internal BastionStack(Construct scope, string id, Vpc vpc, string keyPairName, IStackProps props = null) : base(scope, id, props)
{
Role = new Role(this, "ec2-bastion-role", new RoleProps {
AssumedBy = new ServicePrincipal("ec2.amazonaws.com")
});
Role.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName("SecretsManagerReadWrite"));
Bastion = new Instance_(this, id, new InstanceProps
{
InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.MICRO),
MachineImage = new WindowsImage(WindowsVersion.WINDOWS_SERVER_2019_ENGLISH_FULL_BASE),
Vpc = vpc,
UserData = UserData.Custom(Utils.GetResource("bastion_user_data.ps1")),
KeyName = keyPairName,
Role = Role,
VpcSubnets = new SubnetSelection {
SubnetType = SubnetType.PUBLIC
}
});
Bastion.Connections.AllowFromAnyIpv4(Port.Tcp(3389), "Internet access RDP");
new CfnOutput(this, "Bastion Host", new CfnOutputProps {
Value = Bastion.InstancePublicDnsName
});
}
internal TargetInstanceStack(Construct scope, string id, Vpc vpc, string keyPairName, IStackProps props = null) : base(scope, id, props)
{
SecurityGroup = new SecurityGroup(this, "TargetInstance-Security-Group", new SecurityGroupProps
{
Vpc = vpc,
AllowAllOutbound = true,
Description = "TargetInstance-Security-Group",
SecurityGroupName = "secgroup-" + id
});
Role = new Role(this, "ec2-targetinstance-role", new RoleProps
{
AssumedBy = new ServicePrincipal("ec2.amazonaws.com")
});
Role.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName("SecretsManagerReadWrite"));
TargetInstance = new Instance_(this, id, new InstanceProps
{
InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.MICRO),
MachineImage = new WindowsImage(WindowsVersion.WINDOWS_SERVER_2019_ENGLISH_FULL_BASE),
Vpc = vpc,
UserData = UserData.Custom(Utils.GetResource("target_instance_user_data.ps1")),
KeyName = keyPairName,
Role = Role,
VpcSubnets = new SubnetSelection {
SubnetType = SubnetType.PRIVATE
},
SecurityGroup = SecurityGroup
});
SecurityGroup.AddIngressRule(Peer.AnyIpv4(), Port.AllTraffic(), "Allow all trafic in. In production - change this!");
new CfnOutput(this, "target-instance", new CfnOutputProps {
Value = TargetInstance.InstancePrivateIp
});
}
public CdkExampleStack(Construct parent, string id, IStackProps props) : base(parent, id, props)
{
var vpc = new Vpc(this, "MainVPC", new VpcProps
{
Cidr = "192.168.0.0/16"
});
var loadBalancer = new ApplicationLoadBalancer(this, "PublicALB", new ApplicationLoadBalancerProps
{
InternetFacing = true,
Vpc = vpc
});
var listener = loadBalancer.AddListener("MyListener", new ApplicationListenerProps
{
Port = 80
});
var userData = UserData.ForLinux(new LinuxUserDataOptions
{
Shebang = "#!/bin/bash"
});
userData.AddCommands(
"yum update -y",
"yum install httpd -y",
"echo \"Hello World\" >> /var/www/html/index.html",
"service httpd start",
"chkconfig httpd on");
var ec2SG = new SecurityGroup(this, "Ec2SecurityGroup", new SecurityGroupProps
{
Vpc = vpc,
SecurityGroupName = "Ec2SG"
});
ec2SG.Connections.AllowFrom(loadBalancer, Port.Tcp(80), "FROM ALB");
var instanceIds = new List <string>();
for (var ix = 0; ix < vpc.PrivateSubnets.Length; ix++)
{
var instance = new Instance_(this, $"Instance-{ix}", new InstanceProps
{
InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.MICRO),
VpcSubnets = new SubnetSelection()
{
SubnetType = SubnetType.PRIVATE
},
AvailabilityZone = vpc.PrivateSubnets[ix].AvailabilityZone,
Vpc = vpc,
MachineImage = new AmazonLinuxImage(),
UserData = userData,
KeyName = "test-cdk",
SecurityGroup = ec2SG
});
instanceIds.Add(instance.InstanceId);
}
listener.AddTargets("Targets", new AddApplicationTargetsProps
{
Port = 80,
Targets = instanceIds.Select(i => new InstanceIdTarget(i, 80)).ToArray()
});
}
