internal TheEfsLambdaStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
// EFS needs to be setup in a VPC with 2Azs
_vpc = new EC2.Vpc(this, "Vpc", new EC2.VpcProps
{
MaxAzs = 2
});
// Create a file system in EFS to store information
_fileSystem = new EFS.FileSystem(this, "Filesystem", new EFS.FileSystemProps
{
Vpc = _vpc,
RemovalPolicy = RemovalPolicy.DESTROY
});
// Create a access point to EFS
EFS.AccessPoint accessPoint;
accessPoint = _fileSystem.AddAccessPoint("AccessPoint", new EFS.AccessPointOptions
{
CreateAcl = new EFS.Acl {
OwnerGid = "1001", OwnerUid = "1001", Permissions = "750"
},
Path = "/export/lambda",
PosixUser = new EFS.PosixUser {
Gid = "1001", Uid = "1001",
}
});
// Create the lambda function
_functionProxyHandler = new Lambda.Function(this, "efsLambdaFunction", new Lambda.FunctionProps
{
Runtime = Lambda.Runtime.PYTHON_3_8,
Code = Lambda.Code.FromAsset("lambda_fns"),
Handler = "message_wall.lambda_handler",
Vpc = _vpc,
Filesystem = Lambda.FileSystem.FromEfsAccessPoint(accessPoint, "/mnt/msg")
});
// Api Gateway HTTP integration
_apiGateway = new APIGv2.HttpApi(this, "EFS Lambda", new APIGv2.HttpApiProps
{
DefaultIntegration = new APIGv2Integration.LambdaProxyIntegration(new APIGv2Integration.LambdaProxyIntegrationProps
{
Handler = _functionProxyHandler
})
});
// Output to CFN
new CfnOutput(this, "HTTP API Url", new CfnOutputProps
{
Value = _apiGateway.Url
});
}
public VpcStack(Construct scope, IConfigSettings config, IStackProps props = null) : base(scope, $"{config?.Vpc?.StackName}", props)
{
var vpcProps = new VpcProps
{
Cidr = (config.Vpc.Cidr != null) ? config.Vpc.Cidr : "10.0.0.0/16",
NatGateways = config.Vpc.NatGateways,
};
// create the vpc
Vpc = new Amazon.CDK.AWS.EC2.Vpc(this, config.Vpc.Name, vpcProps);
// tag it
Utilities.Tagging.Tag(Vpc, config, config.Vpc.Tags);
Utilities.Tagging.Tag(Vpc, config, config.Tags);
}
public Amazon.CDK.AWS.AutoScaling.AutoScalingGroup Create(Amazon.CDK.AWS.EC2.Vpc vpc, SecurityGroup sg)
{
// todo define roles in config
var role = new Security.Roles.IamRole().Create(this, _config, "asg-ec2-role");
var selection = new SubnetSelection
{
SubnetType = SubnetType.PUBLIC
};
var healchCheck = HealthCheck.Elb(new ElbHealthCheckOptions
{
Grace = Duration.Minutes(5)
});
var asg = new Amazon.CDK.AWS.AutoScaling.AutoScalingGroup(this, _config.Asg.Name, new AutoScalingGroupProps
{
AutoScalingGroupName = _config.Asg.Name,
Vpc = vpc,
// todo parse enums and pull from config
InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.MICRO),
// get the linux two type otherwise it defaults to the older image
// todo parse enums and pull from config
MachineImage = new AmazonLinuxImage(new AmazonLinuxImageProps {
Generation = AmazonLinuxGeneration.AMAZON_LINUX_2
}),
AllowAllOutbound = _config.Asg.AllowAllOutbound,
DesiredCapacity = _config.Asg.DesiredCapacity,
MinCapacity = _config.Asg.MinCapacity,
MaxCapacity = _config.Asg.MaxCapacity,
KeyName = _config.Asg.KeyName,
AssociatePublicIpAddress = _config.Asg.AssociatePublicIpAddress,
VpcSubnets = selection,
Role = role,
UserData = GetUserData(_config.Asg.UserDataPath),
HealthCheck = healchCheck,
SecurityGroup = sg
});
Utilities.Tagging.Tag(asg, _config, _config.Asg.Tags);
Utilities.Tagging.Tag(asg, _config, _config.Tags);
//asg.ScaleOnCpuUtilization()
return(asg);
}
public DatabaseInstance Create(Amazon.CDK.AWS.EC2.Vpc vpc, IConfigSettings configSettings, SecurityGroup[] securityGroups)
{
var db = new DatabaseInstance(this, $"{configSettings.Rds.Name}", new DatabaseInstanceProps
{
// todo change all properties based on config settings
Engine = DatabaseInstanceEngine.Mysql(new MySqlInstanceEngineProps
{
//todo change based on config settings
Version = MysqlEngineVersion.VER_5_7,
}),
Credentials = GetCredentials(configSettings),
InstanceType = InstanceType.Of(InstanceClass.BURSTABLE2, InstanceSize.SMALL),
VpcSubnets = new SubnetSelection
{
SubnetType = SubnetType.ISOLATED
},
Vpc = vpc,
MultiAz = configSettings.Rds.MultiAz,
BackupRetention = Duration.Days(configSettings.Rds.BackupRetentionInDays),
StorageEncrypted = configSettings.Rds.StorageEncrypted,
AutoMinorVersionUpgrade = configSettings.Rds.AutoMinorVersionUpgrade,
// todo
StorageType = StorageType.GP2,
SecurityGroups = securityGroups,
InstanceIdentifier = configSettings.Rds.Name,
DeletionProtection = configSettings.Rds.DeletionProtection,
});
// rotate the master password (use this when storing it in secrets manager)
//db.AddRotationSingleUser();
//EaSdRDpAgGjGKd0AL-uI2fwSJ,znW5
DBInstance = db;
return(db);
}
public ApplicationLoadBalancer Create(Construct construct, Amazon.CDK.AWS.EC2.Vpc vpc, Amazon.CDK.AWS.AutoScaling.AutoScalingGroup asg, SecurityGroup sg)
{
var lb = new ApplicationLoadBalancer(construct, _config.Alb.Name, new ApplicationLoadBalancerProps
{
Vpc = vpc,
InternetFacing = true,
LoadBalancerName = _config.Alb.Name,
SecurityGroup = sg
});
Amazon.CDK.Tags.Of(lb).Add("Name", $"{_config.Alb.Name}");
// add a listener
var listener = AddListener(lb, 80, null);
var appPort = 80;
var group = listener.AddTargets($"AppFleet", new AddApplicationTargetsProps
{
Port = appPort,
Targets = new[] { asg }
});
// add specific tags
Amazon.CDK.Tags.Of(listener).Add("Name", $"{_config.Alb.Name}-listner");
Amazon.CDK.Tags.Of(group).Add("Name", $"{_config.Alb.Name}-fleet");
// exmple of a fixed ok message returned by the LB
listener.AddAction($"FixedOkMessage", new AddApplicationActionProps
{
Priority = 10,
Conditions = new[] { ListenerCondition.PathPatterns(new[] { "/ok" }) },
Action = ListenerAction.FixedResponse(200, new FixedResponseOptions
{
ContentType = "text/html",
MessageBody = "OK"
})
});
// example of a fixed health status message returned by LB
listener.AddAction($"LBHealthInfo", new AddApplicationActionProps
{
Priority = 15,
Conditions = new[] { ListenerCondition.PathPatterns(new[] { "/lb-status" }) },
Action = ListenerAction.FixedResponse(200, new FixedResponseOptions
{
ContentType = "application/json",
MessageBody = "{ \"lb\": { \"type\": \"application-load-balancer\", \"launchDateUtc\": \"{" + DateTime.UtcNow + "}\", \"status\": \"ok\" } }"
})
});
//"arn:aws:acm:us-east-1:xxxxxxxxx:certificate/eb2b584c-421d-4134-b679-1746642b5e3f"
if (_config.Alb.CertArn != null)
{
listener = AddListener(lb, 443, _config.Alb.CertArn);
// forward any ssl requests to the target group
listener.AddAction("SSLForward", new AddApplicationActionProps
{
Action = ListenerAction.Forward(new[] { group }),
});
}
return(lb);
}