internal BastionStack(Construct scope, string id, Vpc vpc, string keyPairName, IStackProps props = null) : base(scope, id, props) { Role = new Role(this, "ec2-bastion-role", new RoleProps { AssumedBy = new ServicePrincipal("ec2.amazonaws.com") }); Role.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName("SecretsManagerReadWrite")); Bastion = new Instance_(this, id, new InstanceProps { InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.MICRO), MachineImage = new WindowsImage(WindowsVersion.WINDOWS_SERVER_2019_ENGLISH_FULL_BASE), Vpc = vpc, UserData = UserData.Custom(Utils.GetResource("bastion_user_data.ps1")), KeyName = keyPairName, Role = Role, VpcSubnets = new SubnetSelection { SubnetType = SubnetType.PUBLIC } }); Bastion.Connections.AllowFromAnyIpv4(Port.Tcp(3389), "Internet access RDP"); new CfnOutput(this, "Bastion Host", new CfnOutputProps { Value = Bastion.InstancePublicDnsName }); }
internal TargetInstanceStack(Construct scope, string id, Vpc vpc, string keyPairName, IStackProps props = null) : base(scope, id, props) { SecurityGroup = new SecurityGroup(this, "TargetInstance-Security-Group", new SecurityGroupProps { Vpc = vpc, AllowAllOutbound = true, Description = "TargetInstance-Security-Group", SecurityGroupName = "secgroup-" + id }); Role = new Role(this, "ec2-targetinstance-role", new RoleProps { AssumedBy = new ServicePrincipal("ec2.amazonaws.com") }); Role.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName("SecretsManagerReadWrite")); TargetInstance = new Instance_(this, id, new InstanceProps { InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.MICRO), MachineImage = new WindowsImage(WindowsVersion.WINDOWS_SERVER_2019_ENGLISH_FULL_BASE), Vpc = vpc, UserData = UserData.Custom(Utils.GetResource("target_instance_user_data.ps1")), KeyName = keyPairName, Role = Role, VpcSubnets = new SubnetSelection { SubnetType = SubnetType.PRIVATE }, SecurityGroup = SecurityGroup }); SecurityGroup.AddIngressRule(Peer.AnyIpv4(), Port.AllTraffic(), "Allow all trafic in. In production - change this!"); new CfnOutput(this, "target-instance", new CfnOutputProps { Value = TargetInstance.InstancePrivateIp }); }
public CdkExampleStack(Construct parent, string id, IStackProps props) : base(parent, id, props) { var vpc = new Vpc(this, "MainVPC", new VpcProps { Cidr = "192.168.0.0/16" }); var loadBalancer = new ApplicationLoadBalancer(this, "PublicALB", new ApplicationLoadBalancerProps { InternetFacing = true, Vpc = vpc }); var listener = loadBalancer.AddListener("MyListener", new ApplicationListenerProps { Port = 80 }); var userData = UserData.ForLinux(new LinuxUserDataOptions { Shebang = "#!/bin/bash" }); userData.AddCommands( "yum update -y", "yum install httpd -y", "echo \"Hello World\" >> /var/www/html/index.html", "service httpd start", "chkconfig httpd on"); var ec2SG = new SecurityGroup(this, "Ec2SecurityGroup", new SecurityGroupProps { Vpc = vpc, SecurityGroupName = "Ec2SG" }); ec2SG.Connections.AllowFrom(loadBalancer, Port.Tcp(80), "FROM ALB"); var instanceIds = new List <string>(); for (var ix = 0; ix < vpc.PrivateSubnets.Length; ix++) { var instance = new Instance_(this, $"Instance-{ix}", new InstanceProps { InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.MICRO), VpcSubnets = new SubnetSelection() { SubnetType = SubnetType.PRIVATE }, AvailabilityZone = vpc.PrivateSubnets[ix].AvailabilityZone, Vpc = vpc, MachineImage = new AmazonLinuxImage(), UserData = userData, KeyName = "test-cdk", SecurityGroup = ec2SG }); instanceIds.Add(instance.InstanceId); } listener.AddTargets("Targets", new AddApplicationTargetsProps { Port = 80, Targets = instanceIds.Select(i => new InstanceIdTarget(i, 80)).ToArray() }); }