public UnicornStoreFargateStack(Construct parent, string id, UnicornStoreDeploymentEnvStackProps settings) : base(parent, id, settings) { this.settings = settings; var vpc = new Vpc(this, $"{settings.ScopeName}VPC", new VpcProps { MaxAzs = settings.MaxAzs }); SecMan.SecretProps databasePasswordSecretSettings = Helpers.CreateAutoGenPasswordSecretDef($"{settings.ScopeName}DatabasePassword", passwordLength: 8); SecMan.Secret databasePasswordSecretConstruct = databasePasswordSecretSettings.CreateSecretConstruct(this); var dbConstructFactory = settings.CreateDbConstructFactory(); DatabaseConstructOutput dbConstructOutput = dbConstructFactory.CreateDatabaseConstruct(this, vpc, databasePasswordSecretConstruct.SecretValue); var ecsCluster = new Cluster(this, $"Application{settings.Infrastructure}Cluster", new ClusterProps { Vpc = vpc, ClusterName = settings.EcsClusterName } ); ApplicationLoadBalancedFargateService ecsService = this.CreateEcsService( ecsCluster, Secret.FromSecretsManager(databasePasswordSecretConstruct), dbConstructFactory, dbConstructOutput ); // Update RDS Security Group to allow inbound database connections from the Fargate Service Security Group dbConstructOutput.Connections.AllowDefaultPortFrom(ecsService.Service.Connections.SecurityGroups[0]); }
public static Secret CreateSecret(this SecMan.SecretProps smSecretDef, Construct parent) { SecMan.Secret smSecret = smSecretDef.CreateSecretConstruct(parent); return(Secret.FromSecretsManager(smSecret)); }
public QaStage(Construct scope, string id, QaStageProps props) : base(scope, id, props) { var mainStack = new Stack(this, "main-stack", new StackProps { Env = Constants.DefaultEnv }); var credentials = new GitHubSourceCredentials(mainStack, "github-source-credentials", new GitHubSourceCredentialsProps { AccessToken = SecretValue.SecretsManager("github/oauth/token") }); var vpc = new Vpc(mainStack, "main-vpc", new VpcProps { Cidr = "10.0.0.0/16" }); //should change this to Aurora Serverless!!! //https://dev.to/cjjenkinson/how-to-create-an-aurora-serverless-rds-instance-on-aws-with-cdk-5bb0 var db = new PostgresStack(this, "postgres-db-stack", new DatabaseInstanceProps { Vpc = vpc, Engine = DatabaseInstanceEngine.Postgres(new PostgresInstanceEngineProps { Version = PostgresEngineVersion.VER_12_3 }), AllocatedStorage = 5, BackupRetention = Duration.Days(0), DeletionProtection = false, InstanceType = InstanceType.Of(InstanceClass.BURSTABLE2, InstanceSize.MICRO), MasterUsername = "******", MultiAz = false, DatabaseName = "postgres", RemovalPolicy = RemovalPolicy.DESTROY, AllowMajorVersionUpgrade = false }, new StackProps { Env = Constants.DefaultEnv }); var containerEnvVars = new Dictionary <string, string> { { "DB__ADDRESS", db.Instance.InstanceEndpoint.SocketAddress } }; var containerSecrets = new Dictionary <string, Secret> { { "DatabaseConnection", Secret.FromSecretsManager(db.Instance.Secret) } }; var accountMetadataTable = new Table(mainStack, "AccountMetadata", new TableProps { TableName = "AccountMetadata", PartitionKey = new Attribute { Name = "UserId", Type = AttributeType.NUMBER }, SortKey = new Attribute { Name = "AccountId", Type = AttributeType.NUMBER }, Stream = StreamViewType.NEW_IMAGE }); var ecsCluster = new Cluster(mainStack, "app-cluster", new ClusterProps { Vpc = vpc, ClusterName = "app-cluster", ContainerInsights = true }); var fargateSslCertArn = SecretValue.SecretsManager("fargateSslCertArn").ToString(); var albCert = Certificate.FromCertificateArn(mainStack, "alb-cert", fargateSslCertArn); var sandbankBuildInfra = this.CreateApiBuildStack("SandBank", vpc); var sandbankApi = this.CreateApiStack("SandBank", ecsCluster, vpc, sandbankBuildInfra.EcrRepository, "sandbank-api", props.HostedZoneName, props.HostedZoneId, albCert, containerEnvVars, containerSecrets); accountMetadataTable.GrantFullAccess(sandbankApi.FargateService.TaskDefinition.TaskRole); var cloudfrontCertArn = SecretValue.SecretsManager("cloudfrontcertarn").ToString(); var cert = Certificate.FromCertificateArn(mainStack, "cloudfront-cert", cloudfrontCertArn); var sandbankSpa = new SpaStack(this, "sandbank-spa-stack", new SpaStackProps { Env = Constants.DefaultEnv, Vpc = vpc, ServiceName = "sandbank-spa", SubDomain = "sandbank", HostedZoneName = props.HostedZoneName, HostedZoneId = props.HostedZoneId, CloudFrontCert = cert, GitHubSourceProps = Constants.GithubRepo, BuildSpecFile = Constants.NpmBuildSpec, SpaDirectory = "App/FrontEnd/sandbank.spa", ApiUrl = $"{sandbankApi.ApiUrl}/api" //maybe should use CfnOutput instead }); //lambda //SandBank.Lambda.ConfigAuditTrail::SandBank.Lambda.ConfigAuditTrail.Function::FunctionHandler }