public static FargateTaskDefinition CreateTaskDefinition1(Construct scope) { var repo = CreateDockerContainerImage(scope); var taskDefinition = new FargateTaskDefinition(scope, "DownloadAccuzipFileTaskDefinition", new FargateTaskDefinitionProps() { MemoryLimitMiB = 2048, }); taskDefinition.AddContainer(Config.ECR_REPO_NAME, new ContainerDefinitionProps() { MemoryLimitMiB = 2048, Image = ContainerImage.FromEcrRepository(repo), Logging = new AwsLogDriver(new AwsLogDriverProps() { StreamPrefix = "dmappresort" }) }); var policyStatement = new Amazon.CDK.AWS.IAM.PolicyStatement(); policyStatement.AddAllResources(); policyStatement.AddActions(new string[] { "s3:*" }); taskDefinition.AddToTaskRolePolicy(policyStatement); return(taskDefinition); }
private void ConfigureTaskDefinition(IRecipeProps <Configuration> props) { var settings = props.Settings; AppTaskDefinition = new FargateTaskDefinition(this, nameof(AppTaskDefinition), InvokeCustomizeCDKPropsEvent(nameof(AppTaskDefinition), this, new FargateTaskDefinitionProps { TaskRole = AppIAMTaskRole, Cpu = settings.TaskCpu, MemoryLimitMiB = settings.TaskMemory })); AppLogging = new AwsLogDriver(InvokeCustomizeCDKPropsEvent(nameof(AppLogging), this, new AwsLogDriverProps { StreamPrefix = props.StackName })); if (string.IsNullOrEmpty(props.ECRRepositoryName)) { throw new InvalidOrMissingConfigurationException("The provided ECR Repository Name is null or empty."); } var ecrRepository = Repository.FromRepositoryName(this, "ECRRepository", props.ECRRepositoryName); AppContainerDefinition = new ContainerDefinitionOptions { Image = ContainerImage.FromEcrRepository(ecrRepository, props.ECRImageTag), Logging = AppLogging }; AppTaskDefinition.AddContainer(nameof(AppContainerDefinition), InvokeCustomizeCDKPropsEvent(nameof(AppContainerDefinition), this, AppContainerDefinition)); }
public FargateStack(Construct scope, string id, FargateStackProps props = null) : base(scope, id, props) { var cluster = new Cluster(this, "WhatDayOfWeekCluster", new ClusterProps { Vpc = props.Vpc }); var logging = new AwsLogDriver(new AwsLogDriverProps() { StreamPrefix = "WhatDayOfWeek", LogRetention = Amazon.CDK.AWS.Logs.RetentionDays.ONE_DAY }); //container /* * var repo = Repository.FromRepositoryName(this, "myrepo","MyRepositoryName"); * * var containerOptions = new ContainerDefinitionOptions * { * Image = ContainerImage.FromEcrRepository(repo) * }; */ // to build the container image from the app in the local folder, replace lines 29-35 with //var rootDirectory = Directory.GetCurrentDirectory(); //var path = Path.GetFullPath(Path.Combine(rootDirectory, @"App/WhatDayOfWeek")); var containerOptions = new ContainerDefinitionOptions { Image = ContainerImage.FromAsset(@"App/WhatDayOfWeek"), Logging = logging }; var portMapping = new PortMapping() { ContainerPort = 80, HostPort = 80 }; var taskDef = new FargateTaskDefinition(this, "WhatDayOfWeekTaskDefinition"); taskDef.AddContainer("WhatDayOfWeekContainer", containerOptions).AddPortMappings(portMapping); var serviceProps = new ApplicationLoadBalancedFargateServiceProps() { ServiceName = "WhatDayOfWeekService", MemoryLimitMiB = 512, Cpu = 256, TaskDefinition = taskDef, Cluster = cluster }; ApplicationLoadBalancedFargateService service = new ApplicationLoadBalancedFargateService(this, "WhatDayOfWeekService", serviceProps); }
public ContainersStack(Construct parent, string id, IStackProps props) : base(parent, id, props) { var vpc = Vpc.FromLookup(this, id = "DefaultVpc", new VpcLookupOptions { IsDefault = true }); if (vpc == null) { throw new System.NullReferenceException($"Unable to determine default VPC in region {this.Region}"); } var cluster = new Cluster(this, "Cluster", new ClusterProps { Vpc = vpc }); var taskDef = new FargateTaskDefinition(this, "FargateTaskDefinition"); var currentDir = Directory.GetCurrentDirectory(); var path = Path.GetFullPath(Path.Combine(currentDir, @"dotnetapp/")); var containerOptions = new ContainerDefinitionOptions { Image = ContainerImage.FromAsset("dotnetapp") }; var portMapping = new PortMapping() { ContainerPort = 80, HostPort = 80 }; taskDef.AddContainer("Container", containerOptions).AddPortMappings(portMapping); var serviceProps = new ApplicationLoadBalancedFargateServiceProps() { MemoryLimitMiB = 512, Cpu = 256, TaskDefinition = taskDef }; ApplicationLoadBalancedFargateService service = new ApplicationLoadBalancedFargateService(this, "DotnetFargateApp", serviceProps); }
internal FargateStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { // Create VPC var vpc = new Vpc(this, "SampleVpc", new VpcProps { MaxAzs = 2 }); // Create ECS cluster var cluster = new Cluster(this, "SampleCluster", new ClusterProps { Vpc = vpc }); var taskDef = new FargateTaskDefinition(this, "FargateTaskDefinition"); // Build container image from local assets var containerOptions = new ContainerDefinitionOptions { Image = ContainerImage.FromAsset("webapp") }; var portMapping = new PortMapping() { ContainerPort = 80, HostPort = 80 }; taskDef .AddContainer("Container", containerOptions) .AddPortMappings(portMapping); // Create Fargate Service behind Application Load Balancer new ApplicationLoadBalancedFargateService(this, "DotnetFargateSampleApp", new ApplicationLoadBalancedFargateServiceProps() { Cluster = cluster, MemoryLimitMiB = 512, Cpu = 256, TaskDefinition = taskDef }); }
public ContainersStack(Construct parent, string id, IStackProps props) : base(parent, id, props) { // The code that defines your stack goes here var vpc = new Vpc(this, "VPC"); var cluster = new Cluster(this, "Cluster", new ClusterProps { Vpc = vpc }); var taskDef = new FargateTaskDefinition(this, "FargateTaskDefinition"); var rootDirectory = Directory.GetCurrentDirectory(); var path = Path.GetFullPath(Path.Combine(rootDirectory, @"dotnetapp/")); var containerOptions = new ContainerDefinitionOptions { Image = ContainerImage.FromAsset("dotnetapp") }; var portMapping = new PortMapping() { ContainerPort = 80, HostPort = 80 }; taskDef.AddContainer("Container", containerOptions).AddPortMappings(portMapping); var serviceProps = new ApplicationLoadBalancedFargateServiceProps() { MemoryLimitMiB = 512, Cpu = 256, TaskDefinition = taskDef }; ApplicationLoadBalancedFargateService service = new ApplicationLoadBalancedFargateService(this, "DotnetFargateApp", serviceProps); }
internal Example3Stack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { var vpcStack = new VpcStack(this, "someTestVpc"); var cluster = new Cluster(this, "WhatDayOfWeekCluster", new ClusterProps { Vpc = vpcStack.Vpc }); var taskDef = new FargateTaskDefinition(this, "WhatDayOfWeekTaskDefinition"); var rootDirectory = Directory.GetCurrentDirectory(); var path = Path.GetFullPath(Path.Combine(rootDirectory, @"App/WhatDayOfWeek")); var containerOptions = new ContainerDefinitionOptions { Image = ContainerImage.FromAsset("App/WhatDayOfWeek") }; var portMapping = new PortMapping() { ContainerPort = 80, HostPort = 80 }; taskDef.AddContainer("WhatDayOfWeekContainer", containerOptions).AddPortMappings(portMapping); var serviceProps = new ApplicationLoadBalancedFargateServiceProps() { MemoryLimitMiB = 512, Cpu = 256, TaskDefinition = taskDef }; ApplicationLoadBalancedFargateService service = new ApplicationLoadBalancedFargateService(this, "WhatDayOfWeekApp", serviceProps); }
private void ConfigureECSClusterAndService(IRecipeProps <Configuration> recipeConfiguration) { if (AppVpc == null) { throw new InvalidOperationException($"{nameof(AppVpc)} has not been set. The {nameof(ConfigureVpc)} method should be called before {nameof(ConfigureECSClusterAndService)}"); } var settings = recipeConfiguration.Settings; if (settings.ECSCluster.CreateNew) { EcsCluster = new Cluster(this, nameof(EcsCluster), InvokeCustomizeCDKPropsEvent(nameof(EcsCluster), this, new ClusterProps { Vpc = AppVpc, ClusterName = settings.ECSCluster.NewClusterName })); } else { EcsCluster = Cluster.FromClusterAttributes(this, nameof(EcsCluster), InvokeCustomizeCDKPropsEvent(nameof(EcsCluster), this, new ClusterAttributes { ClusterArn = settings.ECSCluster.ClusterArn, ClusterName = ECSFargateUtilities.GetClusterNameFromArn(settings.ECSCluster.ClusterArn), SecurityGroups = new ISecurityGroup[0], Vpc = AppVpc })); } AppTaskDefinition = new FargateTaskDefinition(this, nameof(AppTaskDefinition), InvokeCustomizeCDKPropsEvent(nameof(AppTaskDefinition), this, new FargateTaskDefinitionProps { TaskRole = AppIAMTaskRole, Cpu = settings.TaskCpu, MemoryLimitMiB = settings.TaskMemory })); AppLogging = new AwsLogDriver(InvokeCustomizeCDKPropsEvent(nameof(AppLogging), this, new AwsLogDriverProps { StreamPrefix = recipeConfiguration.StackName })); if (string.IsNullOrEmpty(recipeConfiguration.ECRRepositoryName)) { throw new InvalidOrMissingConfigurationException("The provided ECR Repository Name is null or empty."); } EcrRepository = Repository.FromRepositoryName(this, nameof(EcrRepository), recipeConfiguration.ECRRepositoryName); AppContainerDefinition = AppTaskDefinition.AddContainer(nameof(AppContainerDefinition), InvokeCustomizeCDKPropsEvent(nameof(AppContainerDefinition), this, new ContainerDefinitionOptions { Image = ContainerImage.FromEcrRepository(EcrRepository, recipeConfiguration.ECRImageTag), Logging = AppLogging })); AppContainerDefinition.AddPortMappings(new PortMapping { ContainerPort = 80, Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP }); WebAccessSecurityGroup = new SecurityGroup(this, nameof(WebAccessSecurityGroup), InvokeCustomizeCDKPropsEvent(nameof(WebAccessSecurityGroup), this, new SecurityGroupProps { Vpc = AppVpc, SecurityGroupName = $"{recipeConfiguration.StackName}-ECSService" })); EcsServiceSecurityGroups = new List <ISecurityGroup>(); EcsServiceSecurityGroups.Add(WebAccessSecurityGroup); if (!string.IsNullOrEmpty(settings.AdditionalECSServiceSecurityGroups)) { var count = 1; foreach (var securityGroupId in settings.AdditionalECSServiceSecurityGroups.Split(',')) { EcsServiceSecurityGroups.Add(SecurityGroup.FromSecurityGroupId(this, $"AdditionalGroup-{count++}", securityGroupId.Trim(), new SecurityGroupImportOptions { Mutable = false })); } } AppFargateService = new FargateService(this, nameof(AppFargateService), InvokeCustomizeCDKPropsEvent(nameof(AppFargateService), this, new FargateServiceProps { Cluster = EcsCluster, TaskDefinition = AppTaskDefinition, DesiredCount = settings.DesiredCount, ServiceName = settings.ECSServiceName, AssignPublicIp = settings.Vpc.IsDefault, SecurityGroups = EcsServiceSecurityGroups.ToArray() })); }
internal StepFunctionDemoStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { Bucket stepFunctionDemoBucket = new Bucket(this, "StepFunctionDemoBucket", new BucketProps { Encryption = BucketEncryption.S3_MANAGED, RemovalPolicy = RemovalPolicy.RETAIN }); Table stepFunctionDemoTable = new Table(this, "StepFunctionDemoTable", new TableProps { BillingMode = BillingMode.PROVISIONED, PartitionKey = new Amazon.CDK.AWS.DynamoDB.Attribute { Name = "Id", Type = AttributeType.STRING }, RemovalPolicy = RemovalPolicy.DESTROY }); //Step Function invoking Lambda function Function invokeOddEvenStepFunction = new Function(this, "InvokeOddEvenStepFunction", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::InvokeOddEvenStepFunction", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Lambda Function that invokes the Demo Step Function", }); //Function to calculate Odd or Even Function oddOrEvenFunction = new Function(this, "OddOrEvenFunction", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::OddOrEvenFunction", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Lambda Function that calculates odd or even", }); //Demo Lambda to perform Process 1 Function process1Function = new Function(this, "Process1Function", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::Process1Function", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Demo Lambda Function that runs process1", }); Function processAFunction = new Function(this, "ProcessAFunction", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::Process1Function", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Demo Lambda Function that runs process1", }); //Demo Lambda to perform Process 2 Function process2Function = new Function(this, "Process2Function", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::Process2Function", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Demo Lambda Function that runs process2", }); //Demo Lambda to perform Process 1 Function process11Function = new Function(this, "Process11Function", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::Process11Function", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Demo Lambda Function that runs job process1", }); //Demo Lambda to perform Process 2 Function process12Function = new Function(this, "Process12Function", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::Process12Function", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Demo Lambda Function that runs job process2", }); Function taskTokenExecutorFunction = new Function(this, "TaskTokenExecutorFunction", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::TaskTokenExecutor", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Demo Lambda Function that executes Task Token Step", Environment = new Dictionary <string, string>() { ["STEP_FUNCTION_DEMO_BUCKET"] = stepFunctionDemoBucket.BucketName } }); stepFunctionDemoBucket.GrantReadWrite(taskTokenExecutorFunction); var oddEvenFunction = new Task(this, "OddEvenFunction", new TaskProps { Task = new InvokeFunction(oddOrEvenFunction.LatestVersion) }); var process1 = new Task(this, "Process1", new TaskProps { Task = new InvokeFunction(process1Function.LatestVersion) }); var processA = new Task(this, "ProcessA", new TaskProps { Task = new InvokeFunction(processAFunction.LatestVersion) }); var process2 = new Task(this, "Process2", new TaskProps { Task = new InvokeFunction(process2Function.LatestVersion) }); var process11 = new Task(this, "Process11", new TaskProps { Task = new InvokeFunction(process11Function.LatestVersion), ResultPath = "$.Resolved" }); var process12 = new Task(this, "Process12", new TaskProps { Task = new InvokeFunction(process12Function.LatestVersion) }); var taskTokenExecutor = new Task(this, "TaskTokenExecutor", new TaskProps { Task = new RunLambdaTask(taskTokenExecutorFunction.LatestVersion, new RunLambdaTaskProps() { IntegrationPattern = ServiceIntegrationPattern.WAIT_FOR_TASK_TOKEN, Payload = TaskInput.FromContextAt("$$.Task.Token") }), Parameters = new Dictionary <string, object> { ["Payload"] = new Dictionary <string, object> { ["TaskToken.$"] = "$$.Task.Token", ["State.$"] = "$" } } }); //Choice to go to Process 1 or Process 2 based on input number is odd or even. var isEven = new Choice(this, "Is the number Even?"); var isResolvedOrOverriden = new Choice(this, "Is Resolved Or Overriden?"); //var chain1 = Chain.Start(oddEvenFunction) // .Next(isEven // .When( // Condition.StringEquals("$.Result", "Even"), // Chain.Start(process1) // .Next(process11) // .Next(isResolvedOrOverriden // .When( // Condition.Or( // new[] // { // Condition.BooleanEquals("$.Resolved", true), // Condition.BooleanEquals("$.Override", true) // }), process12) // .Otherwise(process2))) // .When(Condition.StringEquals("$.Result", "Odd"), process2)); var chain1 = Chain.Start(oddEvenFunction) .Next(isEven .When( Condition.StringEquals("$.Result", "Even"), Chain.Start(process1) .Next(taskTokenExecutor) .Next(isResolvedOrOverriden .When( Condition.Or( new[] { Condition.BooleanEquals("$.Resolved", true), Condition.BooleanEquals("$.Override", true) }), process12) .Otherwise(process2))) .When(Condition.StringEquals("$.Result", "Odd"), process2)); //State Machine var stateMachine = new StateMachine(this, "JobDemoStateMachine", new StateMachineProps { StateMachineName = "JobDemoStateMachine", Timeout = Duration.Minutes(5), Definition = chain1 }); stateMachine.Role?.AddManagedPolicy(ManagedPolicy.FromManagedPolicyArn(this, "DynamoDBFullAccessForStepFunction", "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess")); stateMachine.Role?.AddManagedPolicy(ManagedPolicy.FromManagedPolicyArn(this, "LambdaFullAccessForStepFunction", "arn:aws:iam::aws:policy/AWSLambdaFullAccess")); var demofargateTask1 = new FargateTaskDefinition(this, "demoECSTask1Definition", new FargateTaskDefinitionProps { MemoryLimitMiB = 4096, Cpu = 2048 }); var demofargateTask2 = new FargateTaskDefinition(this, "demoECSTask2Definition", new FargateTaskDefinitionProps { MemoryLimitMiB = 4096, Cpu = 2048 }); stepFunctionDemoBucket.GrantReadWrite(demofargateTask2.TaskRole); IVpc publicVpc = Vpc.FromLookup(this, "PublicVPC", new VpcLookupOptions { Tags = new Dictionary <string, string> { ["Paces:VpcType"] = "Public" } }); var cluster = Cluster.FromClusterAttributes(this, "PublicCluster", new ClusterAttributes { ClusterName = "OHC-PACES", Vpc = publicVpc, SecurityGroups = new[] { SecurityGroup.FromSecurityGroupId(this, "SecurityGroup", "sg-0a1bab8166d8fb715") } }); var container1 = demofargateTask1.AddContainer("app", new ContainerDefinitionOptions { Image = ContainerImage.FromAsset(".", new AssetImageProps { File = "Dockerfile" }), Logging = LogDriver.AwsLogs(new AwsLogDriverProps { LogGroup = new LogGroup(this, "demoECSTask1LogGroup", new LogGroupProps { LogGroupName = "/ecs/demoECSTask1-" + RandomString.Generate(10, StackId), }), StreamPrefix = "logs" }), }); var container2 = demofargateTask2.AddContainer("app", new ContainerDefinitionOptions { Image = ContainerImage.FromAsset(".", new AssetImageProps { File = "Dockerfile.1" }), Environment = new Dictionary <string, string> { ["STEP_FUNCTION_DEMO_BUCKET"] = stepFunctionDemoBucket.BucketName }, Logging = LogDriver.AwsLogs(new AwsLogDriverProps { LogGroup = new LogGroup(this, "demoECSTask2LogGroup", new LogGroupProps { LogGroupName = $"/ecs/demoECSTask2-{RandomString.Generate(10, StackId)}", }), StreamPrefix = "logs" }) }); Rule rule = new Rule(this, "DemoJobRule", new RuleProps { Schedule = Schedule.Cron(new CronOptions { Day = "*", Hour = "*", Minute = "1", Month = "*", Year = "*" }), Description = "Runs demo job fargate task", Targets = new IRuleTarget[] { new EcsTask( new EcsTaskProps { Cluster = cluster, TaskDefinition = demofargateTask2, SubnetSelection = new SubnetSelection { OnePerAz = true } }) } }); //var ecsTask1 = new Task(this, "ecsTask1", new TaskProps //{ // InputPath = "$", // Task = new CustomTask(new RunEcsFargateTaskProps // { // Cluster = Cluster.FromClusterAttributes(this, "PublicCluster", new ClusterAttributes // { // ClusterName = "OHC-PACES", // Vpc = publicVpc, // SecurityGroups = new[] { SecurityGroup.FromSecurityGroupId(this, "SecurityGroup", "sg-0a1bab8166d8fb715") } // }), // TaskDefinition = fargateTask1, // ContainerOverrides = new[] // { // new ContainerOverride // { // ContainerDefinition = container, // Command = new []{"$.Data"} // }, // } // }) //}); var ecsTask1 = new Task(this, "EcsTask1", new TaskProps { InputPath = "$", Task = new RunEcsFargateTask(new RunEcsFargateTaskProps { Cluster = cluster, TaskDefinition = demofargateTask1, //ContainerOverrides = new[] //{ // new ContainerOverride // { // ContainerDefinition = container, // // }, //} }), Parameters = new Dictionary <string, object> { ["Overrides"] = new Dictionary <string, object> { ["ContainerOverrides"] = new Dictionary <string, string>[] { new Dictionary <string, string> { ["Name"] = "app", ["Command.$"] = "$.ECSPayload" } } } } }); var chain2 = Chain.Start(processA).Next(ecsTask1); var stateMachineWithTask = new StateMachine(this, "JobDemoStateMachine-1", new StateMachineProps { StateMachineName = "JobDemoStateMachine-1", Timeout = Duration.Minutes(15), Definition = chain2, Role = Role.FromRoleArn(this, "StateMachineWithTaskRole", "arn:aws:iam::342600918501:role/service-role/PacesEdi274DefaultStateMachineRole") }); //All Policies // 1. Invoke function policies invokeOddEvenStepFunction.Role?.AddManagedPolicy(ManagedPolicy.FromManagedPolicyArn(this, "InvokeLambdaPolicy", "arn:aws:iam::aws:policy/AWSLambdaFullAccess")); var policyStatement = new PolicyStatement { Sid = "CanInvokeStepFunctions", Effect = Effect.ALLOW }; policyStatement.AddActions(new[] { "states:StartExecution" }); invokeOddEvenStepFunction.AddToRolePolicy(policyStatement); policyStatement.AddResources(stateMachine.StateMachineArn); invokeOddEvenStepFunction.AddEnvironment(Functions.StateMachineArnKey, stateMachine.StateMachineArn); process12Function.AddEnvironment(Functions.StepFunctionDemoBucketKey, stepFunctionDemoBucket.BucketName); stepFunctionDemoBucket.GrantReadWrite(process12Function); var policyStatementDemofargateTask2 = new PolicyStatement { Sid = "CanNotifyStepFunction", Effect = Effect.ALLOW }; policyStatementDemofargateTask2.AddActions(new[] { "states:SendTask*" }); demofargateTask2.AddToExecutionRolePolicy(policyStatementDemofargateTask2); demofargateTask2.AddToTaskRolePolicy(policyStatementDemofargateTask2); policyStatementDemofargateTask2.AddAllResources(); }
internal AppStack(Construct scope, RecipeConfiguration <Configuration> recipeConfiguration, IStackProps props = null) : base(scope, recipeConfiguration.StackName, props) { var settings = recipeConfiguration.Settings; IVpc vpc; if (settings.Vpc.IsDefault) { vpc = Vpc.FromLookup(this, "Vpc", new VpcLookupOptions { IsDefault = true }); } else if (settings.Vpc.CreateNew) { vpc = new Vpc(this, "Vpc", new VpcProps { MaxAzs = 2 }); } else { vpc = Vpc.FromLookup(this, "Vpc", new VpcLookupOptions { VpcId = settings.Vpc.VpcId }); } ICluster cluster; if (settings.ECSCluster.CreateNew) { cluster = new Cluster(this, "Cluster", new ClusterProps { Vpc = vpc, ClusterName = settings.ECSCluster.NewClusterName }); } else { cluster = Cluster.FromClusterAttributes(this, "Cluster", new ClusterAttributes { ClusterArn = settings.ECSCluster.ClusterArn, ClusterName = ECSFargateUtilities.GetClusterNameFromArn(settings.ECSCluster.ClusterArn), SecurityGroups = new ISecurityGroup[0], Vpc = vpc }); } IRole taskRole; if (settings.ApplicationIAMRole.CreateNew) { taskRole = new Role(this, "TaskRole", new RoleProps { AssumedBy = new ServicePrincipal("ecs-tasks.amazonaws.com") }); } else { taskRole = Role.FromRoleArn(this, "TaskRole", settings.ApplicationIAMRole.RoleArn, new FromRoleArnOptions { Mutable = false }); } var taskDefinition = new FargateTaskDefinition(this, "TaskDefinition", new FargateTaskDefinitionProps { TaskRole = taskRole, Cpu = settings.TaskCpu, MemoryLimitMiB = settings.TaskMemory }); var logging = new AwsLogDriver(new AwsLogDriverProps { StreamPrefix = recipeConfiguration.StackName }); var ecrRepository = Repository.FromRepositoryName(this, "ECRRepository", recipeConfiguration.ECRRepositoryName); taskDefinition.AddContainer("Container", new ContainerDefinitionOptions { Image = ContainerImage.FromEcrRepository(ecrRepository, recipeConfiguration.ECRImageTag), Logging = logging }); SubnetSelection subnetSelection = null; if (settings.Vpc.IsDefault) { subnetSelection = new SubnetSelection { SubnetType = SubnetType.PUBLIC }; } new ScheduledFargateTask(this, "FargateService", new ScheduledFargateTaskProps { Cluster = cluster, Schedule = Schedule.Expression(settings.Schedule), Vpc = vpc, ScheduledFargateTaskDefinitionOptions = new ScheduledFargateTaskDefinitionOptions { TaskDefinition = taskDefinition }, SubnetSelection = subnetSelection }); }
internal CdkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { // The code that defines your stack goes here var vpc = new Vpc(this, "api-vpc", new VpcProps { MaxAzs = 3 // Default is all AZs in region }); //https://garbe.io/blog/2019/09/20/hey-cdk-how-to-use-existing-resources/ // const vpc = Vpc.fromLookup(this, 'MyExistingVPC', { isDefault: true }); // new cdk.CfnOutput(this, "MyVpc", {value: vpc.vpcId }); var cluster = new Cluster(this, "api-ecs-cluster", new ClusterProps { Vpc = vpc }); var task = new FargateTaskDefinition(this, "api-fargate-task", new FargateTaskDefinitionProps() { Cpu = 256, MemoryLimitMiB = 512 }); var logGroup = new LogGroup(this, "loggroup-containers", new LogGroupProps() { Retention = RetentionDays.ONE_MONTH }); var nginxContainer = new ContainerDefinition(this, "container-nginx", new ContainerDefinitionProps() { TaskDefinition = task, Image = ContainerImage.FromAsset("../Api/Nginx", new AssetImageProps() { File = "Nginx.Dockerfile" }), PortMappings = new[] { new PortMapping() { HostPort = 80, ContainerPort = 80, Protocol = Protocol.TCP } }, Essential = true, Environment = new Dictionary <string, string>() { { "API_HOST", "127.0.0.1" } }, Logging = new AwsLogDriver(new AwsLogDriverProps() { LogGroup = logGroup, StreamPrefix = "nginx" }) }); var apiContainer = new ContainerDefinition(this, "container-api", new ContainerDefinitionProps() { TaskDefinition = task, Image = ContainerImage.FromAsset("../Api/Api", new AssetImageProps() { File = "Api.Dockerfile" }), PortMappings = new[] { new PortMapping() { HostPort = 5000, ContainerPort = 5000, Protocol = Protocol.TCP } }, Essential = true, Logging = new AwsLogDriver(new AwsLogDriverProps() { LogGroup = logGroup, StreamPrefix = "api" }) }); // Create a load-balanced Fargate service and make it public new ApplicationLoadBalancedFargateService(this, "api-fargate-loadbalancer", new ApplicationLoadBalancedFargateServiceProps { Cluster = cluster, // Required // DesiredCount = 6, // Default is 1 // TaskDefinition or TaskImageOptions must be specified, but not both. TaskDefinition = task, // MemoryLimitMiB = 2048, // Default is 256 PublicLoadBalancer = true // Default is false } ); }
internal AppStack(Construct scope, RecipeConfiguration <Configuration> recipeConfiguration, IStackProps props = null) : base(scope, recipeConfiguration.StackName, props) { var settings = recipeConfiguration.Settings; IVpc vpc; if (settings.Vpc.IsDefault) { vpc = Vpc.FromLookup(this, "Vpc", new VpcLookupOptions { IsDefault = true }); } else if (settings.Vpc.CreateNew) { vpc = new Vpc(this, "Vpc", new VpcProps { MaxAzs = 2 }); } else { vpc = Vpc.FromLookup(this, "Vpc", new VpcLookupOptions { VpcId = settings.Vpc.VpcId }); } ICluster cluster; if (settings.ECSCluster.CreateNew) { cluster = new Cluster(this, "Cluster", new ClusterProps { Vpc = vpc, ClusterName = settings.ECSCluster.NewClusterName }); } else { cluster = Cluster.FromClusterAttributes(this, "Cluster", new ClusterAttributes { ClusterArn = settings.ECSCluster.ClusterArn, ClusterName = ECSFargateUtilities.GetClusterNameFromArn(settings.ECSCluster.ClusterArn), SecurityGroups = new ISecurityGroup[0], Vpc = vpc }); } IRole taskRole; if (settings.ApplicationIAMRole.CreateNew) { taskRole = new Role(this, "TaskRole", new RoleProps { AssumedBy = new ServicePrincipal("ecs-tasks.amazonaws.com") }); } else { taskRole = Role.FromRoleArn(this, "TaskRole", settings.ApplicationIAMRole.RoleArn, new FromRoleArnOptions { Mutable = false }); } var taskDefinition = new FargateTaskDefinition(this, "TaskDefinition", new FargateTaskDefinitionProps { TaskRole = taskRole, Cpu = settings.TaskCpu, MemoryLimitMiB = settings.TaskMemory }); var ecrRepository = Repository.FromRepositoryName(this, "ECRRepository", recipeConfiguration.ECRRepositoryName); var container = taskDefinition.AddContainer("Container", new ContainerDefinitionOptions { Image = ContainerImage.FromEcrRepository(ecrRepository, recipeConfiguration.ECRImageTag) }); container.AddPortMappings(new PortMapping { ContainerPort = 80, Protocol = Protocol.TCP }); var ecsLoadBalancerAccessSecurityGroup = new SecurityGroup(this, "WebAccessSecurityGroup", new SecurityGroupProps { Vpc = vpc, SecurityGroupName = $"{recipeConfiguration.StackName}-ECSService" }); var ecsServiceSecurityGroups = new List <ISecurityGroup>(); ecsServiceSecurityGroups.Add(ecsLoadBalancerAccessSecurityGroup); if (!string.IsNullOrEmpty(settings.AdditionalECSServiceSecurityGroups)) { var count = 1; foreach (var securityGroupId in settings.AdditionalECSServiceSecurityGroups.Split(',')) { ecsServiceSecurityGroups.Add(SecurityGroup.FromSecurityGroupId(this, $"AdditionalGroup-{count++}", securityGroupId.Trim(), new SecurityGroupImportOptions { Mutable = false })); } } new ApplicationLoadBalancedFargateService(this, "FargateService", new ApplicationLoadBalancedFargateServiceProps { Cluster = cluster, TaskDefinition = taskDefinition, DesiredCount = settings.DesiredCount, ServiceName = settings.ECSServiceName, AssignPublicIp = settings.Vpc.IsDefault, SecurityGroups = ecsServiceSecurityGroups.ToArray() }); }
public DevStack(Construct parent, string id, IStackProps props) : base(parent, id, props) { var cluster = new Cluster(this, "AppCluster", new ClusterProps { Vpc = Vpc.FromLookup(this, "DefaultVpc", new VpcLookupOptions() { IsDefault = true }), }); FargateTaskDefinition taskDef = new FargateTaskDefinition(this, "DevStackTaskDef", new FargateTaskDefinitionProps() { }); var mysqlContainer = taskDef.AddContainer("mysql", new ContainerDefinitionProps() { Image = ContainerImage.FromAsset(DockerFolderBuilder.GetBuildFolder(), new AssetImageProps() { File = Path.Combine("LocalStack", "Dockerfile.mysql") }) }); mysqlContainer.AddPortMappings(new PortMapping() { HostPort = 3306, ContainerPort = 3306, Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP }); var mongoContainer = taskDef.AddContainer("mongodb", new ContainerDefinitionProps() { Image = ContainerImage.FromAsset(DockerFolderBuilder.GetBuildFolder(), new AssetImageProps() { File = Path.Combine("LocalStack", "Dockerfile.mongo") }) }); mongoContainer.AddPortMappings(new PortMapping() { HostPort = 27017, ContainerPort = 27017, Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP }); var localStackContainer = taskDef.AddContainer("localstack", new ContainerDefinitionProps() { Image = ContainerImage.FromAsset(DockerFolderBuilder.GetBuildFolder(), new AssetImageProps() { File = Path.Combine("LocalStack", "Dockerfile.localstack") }) }); localStackContainer.AddPortMappings(new PortMapping() { HostPort = 4572, ContainerPort = 4572, Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP }); localStackContainer.AddPortMappings(new PortMapping() { HostPort = 4576, ContainerPort = 4576, Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP }); localStackContainer.AddPortMappings(new PortMapping() { HostPort = 4584, ContainerPort = 4584, Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP }); var schemabuilder = taskDef.AddContainer("schemaBuilder", new ContainerDefinitionProps() { Image = ContainerImage.FromAsset(DockerFolderBuilder.GetBuildFolder(), new AssetImageProps() { File = Path.Combine("LocalStack", "Dockerfile") }) }); schemabuilder.AddContainerDependencies(new ContainerDependency[] { new ContainerDependency() { Container = mysqlContainer, Condition = ContainerDependencyCondition.START }, new ContainerDependency() { Container = mongoContainer, Condition = ContainerDependencyCondition.START }, new ContainerDependency() { Container = localStackContainer, Condition = ContainerDependencyCondition.START } }); // Create a load-balanced Fargate service and make it public new ApplicationLoadBalancedFargateService(this, "DevStackService", new ApplicationLoadBalancedFargateServiceProps { Cluster = cluster, // Required DesiredCount = 1, TaskDefinition = taskDef, MemoryLimitMiB = 2048, // Default is 256 PublicLoadBalancer = true, // Default is false AssignPublicIp = true } ); }
public ApiStack(Construct parent, string id, IApiStackProps props) : base(parent, id, props) { var cluster = new Cluster( this, "Example", new ClusterProps { Vpc = props.Vpc, }); var logging = new AwsLogDriver(new AwsLogDriverProps { StreamPrefix = "Example", }); var taskDef = new FargateTaskDefinition( this, "Task", new FargateTaskDefinitionProps { MemoryLimitMiB = 512, Cpu = 256, }); var repo = Repository.FromRepositoryName( this, "EcrRepository", props.Repository.RepositoryName); var imageTag = new CfnParameter( this, props.ApiImageTag, new CfnParameterProps { Default = "latest", }); var container = new ContainerDefinition( this, "ApiContainer", new ContainerDefinitionProps { TaskDefinition = taskDef, Image = ContainerImage.FromEcrRepository(repo, imageTag.ValueAsString), Logging = logging, }); container.AddPortMappings(new PortMapping { ContainerPort = 80, HostPort = 80, Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP, }); var loadBalancer = new ApplicationLoadBalancer( this, "LoadBalancer", new ApplicationLoadBalancerProps { Vpc = props.Vpc, Http2Enabled = false, IdleTimeout = Duration.Seconds(5), InternetFacing = true, IpAddressType = IpAddressType.IPV4, VpcSubnets = new SubnetSelection { Subnets = props.Vpc.PublicSubnets, }, }); var ecsService = new ApplicationLoadBalancedFargateService( this, "Service", new ApplicationLoadBalancedFargateServiceProps { Cluster = cluster, TaskDefinition = taskDef, AssignPublicIp = false, PublicLoadBalancer = true, LoadBalancer = loadBalancer, }); PrintLoadBalancerDnsName(ecsService); }
internal CreditoWebApiStack(Construct scope, string id, CustomStackProps props = null) : base(scope, id, props) { var vpc = props.Vpc; var creditoWebApiTargetGroup = new ApplicationTargetGroup(this, "CreditoWebApiTargetGroup", new ApplicationTargetGroupProps { Protocol = ApplicationProtocol.HTTP, Port = 80, Vpc = vpc, TargetType = TargetType.IP, DeregistrationDelay = Duration.Seconds(60), HealthCheck = new Amazon.CDK.AWS.ElasticLoadBalancingV2.HealthCheck { Enabled = true, Path = "/api/credito/_monitor/shallow", Protocol = Amazon.CDK.AWS.ElasticLoadBalancingV2.Protocol.HTTP, Port = "traffic-port", UnhealthyThresholdCount = 2, Interval = Duration.Seconds(60), HealthyThresholdCount = 5, Timeout = Duration.Seconds(5), HealthyHttpCodes = "200" } }); var webApiServiceSecurityGroup = SecurityGroup.FromSecurityGroupId(this, "WebApiServiceSecurityGroup", Fn.ImportValue(Globals.GetDeployEnvironment(this).PutEnvNamePrefixWithDash("WebApiServiceSecurityGroupId"))); var appListener = ApplicationListener.FromApplicationListenerAttributes(this, "AppListener", new ApplicationListenerAttributes { ListenerArn = Fn.ImportValue(Globals.GetDeployEnvironment(this).PutEnvNamePrefixWithDash("AppListenerArn")), SecurityGroup = webApiServiceSecurityGroup }); appListener.AddTargetGroups("CreditoWebApiTargetGroup", new AddApplicationTargetGroupsProps { Conditions = new ListenerCondition[] { ListenerCondition.PathPatterns(new string[] { "/api/credito*" }) }, Priority = 100, TargetGroups = new ApplicationTargetGroup[] { creditoWebApiTargetGroup } }); var creditoWebApiLogGroup = new LogGroup(this, "CreditoWebApiContainerLogGroup", new LogGroupProps { LogGroupName = $"/ecs/{Globals.GetDeployEnvironment(this).EnvName}/credito/web-api", Retention = RetentionDays.FIVE_DAYS, RemovalPolicy = RemovalPolicy.SNAPSHOT }); var creditoWebApiTaskDefinition = new FargateTaskDefinition(this, "CreditoWebApiTaskDefinition", new FargateTaskDefinitionProps { MemoryLimitMiB = 512, Cpu = 256 }); var creditoWebApiLogging = new AwsLogDriver( new AwsLogDriverProps { StreamPrefix = "ecs", LogGroup = creditoWebApiLogGroup }); var creditoWebApiContainer = creditoWebApiTaskDefinition.AddContainer("CreditoWebApiContainer", new ContainerDefinitionOptions { Image = ContainerImage.FromAsset( Directory.GetCurrentDirectory(), new AssetImageProps { File = "src/Credito.WebApi/Dockerfile" }), Logging = creditoWebApiLogging, Environment = new Dictionary <string, string>() { ["CreditoDatabase__ConnectionString"] = StringParameter.ValueFromLookup( this, $"/{Globals.GetDeployEnvironment(this).EnvName}/credito/web-api/db/connection-string"), ["CreditoDatabase__DatabaseName"] = StringParameter.ValueFromLookup( this, $"/{Globals.GetDeployEnvironment(this).EnvName}/credito/web-api/db/database-name") } }); creditoWebApiContainer.AddPortMappings( new PortMapping { ContainerPort = 80, HostPort = 80, Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP }); var cluster = Cluster.FromClusterAttributes(this, "Cluster", new ClusterAttributes { ClusterName = Fn.ImportValue(Globals.GetDeployEnvironment(this).PutEnvNamePrefixWithDash("ClusterName")), Vpc = vpc, SecurityGroups = new SecurityGroup[] { } }); var creditoWebApiService = new FargateService(this, "CreditoWebApiService", new FargateServiceProps { Cluster = cluster, TaskDefinition = creditoWebApiTaskDefinition, DesiredCount = 1, CircuitBreaker = new DeploymentCircuitBreaker { Rollback = true }, AssignPublicIp = false, HealthCheckGracePeriod = Duration.Seconds(60), SecurityGroups = new ISecurityGroup[] { webApiServiceSecurityGroup }, VpcSubnets = new SubnetSelection { SubnetType = SubnetType.PRIVATE } }); creditoWebApiService.AttachToApplicationTargetGroup(creditoWebApiTargetGroup); }
internal CdkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { var stackProps = ReportStackProps.ParseOrDefault(props); var dframeWorkerLogGroup = "MagicOnionBenchWorkerLogGroup"; var dframeMasterLogGroup = "MagicOnionBenchMasterLogGroup"; var benchNetwork = stackProps.GetBenchNetwork(); var recreateMagicOnionTrigger = stackProps.GetBenchmarkServerBinariesHash(); // s3 var s3 = new Bucket(this, "Bucket", new BucketProps { AutoDeleteObjects = true, RemovalPolicy = RemovalPolicy.DESTROY, AccessControl = BucketAccessControl.PRIVATE, }); var lifecycleRule = new LifecycleRule { Enabled = true, Prefix = "reports/", Expiration = Duration.Days(stackProps.DaysKeepReports), AbortIncompleteMultipartUploadAfter = Duration.Days(1), }; s3.AddLifecycleRule(lifecycleRule); s3.AddToResourcePolicy(new PolicyStatement(new PolicyStatementProps { Sid = "AllowPublicRead", Effect = Effect.ALLOW, Principals = new[] { new AnyPrincipal() }, Actions = new[] { "s3:GetObject*" }, Resources = new[] { $"{s3.BucketArn}/html/*" }, })); s3.AddToResourcePolicy(new PolicyStatement(new PolicyStatementProps { Sid = "AllowAwsAccountAccess", Effect = Effect.ALLOW, Principals = new[] { new AccountRootPrincipal() }, Actions = new[] { "s3:*" }, Resources = new[] { $"{s3.BucketArn}/*" }, })); // s3 deploy var masterDllDeployment = new BucketDeployment(this, "DeployMasterDll", new BucketDeploymentProps { DestinationBucket = s3, Sources = new[] { Source.Asset(Path.Combine(Directory.GetCurrentDirectory(), $"out/linux/server")) }, DestinationKeyPrefix = $"assembly/linux/server" }); var userdataDeployment = new BucketDeployment(this, "UserData", new BucketDeploymentProps { DestinationBucket = s3, Sources = new[] { Source.Asset(Path.Combine(Directory.GetCurrentDirectory(), "userdata/")) }, DestinationKeyPrefix = "userdata/" }); // docker deploy var dockerImage = new DockerImageAsset(this, "dframeWorkerImage", new DockerImageAssetProps { Directory = Path.Combine(Directory.GetCurrentDirectory(), "app"), File = "ConsoleAppEcs/Dockerfile.Ecs", }); var dframeImage = ContainerImage.FromDockerImageAsset(dockerImage); // network var vpc = new Vpc(this, "Vpc", new VpcProps { MaxAzs = 2, NatGateways = 0, SubnetConfiguration = new[] { new SubnetConfiguration { Name = "public", SubnetType = SubnetType.PUBLIC } }, }); var allsubnets = new SubnetSelection { Subnets = vpc.PublicSubnets }; var singleSubnets = new SubnetSelection { Subnets = new[] { vpc.PublicSubnets.First() } }; var sg = new SecurityGroup(this, "MasterSg", new SecurityGroupProps { AllowAllOutbound = true, Vpc = vpc, }); foreach (var subnet in vpc.PublicSubnets) { sg.AddIngressRule(Peer.Ipv4(vpc.VpcCidrBlock), Port.AllTcp(), "VPC", true); } // service discovery var serviceDiscoveryDomain = "local"; var serverMapName = "server"; var dframeMapName = "dframe-master"; var ns = new PrivateDnsNamespace(this, "Namespace", new PrivateDnsNamespaceProps { Vpc = vpc, Name = serviceDiscoveryDomain, }); var serviceDiscoveryServer = ns.CreateService("server", new DnsServiceProps { Name = serverMapName, DnsRecordType = DnsRecordType.A, RoutingPolicy = RoutingPolicy.MULTIVALUE, }); // alb var albDnsName = "benchmark-alb"; var benchToMagicOnionDnsName = benchNetwork.RequireAlb ? $"{benchNetwork.EndpointScheme}://{albDnsName}.{stackProps.AlbDomain.domain}" : $"{benchNetwork.EndpointScheme}://{serverMapName}.{serviceDiscoveryDomain}"; IApplicationTargetGroup grpcTargetGroup = null; IApplicationTargetGroup httpsTargetGroup = null; if (benchNetwork.RequireAlb) { // route53 var hostedZone = HostedZone.FromHostedZoneAttributes(this, "HostedZone", new HostedZoneAttributes { HostedZoneId = stackProps.AlbDomain.zoneId, ZoneName = stackProps.AlbDomain.domain, }); // acm var certificate = new DnsValidatedCertificate(this, "certificate", new DnsValidatedCertificateProps { DomainName = $"{albDnsName}.{hostedZone.ZoneName}", HostedZone = hostedZone, }); // alb var lb = new ApplicationLoadBalancer(this, "LB", new ApplicationLoadBalancerProps { Vpc = vpc, VpcSubnets = allsubnets, SecurityGroup = new SecurityGroup(this, "AlbSg", new SecurityGroupProps { AllowAllOutbound = true, Vpc = vpc, }), InternetFacing = false, Http2Enabled = true, }); grpcTargetGroup = AddGrpcTargetGroup(benchNetwork, vpc, certificate, lb); httpsTargetGroup = AddHttpsTargetGroup(benchNetwork, vpc, certificate, lb); // Dns Record _ = new CnameRecord(this, "alb-alias-record", new CnameRecordProps { RecordName = $"{albDnsName}.{stackProps.AlbDomain.domain}", Ttl = Duration.Seconds(60), Zone = hostedZone, DomainName = lb.LoadBalancerDnsName, }); } // iam var iamEc2MagicOnionRole = GetIamEc2MagicOnionRole(s3, serviceDiscoveryServer); var iamEcsTaskExecuteRole = GetIamEcsTaskExecuteRole(new[] { dframeWorkerLogGroup, dframeMasterLogGroup }); var iamDFrameTaskDefRole = GetIamEcsDframeTaskDefRole(s3); var iamWorkerTaskDefRole = GetIamEcsWorkerTaskDefRole(s3); // secrets var ddToken = stackProps.UseEc2DatadogAgentProfiler || stackProps.UseFargateDatadogAgentProfiler ? Amazon.CDK.AWS.SecretsManager.Secret.FromSecretNameV2(this, "dd-token", "magiconion-benchmark-datadog-token") : null; // MagicOnion var asg = new AutoScalingGroup(this, "MagicOnionAsg", new AutoScalingGroupProps { // Monitoring is default DETAILED. SpotPrice = "1.0", // 0.0096 for spot price average for m3.medium Vpc = vpc, SecurityGroup = sg, VpcSubnets = singleSubnets, InstanceType = stackProps.MagicOnionInstanceType, DesiredCapacity = 1, MaxCapacity = 1, MinCapacity = 0, AssociatePublicIpAddress = true, MachineImage = new AmazonLinuxImage(new AmazonLinuxImageProps { CpuType = AmazonLinuxCpuType.X86_64, Generation = AmazonLinuxGeneration.AMAZON_LINUX_2, Storage = AmazonLinuxStorage.GENERAL_PURPOSE, Virtualization = AmazonLinuxVirt.HVM, }), AllowAllOutbound = true, GroupMetrics = new[] { GroupMetrics.All() }, Role = iamEc2MagicOnionRole, UpdatePolicy = UpdatePolicy.ReplacingUpdate(), Signals = Signals.WaitForCount(1, new SignalsOptions { Timeout = Duration.Minutes(10), }), }); asg.AddSecretsReadGrant(ddToken, () => stackProps.UseEc2DatadogAgentProfiler); var userdata = GetUserData(recreateMagicOnionTrigger, s3.BucketName, stackProps.BenchmarkBinaryNames, serviceDiscoveryServer.ServiceId, stackProps.UseEc2CloudWatchAgentProfiler, stackProps.UseEc2DatadogAgentProfiler); asg.AddUserData(userdata); asg.UserData.AddSignalOnExitCommand(asg); asg.Node.AddDependency(masterDllDeployment); asg.Node.AddDependency(userdataDeployment); if (stackProps.EnableMagicOnionScaleInCron) { asg.ScaleOnSchedule("ScheduleOut", new BasicScheduledActionProps { DesiredCapacity = 1, MaxCapacity = 1, // AM9:00 (JST+9) on Monday to Wednesday Schedule = Schedule.Expression("0 0 * 1-3 *"), }); asg.ScaleOnSchedule("ScheduleIn", new BasicScheduledActionProps { DesiredCapacity = 0, MaxCapacity = 0, // PM9:00 (JST+9) on Everyday Schedule = Schedule.Expression("0 12 * 1-7 *"), }); } if (benchNetwork.RequireAlb) { asg.AttachToApplicationTargetGroup(grpcTargetGroup); asg.AttachToApplicationTargetGroup(httpsTargetGroup); } // ECS var cluster = new Cluster(this, "WorkerCluster", new ClusterProps { Vpc = vpc, }); cluster.Node.AddDependency(asg); // wait until asg is up // dframe-worker var dframeWorkerContainerName = "worker"; var dframeWorkerTaskDef = new FargateTaskDefinition(this, "DFrameWorkerTaskDef", new FargateTaskDefinitionProps { ExecutionRole = iamEcsTaskExecuteRole, TaskRole = iamWorkerTaskDefRole, Cpu = stackProps.WorkerFargate.CpuSize, MemoryLimitMiB = stackProps.WorkerFargate.MemorySize, }); dframeWorkerTaskDef.AddContainer(dframeWorkerContainerName, new ContainerDefinitionOptions { Image = dframeImage, Command = new[] { "--worker-flag" }, Environment = new Dictionary <string, string> { { "DFRAME_MASTER_CONNECT_TO_HOST", $"{dframeMapName}.{serviceDiscoveryDomain}" }, { "DFRAME_MASTER_CONNECT_TO_PORT", "12345" }, { "BENCH_SERVER_HOST", benchToMagicOnionDnsName }, { "BENCH_REPORTID", stackProps.ReportId }, { "BENCH_S3BUCKET", s3.BucketName }, }, Logging = LogDriver.AwsLogs(new AwsLogDriverProps { LogGroup = new LogGroup(this, "WorkerLogGroup", new LogGroupProps { LogGroupName = dframeWorkerLogGroup, RemovalPolicy = RemovalPolicy.DESTROY, Retention = RetentionDays.TWO_WEEKS, }), StreamPrefix = dframeWorkerLogGroup, }), }); dframeWorkerTaskDef.AddDatadogContainer($"{dframeWorkerContainerName}-datadog", ddToken, () => stackProps.UseFargateDatadogAgentProfiler); var dframeWorkerService = new FargateService(this, "DFrameWorkerService", new FargateServiceProps { ServiceName = "DFrameWorkerService", DesiredCount = 0, Cluster = cluster, TaskDefinition = dframeWorkerTaskDef, VpcSubnets = singleSubnets, SecurityGroups = new[] { sg }, PlatformVersion = FargatePlatformVersion.VERSION1_4, MinHealthyPercent = 0, AssignPublicIp = true, }); // dframe-master var dframeMasterTaskDef = new FargateTaskDefinition(this, "DFrameMasterTaskDef", new FargateTaskDefinitionProps { ExecutionRole = iamEcsTaskExecuteRole, TaskRole = iamDFrameTaskDefRole, Cpu = stackProps.MasterFargate.CpuSize, MemoryLimitMiB = stackProps.MasterFargate.MemorySize, }); dframeMasterTaskDef.AddContainer("dframe", new ContainerDefinitionOptions { Image = dframeImage, Environment = new Dictionary <string, string> { { "DFRAME_CLUSTER_NAME", cluster.ClusterName }, { "DFRAME_MASTER_SERVICE_NAME", "DFrameMasterService" }, { "DFRAME_WORKER_CONTAINER_NAME", dframeWorkerContainerName }, { "DFRAME_WORKER_SERVICE_NAME", dframeWorkerService.ServiceName }, { "DFRAME_WORKER_TASK_NAME", Fn.Select(1, Fn.Split("/", dframeWorkerTaskDef.TaskDefinitionArn)) }, { "DFRAME_WORKER_IMAGE", dockerImage.ImageUri }, { "BENCH_REPORTID", stackProps.ReportId }, { "BENCH_S3BUCKET", s3.BucketName }, }, Logging = LogDriver.AwsLogs(new AwsLogDriverProps { LogGroup = new LogGroup(this, "MasterLogGroup", new LogGroupProps { LogGroupName = dframeMasterLogGroup, RemovalPolicy = RemovalPolicy.DESTROY, Retention = RetentionDays.TWO_WEEKS, }), StreamPrefix = dframeMasterLogGroup, }), }); dframeMasterTaskDef.AddDatadogContainer($"dframe-datadog", ddToken, () => stackProps.UseFargateDatadogAgentProfiler); var dframeMasterService = new FargateService(this, "DFrameMasterService", new FargateServiceProps { ServiceName = "DFrameMasterService", DesiredCount = 1, Cluster = cluster, TaskDefinition = dframeMasterTaskDef, VpcSubnets = singleSubnets, SecurityGroups = new[] { sg }, PlatformVersion = FargatePlatformVersion.VERSION1_4, MinHealthyPercent = 0, AssignPublicIp = true, }); dframeMasterService.EnableCloudMap(new CloudMapOptions { CloudMapNamespace = ns, Name = dframeMapName, DnsRecordType = DnsRecordType.A, DnsTtl = Duration.Seconds(300), }); // output new CfnOutput(this, "ReportUrl", new CfnOutputProps { Value = $"https://{s3.BucketRegionalDomainName}/html/{stackProps.ReportId}/index.html" }); new CfnOutput(this, "EndPointStyle", new CfnOutputProps { Value = stackProps.BenchmarkEndpoint.ToString() }); new CfnOutput(this, "AsgName", new CfnOutputProps { Value = asg.AutoScalingGroupName }); new CfnOutput(this, "EcsClusterName", new CfnOutputProps { Value = cluster.ClusterName }); new CfnOutput(this, "DFrameWorkerEcsTaskdefImage", new CfnOutputProps { Value = dockerImage.ImageUri }); }
public static Amazon.CDK.AWS.StepFunctions.Tasks.EcsRunTask CreateTask(Construct scope, Table presortTable) { var environmentCID = Amazon.CDK.AWS.SSM.StringParameter.ValueFromLookup(scope, Config.PARAMETER_STORE_AWS_ACCOUNTID_CICD); var repo = new Amazon.CDK.AWS.ECR.Repository(scope, "ECRRepo", new Amazon.CDK.AWS.ECR.RepositoryProps() { RemovalPolicy = RemovalPolicy.DESTROY, RepositoryName = Config.ECR_REPO_NAME }); repo.AddToResourcePolicy(new Amazon.CDK.AWS.IAM.PolicyStatement(new Amazon.CDK.AWS.IAM.PolicyStatementProps { Effect = Amazon.CDK.AWS.IAM.Effect.ALLOW, Actions = new string[] { "ecr:*" }, Principals = new Amazon.CDK.AWS.IAM.IPrincipal[] { new Amazon.CDK.AWS.IAM.ArnPrincipal("arn:aws:iam::" + environmentCID + ":root") } })); var taskDefinition = new FargateTaskDefinition(scope, "DownloadAccuzipFileTaskDefinition", new FargateTaskDefinitionProps() { Cpu = 4096, MemoryLimitMiB = 8192, }); var containerDefinition = taskDefinition.AddContainer(Config.ECR_REPO_NAME + "1", new ContainerDefinitionProps() { Cpu = 4096, MemoryLimitMiB = 8192, Image = ContainerImage.FromEcrRepository(repo), Logging = new AwsLogDriver(new AwsLogDriverProps() { StreamPrefix = "dmappresort" }) }); var policyStatement = new Amazon.CDK.AWS.IAM.PolicyStatement(); policyStatement.AddAllResources(); policyStatement.AddActions(new string[] { "dynamoDb:*", "ses:*", "s3:*" }); taskDefinition.AddToTaskRolePolicy(policyStatement); var cluster = CreateCluster(scope); var lstEnviron = new List <TaskEnvironmentVariable>(); //lstEnviron.Add(new TaskEnvironmentVariable //{ // Name = "accuzipFileS3key", // Value = JsonPath.StringAt("$.accuzipFileS3key") //}); //lstEnviron.Add(new TaskEnvironmentVariable //{ // Name = "beforeReduceFileS3Key", // Value = JsonPath.StringAt("$.beforeReduceFileS3Key") //}); //lstEnviron.Add(new TaskEnvironmentVariable //{ // Name = "bucketName", // Value = JsonPath.StringAt("$.bucketName") //}); //lstEnviron.Add(new TaskEnvironmentVariable //{ // Name = "apiKey", // Value = JsonPath.StringAt("$.apiKey") //}); lstEnviron.Add(new TaskEnvironmentVariable { Name = "REQUESTID", Value = JsonPath.StringAt("$.requestId") }); lstEnviron.Add(new TaskEnvironmentVariable { Name = "DYNAMO_TABLE", Value = presortTable.TableName }); return(new EcsRunTask(scope, "FileMergeFargate", new EcsRunTaskProps() { LaunchTarget = new EcsFargateLaunchTarget(), AssignPublicIp = true, IntegrationPattern = IntegrationPattern.RUN_JOB, Cluster = cluster, TaskDefinition = taskDefinition, ContainerOverrides = (new List <ContainerOverride> { new ContainerOverride { ContainerDefinition = containerDefinition, Environment = lstEnviron.ToArray() } }).ToArray() })); }
internal CdkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { var vpc = new Vpc(this, "api-vpc", new VpcProps { MaxAzs = 3 // Default is all AZs in region }); var cluster = new Cluster(this, "api-ecs-cluster", new ClusterProps { Vpc = vpc, }); var task = new FargateTaskDefinition(this, "api-fargate-task", new FargateTaskDefinitionProps() { Cpu = 256, MemoryLimitMiB = 512 }); var logGroup = new LogGroup(this, "loggroup-containers", new LogGroupProps() { Retention = RetentionDays.ONE_MONTH }); var nginxContainer = new ContainerDefinition(this, "container-nginx", new ContainerDefinitionProps() { TaskDefinition = task, Image = ContainerImage.FromAsset("../Web/Nginx", new AssetImageProps() { File = "Nginx.Dockerfile" }), PortMappings = new[] { new PortMapping() { HostPort = 80, ContainerPort = 80, Protocol = Protocol.TCP } }, Essential = true, Environment = new Dictionary<string, string>() { { "WEB_HOST", "127.0.0.1" } }, Logging = new AwsLogDriver(new AwsLogDriverProps() { LogGroup = logGroup, StreamPrefix = "nginx" }) }); var apiContainer = new ContainerDefinition(this, "container-api", new ContainerDefinitionProps() { TaskDefinition = task, Image = ContainerImage.FromAsset("../Web/Mvc", new AssetImageProps() { File = "Mvc.Dockerfile" }), PortMappings = new[] { new PortMapping() { HostPort = 5000, ContainerPort = 5000, Protocol = Protocol.TCP } }, Essential = true, Logging = new AwsLogDriver(new AwsLogDriverProps() { LogGroup = logGroup, StreamPrefix = "web" }) }); // Create a load-balanced Fargate service and make it public new ApplicationLoadBalancedFargateService(this, "api-fargate-loadbalancer", new ApplicationLoadBalancedFargateServiceProps { Cluster = cluster, // Required // DesiredCount = 6, // Default is 1 // TaskDefinition or TaskImageOptions must be specified, but not both. TaskDefinition = task, // MemoryLimitMiB = 2048, // Default is 256 PublicLoadBalancer = true // Default is false } ); }
internal UsersServiceFargateStack(Construct scope, string id, IUsersServiceFargateStackProps props) : base(scope, id, props) { var repository = Repository.FromRepositoryName(this, "UsersRepository", "users-service"); var taskDefinition = new FargateTaskDefinition(this, "UsersServiceTaskDef", new FargateTaskDefinitionProps { Cpu = 256, MemoryLimitMiB = 512 }); var container = taskDefinition.AddContainer("WebApi", new ContainerDefinitionOptions { Image = ContainerImage.FromEcrRepository(repository), Logging = new AwsLogDriver(new AwsLogDriverProps { LogRetention = Amazon.CDK.AWS.Logs.RetentionDays.TWO_WEEKS, StreamPrefix = "UsersService-" }) }); container.AddPortMappings(new PortMapping { ContainerPort = 80 }); var service = new FargateService(this, "UsersService", new FargateServiceProps { Cluster = props.Cluster, TaskDefinition = taskDefinition, DesiredCount = 2, VpcSubnets = new SubnetSelection { SubnetType = SubnetType.PUBLIC }, AssignPublicIp = true }); service.AutoScaleTaskCount(new EnableScalingProps { MinCapacity = 2, MaxCapacity = 4 }).ScaleOnCpuUtilization("CPU", new CpuUtilizationScalingProps { TargetUtilizationPercent = 70 }); props.Listener.AddTargets("UsersServiceTarget", new AddApplicationTargetsProps { HealthCheck = new HealthCheck { HealthyHttpCodes = "200-299", Path = "/api/users/health", Protocol = Amazon.CDK.AWS.ElasticLoadBalancingV2.Protocol.HTTP, HealthyThresholdCount = 2, UnhealthyThresholdCount = 5, Timeout = Duration.Seconds(10), Interval = Duration.Seconds(70), Port = "80" }, Protocol = ApplicationProtocol.HTTP, Port = 80, Targets = new IApplicationLoadBalancerTarget[] { service }, PathPattern = "/api/users*", Priority = 2 }); }