public MyWidgetServiceStack(Construct parent, string id, IStackProps props) : base(parent, id, props)
{
var bucket = new Bucket(this, "WidgetStore", null);
var handler = new Function(this, "WidgetHandler", new FunctionProps {
Runtime = Runtime.NODEJS_8_10,
Code = AssetCode.Asset("src/MyWidgetService/resources"),
Handler = "widgets.main",
Environment = new Dictionary <string, object> {
{ "BUCKET", bucket.BucketName }
}
});
bucket.GrantReadWrite(handler, null);
var api = new RestApi(this, "widgets-api", new RestApiProps {
RestApiName = "Widget Service",
Description = "This service serves widgets"
});
var getWidgetsIntegration = new LambdaIntegration(handler, new LambdaIntegrationOptions {
RequestTemplates = new Dictionary <string, string> {
{ "application/json", "{ 'statusCode', '200'}" }
},
});
api.Root.AddMethod("GET", getWidgetsIntegration, null);
var widget = api.Root.AddResource("{id}", null);
var postWidgetIntegration = new LambdaIntegration(handler, null);
var getWidgetIntegration = new LambdaIntegration(handler, null);
var deleteWidgetIntegration = new LambdaIntegration(handler, null);
widget.AddMethod("POST", postWidgetIntegration, null);
widget.AddMethod("GET", getWidgetIntegration, null);
widget.AddMethod("DELETE", deleteWidgetIntegration, null);
}
public Asset(AssetCollection file, AssetCode classID, byte[] data)
{
AssetsFile = file;
ClassID = classID;
Data = data;
}
internal AppStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
// 面倒くさいのでスタックは分けない。
var vpc = new Vpc(this, "Vpc");
var efs = new EFS.FileSystem(this, "Efs", new EFS.FileSystemProps()
{
Vpc = vpc,
});
var efsUser = new PosixUser()
{
Gid = "1001",
Uid = "1001",
};
var efsCreateAcl = new Acl()
{
OwnerGid = "1001",
OwnerUid = "1001",
Permissions = "755",
};
var efsAccessPoint = new EFS.AccessPoint(this, "EfsAccessPoint", new EFS.AccessPointProps()
{
FileSystem = efs,
// 他の設定そのままで "/" では書き込み権限が得られていなかった。
// CDK上ではなく、NFSマウント後にルートユーザーで権限を操作すればよい。
// (ルートディレクトリは既定でルートユーザーが所有している状態)
// See. https://docs.aws.amazon.com/ja_jp/efs/latest/ug/using-fs.html
// https://docs.aws.amazon.com/ja_jp/efs/latest/ug/accessing-fs-nfs-permissions-per-user-subdirs.html
Path = "/",
// ファイルIOに用いるユーザーとディレクトリ作成時権限の設定は必須である様子。
// CDKが既定のユーザーを構成してくれるようなことはない。
// -> ↑嘘。必要がなければ構成しなくても問題ない。所詮はNFSなので、権限が他のユーザーに解放されているディレクトリは操作できる。はず。
PosixUser = efsUser,
CreateAcl = efsCreateAcl,
});
// Assets
// https://docs.aws.amazon.com/cdk/api/latest/docs/aws-s3-assets-readme.html
// vs
// https://docs.aws.amazon.com/cdk/api/latest/docs/aws-s3-deployment-readme.html
// 静的にS3にファイルを残し、スタックのデプロイ後にDataSyncでEFSに転送するのでDeployment。
var assetBucket = new Bucket(this, "AssetBucket", new BucketProps()
{
});
new BucketDeployment(this, "AssetBucketDeployment", new BucketDeploymentProps()
{
Sources = new ISource[] { Source.Asset("assets") },
DestinationBucket = assetBucket,
});
// https://github.com/shelfio/chrome-aws-lambda-layer
var chromeLayer = new LayerVersion(this, "ChromeLayer", new LayerVersionProps()
{
Code = AssetCode.FromAsset("chrome_aws_lambda.zip"),
CompatibleRuntimes = new Runtime[] { Runtime.NODEJS_12_X }
});
var renderImageBucket = new Bucket(this, "RenderImageBucket", new BucketProps()
{
});
var renderHtmlToS3Function = new Function(this, "RenderHtmlToS3Function", new FunctionProps()
{
Vpc = vpc,
Runtime = Runtime.NODEJS_12_X,
MemorySize = 1024,
Timeout = Duration.Seconds(10),
Code = Code.FromAsset("handlers"),
Handler = "render-html-to-s3.handler",
Environment = new Dictionary <string, string>()
{
["BucketName"] = renderImageBucket.BucketName,
["EfsMountPath"] = "/mnt/efs",
},
Layers = new ILayerVersion[] { chromeLayer },
Filesystem = Lambda.FileSystem.FromEfsAccessPoint(efsAccessPoint, "/mnt/efs"),
});
// VPCやEFSに関してはCDK上の関連から
// セキュリティグループや既定のロールへのインラインポリシーが構成される。
// S3バケットはCDK上の関連はないため明に権限を付与する。
renderImageBucket.GrantReadWrite(renderHtmlToS3Function);
// 踏み台
var bastion = new BastionHostLinux(this, "Bastion", new BastionHostLinuxProps()
{
InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.NANO),
Vpc = vpc,
});
assetBucket.GrantRead(bastion);
// https://docs.aws.amazon.com/cdk/api/latest/docs/aws-efs-readme.html
efs.Connections.AllowDefaultPortFrom(bastion);
bastion.Instance.UserData.AddCommands(
"yum check-update -y", // Ubuntu: apt-get -y update
"yum upgrade -y", // Ubuntu: apt-get -y upgrade
"yum install -y amazon-efs-utils", // Ubuntu: apt-get -y install amazon-efs-utils
"yum install -y nfs-utils", // Ubuntu: apt-get -y install nfs-common
"file_system_id_1=" + efs.FileSystemId,
"efs_mount_point_1=/mnt/efs/fs1",
"mkdir -p \"${efs_mount_point_1}\"",
"test -f \"/sbin/mount.efs\" && echo \"${file_system_id_1}:/ ${efs_mount_point_1} efs defaults,_netdev\" >> /etc/fstab || " +
"echo \"${file_system_id_1}.efs." + Stack.Of(this).Region + ".amazonaws.com:/ ${efs_mount_point_1} nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,_netdev 0 0\" >> /etc/fstab",
"mount -a -t efs,nfs4 defaults",
"chmod go+rw /mnt/efs/fs1"
);
new CfnOutput(this, "BastionInstanceId", new CfnOutputProps()
{
ExportName = "BastionInstanceId",
Value = bastion.InstanceId,
});
new CfnOutput(this, "AssetBucketName", new CfnOutputProps()
{
ExportName = "AssetBucketName",
Value = assetBucket.BucketName,
});
}
public MySearchUtil ToSearchUtil()
{
var util = MySearchUtil.New().OrderByDesc("CreateAt");
if (!string.IsNullOrWhiteSpace(Key))
{
util.AndContains(new[] { "DeptName", "UserName", "Describe", "ServiceManId", "ServiceManName", "AssetCode" }, Key.Trim());
}
if (!string.IsNullOrWhiteSpace(AssetCode))
{
util.AndEqual("AssetCode", AssetCode.Trim());
}
if (!string.IsNullOrEmpty(Type))
{
util.AndEqual("Type", Type.Trim());
}
if (!string.IsNullOrWhiteSpace(State))
{
util.AndEqual("State", State.Trim());
}
if (!string.IsNullOrWhiteSpace(Score))
{
util.AndEqual("Score", Score.Trim());
}
if (ApplyAtStart.HasValue)
{
util.AndGreaterThanEqual("ApplyAt", ApplyAtStart);
}
if (ApplyAtEnd.HasValue)
{
util.AndLessThanEqual("ApplyAt", ApplyAtEnd);
}
if (CompleteAtStart.HasValue)
{
util.AndGreaterThanEqual("CompleteAt", ApplyAtStart);
}
if (CompleteAtEnd.HasValue)
{
util.AndLessThanEqual("CompleteAt", CompleteAtEnd);
}
if (!string.IsNullOrWhiteSpace(ServiceMan))
{
util.AndEqual("ServiceManName", ServiceMan);
}
if (!string.IsNullOrWhiteSpace(UserId))
{
util.AndEqual("UserId", UserId.Trim());
}
return(util);
}
