public UnicornStoreFargateStack(Construct parent, string id, UnicornStoreDeploymentEnvStackProps settings) : base(parent, id, settings)
{
this.settings = settings;
var vpc = new Vpc(this, $"{settings.ScopeName}VPC", new VpcProps {
MaxAzs = settings.MaxAzs
});
SecMan.SecretProps databasePasswordSecretSettings =
Helpers.CreateAutoGenPasswordSecretDef($"{settings.ScopeName}DatabasePassword", passwordLength: 8);
SecMan.Secret databasePasswordSecretConstruct = databasePasswordSecretSettings.CreateSecretConstruct(this);
var dbConstructFactory = settings.CreateDbConstructFactory();
DatabaseConstructOutput dbConstructOutput =
dbConstructFactory.CreateDatabaseConstruct(this, vpc, databasePasswordSecretConstruct.SecretValue);
var ecsCluster = new Cluster(this, $"Application{settings.Infrastructure}Cluster", new ClusterProps
{
Vpc = vpc,
ClusterName = settings.EcsClusterName
}
);
ApplicationLoadBalancedFargateService ecsService = this.CreateEcsService(
ecsCluster,
Secret.FromSecretsManager(databasePasswordSecretConstruct),
dbConstructFactory,
dbConstructOutput
);
// Update RDS Security Group to allow inbound database connections from the Fargate Service Security Group
dbConstructOutput.Connections.AllowDefaultPortFrom(ecsService.Service.Connections.SecurityGroups[0]);
}
private ApplicationLoadBalancedFargateService CreateEcsService(
Cluster ecsCluster,
Secret dbPasswordSecret,
DatabaseConstructFactory dbConstructFactory,
DatabaseConstructOutput dbConstructOutput
)
{
var imageRepository = Repository.FromRepositoryName(this, "ExistingEcrRepository", settings.DockerImageRepository);
var ecsService = new ApplicationLoadBalancedFargateService(this, $"{settings.ScopeName}FargateService",
new ApplicationLoadBalancedFargateServiceProps
{
Cluster = ecsCluster,
DesiredCount = settings.DesiredComputeReplicaCount,
Cpu = settings.CpuMillicores,
MemoryLimitMiB = settings.MemoryMiB,
PublicLoadBalancer = settings.PublicLoadBalancer,
LoadBalancer = new ApplicationLoadBalancer(this, $"{settings.ScopeName}-ALB", new ApplicationLoadBalancerProps {
LoadBalancerName = "unicorn-store",
Vpc = ecsCluster.Vpc,
InternetFacing = true,
DeletionProtection = false,
}),
TaskImageOptions = new ApplicationLoadBalancedTaskImageOptions
{
Image = ContainerImage.FromEcrRepository(imageRepository, settings.ImageTag),
Environment = new Dictionary <string, string>()
{
{ "ASPNETCORE_ENVIRONMENT", settings.DotNetEnvironment ?? "Production" },
{ "DefaultAdminUsername", settings.DefaultSiteAdminUsername },
{ $"UnicornDbConnectionStringBuilder__{dbConstructFactory.DbConnStrBuilderServerPropName}",
dbConstructOutput.EndpointAddress },
{ $"UnicornDbConnectionStringBuilder__Port", dbConstructOutput.Port },
{ $"UnicornDbConnectionStringBuilder__{dbConstructFactory.DBConnStrBuilderUserPropName}",
settings.DbUsername },
},
Secrets = new Dictionary <string, Secret>
{
{ "DefaultAdminPassword", Helpers.CreateAutoGenPasswordSecretDef($"{settings.ScopeName}DefaultSiteAdminPassword").CreateSecret(this) },
{ $"UnicornDbConnectionStringBuilder__{dbConstructFactory.DBConnStrBuilderPasswordPropName}", dbPasswordSecret }
}
},
}
);
return(ecsService);
}
