // // 20 GB de armazenamento de backup para seus backups de banco de dados automatizados e // quaisquer snapshots de banco de dados iniciados por usuário // // pricing - secret manager // 0,40 USD por segredo por mês. No caso de segredos armazenados por menos de um mês, // o preço é pro-rata (com base no número de horas). // 0,05 USD por 10.000 chamadas de API. var secret = new Secret(this, $"database-{name}-secret", new SecretProps() { Description = $"Database {name} password", SecretName = $"database-{name}-secret" }); var databaseSecret = new DatabaseSecret(this, $"database-{name}-databasesecret", new DatabaseSecretProps() { Username = "******", MasterSecret = secret, ExcludeCharacters = "{}[]()'\"/\\" }); _databaseInstance = new DatabaseInstance(this, $"database-{name}-cluster", new DatabaseInstanceProps() { InstanceIdentifier = name + "-instance", DatabaseName = name, Credentials = Credentials.FromSecret(databaseSecret), Engine = DatabaseInstanceEngine.Mysql(new MySqlInstanceEngineProps() { Version = MysqlEngineVersion.VER_8_0_21 }), InstanceType = new InstanceType("t2.micro"), Vpc = vpc, VpcSubnets = new SubnetSelection() { SubnetType = SubnetType.ISOLATED } }); _databaseInstance.AddRotationSingleUser(new RotationSingleUserOptions() { AutomaticallyAfter = Duration.Days(7), ExcludeCharacters = "!@#$%^&*" }); }