public MyStack()
{
var config = new Config();
var subnetId = config.RequireObject <dynamic>("subnetId");
var selected = Output.Create(Aws.Ec2.GetSubnet.InvokeAsync(new Aws.Ec2.GetSubnetArgs
{
Id = subnetId,
}));
var subnet = new Aws.Ec2.SecurityGroup("subnet", new Aws.Ec2.SecurityGroupArgs
{
Ingress =
{
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
CidrBlocks =
{
selected.Apply(selected => selected.CidrBlock),
},
FromPort = 80,
Protocol = "tcp",
ToPort = 80,
},
},
VpcId = selected.Apply(selected => selected.VpcId),
});
}
public MyStack()
{
// Create a new security group for port 80.
var securityGroup = new Aws.Ec2.SecurityGroup("securityGroup", new Aws.Ec2.SecurityGroupArgs
{
Ingress =
{
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "tcp",
FromPort = 0,
ToPort = 0,
CidrBlocks =
{
"0.0.0.0/0",
},
},
},
});
var ami = Output.Create(Aws.GetAmi.InvokeAsync(new Aws.GetAmiArgs
{
Filters =
{
new Aws.Inputs.GetAmiFilterArgs
{
Name = "name",
Values =
{
"amzn-ami-hvm-*-x86_64-ebs",
},
},
},
Owners =
{
"137112412989",
},
MostRecent = true,
}));
// Create a simple web server using the startup script for the instance.
var server = new Aws.Ec2.Instance("server", new Aws.Ec2.InstanceArgs
{
Tags =
{
{ "Name", "web-server-www" },
},
InstanceType = "t2.micro",
SecurityGroups =
{
securityGroup.Name,
},
Ami = ami.Apply(ami => ami.Id),
UserData = @"#!/bin/bash
echo ""Hello, World!"" > index.html
nohup python -m SimpleHTTPServer 80 &
",
});
this.PublicIp = server.PublicIp;
this.PublicHostName = server.PublicDns;
}
public ElastiGroupStack()
{
var sg = new Pulumi.Aws.Ec2.SecurityGroup("my-csharp-security-group");
var azs = GetAvailabilityZones.InvokeAsync();
var elastigroup = new Elastigroup("my-csharp-elastigroup", new ElastigroupArgs
{
FallbackToOndemand = false,
InstanceTypesOndemand = "m3.2xlarge",
InstanceTypesSpots =
{
"m3.xlarge",
"m3.2xlarge",
},
Orientation = "balanced",
Product = "Linux/UNIX",
SecurityGroups =
{
sg.Id
},
Region = "us-west-2",
AvailabilityZones = azs.Result.Names,
ImageId = "ami-e251209a",
});
}
public MyStack()
{
var europeanEc2 = Output.Create(Aws.GetIpRanges.InvokeAsync(new Aws.GetIpRangesArgs
{
Regions =
{
"eu-west-1",
"eu-central-1",
},
Services =
{
"ec2",
},
}));
var fromEurope = new Aws.Ec2.SecurityGroup("fromEurope", new Aws.Ec2.SecurityGroupArgs
{
Ingress =
{
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
FromPort = 443,
ToPort = 443,
Protocol = "tcp",
CidrBlocks = europeanEc2.Apply(europeanEc2 => europeanEc2.CidrBlocks),
Ipv6CidrBlocks = europeanEc2.Apply(europeanEc2 => europeanEc2.Ipv6CidrBlocks),
},
},
Tags =
{
{ "CreateDate", europeanEc2.Apply(europeanEc2 => europeanEc2.CreateDate) },
{ "SyncToken", europeanEc2.Apply(europeanEc2 => europeanEc2.SyncToken) },
},
});
}
public MyStack()
{
var config = new Config();
var vpc = config.RequireObject <dynamic>("vpc");
var domain = config.Get("domain") ?? "tf-test";
var selectedVpc = Output.Create(Aws.Ec2.GetVpc.InvokeAsync(new Aws.Ec2.GetVpcArgs
{
Tags =
{
{ "Name", vpc },
},
}));
var selectedSubnetIds = selectedVpc.Apply(selectedVpc => Output.Create(Aws.Ec2.GetSubnetIds.InvokeAsync(new Aws.Ec2.GetSubnetIdsArgs
{
Tags =
{
{ "Tier", "private" },
},
VpcId = selectedVpc.Id,
})));
var currentRegion = Output.Create(Aws.GetRegion.InvokeAsync());
var currentCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
var esSecurityGroup = new Aws.Ec2.SecurityGroup("esSecurityGroup", new Aws.Ec2.SecurityGroupArgs
{
Description = "Managed by Pulumi",
Ingress =
{
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
CidrBlocks =
{
selectedVpc.Apply(selectedVpc => selectedVpc.CidrBlock),
},
FromPort = 443,
Protocol = "tcp",
ToPort = 443,
},
},
VpcId = selectedVpc.Apply(selectedVpc => selectedVpc.Id),
});
var esServiceLinkedRole = new Aws.Iam.ServiceLinkedRole("esServiceLinkedRole", new Aws.Iam.ServiceLinkedRoleArgs
{
AwsServiceName = "es.amazonaws.com",
});
var esDomain = new Aws.ElasticSearch.Domain("esDomain", new Aws.ElasticSearch.DomainArgs
{
AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =>
{
var currentRegion = values.Item1;
var currentCallerIdentity = values.Item2;
return(@$ "{{
" "Version" ": " "2012-10-17" ",
" "Statement" ": [
public MyStack()
{
var barSecurityGroup = new Aws.Ec2.SecurityGroup("barSecurityGroup", new Aws.Ec2.SecurityGroupArgs
{
});
var barElasticache_securityGroupSecurityGroup = new Aws.ElastiCache.SecurityGroup("barElasticache/securityGroupSecurityGroup", new Aws.ElastiCache.SecurityGroupArgs
{
SecurityGroupNames =
{
barSecurityGroup.Name,
},
});
}
public MyStack()
{
var ami = Output.Create(Pulumi.Aws.Invokes.GetAmi(new Pulumi.Aws.GetAmiArgs
{
MostRecent = true,
Owners = { "137112412989" },
Filters = { new Pulumi.Aws.Inputs.GetAmiFiltersArgs
{
Name = "name", Values = { "amzn-ami-hvm-*" }
} }
}));
var group = new Pulumi.Aws.Ec2.SecurityGroup("web-secgrp", new Pulumi.Aws.Ec2.SecurityGroupArgs
{
Description = "Enable HTTP access",
Ingress =
{
new Pulumi.Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "tcp",
FromPort = 80,
ToPort = 80,
CidrBlocks ={ "0.0.0.0/0" }
},
new Pulumi.Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "icmp",
FromPort = 8,
ToPort = 80,
CidrBlocks ={ "0.0.0.0/0" }
}
}
});
var userData = @"
#!/bin/bash
echo ""Hello, World!"" > index.html
nohup python -m SimpleHTTPServer 80 &
";
var server = new Pulumi.Aws.Ec2.Instance("web-server-www", new Pulumi.Aws.Ec2.InstanceArgs
{
InstanceType = "t2.micro",
VpcSecurityGroupIds = { group.Id },
UserData = userData,
Ami = ami.Apply(a => a.Id)
});
this.PublicIp = server.PublicIp;
this.PublicDns = server.PublicDns;
}
public MyStack()
{
var ami = Output.Create(Aws.GetAmi.InvokeAsync(new Aws.GetAmiArgs
{
Filters =
{
new Aws.Inputs.GetAmiFilterArgs
{
Name = "name",
Values =
{
"amzn-ami-hvm-*",
},
},
},
MostRecent = true,
Owners =
{
"amazon",
},
}));
var instance = new Aws.Ec2.Instance("instance", new Aws.Ec2.InstanceArgs
{
Ami = ami.Apply(ami => ami.Id),
InstanceType = "t2.micro",
Tags =
{
{ "type", "test-instance" },
},
});
var sg = new Aws.Ec2.SecurityGroup("sg", new Aws.Ec2.SecurityGroupArgs
{
Tags =
{
{ "type", "test-security-group" },
},
});
var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment("sgAttachment", new Aws.Ec2.NetworkInterfaceSecurityGroupAttachmentArgs
{
NetworkInterfaceId = instance.PrimaryNetworkInterfaceId,
SecurityGroupId = sg.Id,
});
}
private async Task <redshift.Cluster> createRedshiftCluster(int port, ec2.SecurityGroup securityGroup, iam.Role role)
{
var password = await getRedshiftPassword();
var cluster = new redshift.Cluster("dend-redshift-cluster", new redshift.ClusterArgs
{
NodeType = "dc2.large",
NumberOfNodes = 2,
ClusterIdentifier = "dend-redshift-cluster",
DatabaseName = "dev",
Port = port,
MasterUsername = "******",
MasterPassword = password,
VpcSecurityGroupIds = { securityGroup.Id },
IamRoles = { "AWSServiceRoleForRedshift", role.Id },
FinalSnapshotIdentifier = "dend-snapshot"
}, this.CustomResourceOptions);
return(cluster);
}
private ec2.SecurityGroup createRedshiftSecurityGroup(string vpcId, string localPublicIp, int port)
{
var redshiftSG = new ec2.SecurityGroup("redshift_security_group", new ec2.SecurityGroupArgs
{
VpcId = vpcId,
Description = "Auth Redshift Cluster to connect",
Ingress =
{
new SecurityGroupIngressArgs
{
Protocol = "tcp",
FromPort = port,
ToPort = port,
CidrBlocks ={ localPublicIp }
}
}
}, this.CustomResourceOptions);
return(redshiftSG);
}
public MyStack()
{
var allowTls = new Aws.Ec2.SecurityGroup("allowTls", new Aws.Ec2.SecurityGroupArgs
{
Description = "Allow TLS inbound traffic",
VpcId = aws_vpc.Main.Id,
Ingress =
{
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
Description = "TLS from VPC",
FromPort = 443,
ToPort = 443,
Protocol = "tcp",
CidrBlocks =
{
aws_vpc.Main.Cidr_block,
},
},
},
Egress =
{
new Aws.Ec2.Inputs.SecurityGroupEgressArgs
{
FromPort = 0,
ToPort = 0,
Protocol = "-1",
CidrBlocks =
{
"0.0.0.0/0",
},
},
},
Tags =
{
{ "Name", "allow_tls" },
},
});
}
public FargateStack()
{
// Read back the default VPC and public subnets, which we will use.
var vpc = Output.Create(Ec2.GetVpc.InvokeAsync(new Ec2.GetVpcArgs {
Default = true
}));
var vpcId = vpc.Apply(vpc => vpc.Id);
var subnet = vpcId.Apply(id => Ec2.GetSubnetIds.InvokeAsync(new Ec2.GetSubnetIdsArgs {
VpcId = id
}));
var subnetIds = subnet.Apply(s => s.Ids);
// Create a SecurityGroup that permits HTTP ingress and unrestricted egress.
var webSg = new Ec2.SecurityGroup("web-sg", new Ec2.SecurityGroupArgs
{
VpcId = vpcId,
Egress =
{
new Ec2.Inputs.SecurityGroupEgressArgs
{
Protocol = "-1",
FromPort = 0,
ToPort = 0,
CidrBlocks ={ "0.0.0.0/0" }
}
},
Ingress =
{
new Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "tcp",
FromPort = 80,
ToPort = 80,
CidrBlocks ={ "0.0.0.0/0" }
}
}
});
// Create an ECS cluster to run a container-based service.
var cluster = new Ecs.Cluster("app-cluster");
// Create an IAM role that can be used by our service's task.
var taskExecRole = new Iam.Role("task-exec-role", new Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2008-10-17"",
""Statement"": [{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""ecs-tasks.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}]
}"
});
var taskExecAttach = new Iam.RolePolicyAttachment("task-exec-policy", new Iam.RolePolicyAttachmentArgs
{
Role = taskExecRole.Name,
PolicyArn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
});
// Create a load balancer to listen for HTTP traffic on port 80.
var webLb = new Elb.LoadBalancer("web-lb", new Elb.LoadBalancerArgs
{
Subnets = subnetIds,
SecurityGroups = { webSg.Id }
});
var webTg = new Elb.TargetGroup("web-tg", new Elb.TargetGroupArgs
{
Port = 80,
Protocol = "HTTP",
TargetType = "ip",
VpcId = vpcId
});
var webListener = new Elb.Listener("web-listener", new Elb.ListenerArgs
{
LoadBalancerArn = webLb.Arn,
Port = 80,
DefaultActions =
{
new Elb.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = webTg.Arn,
}
}
});
// Create a private ECR registry and build and publish our app's container image to it.
var appRepo = new Ecr.Repository("app-repo");
var appRepoCredentials = appRepo.RegistryId.Apply(async rid =>
{
var credentials = await Ecr.GetCredentials.InvokeAsync(new Ecr.GetCredentialsArgs {
RegistryId = rid
});
var data = Convert.FromBase64String(credentials.AuthorizationToken);
return(Encoding.UTF8.GetString(data).Split(":").ToImmutableArray());
});
var image = new Docker.Image("app-img", new Docker.ImageArgs
{
Build = "../App",
ImageName = appRepo.RepositoryUrl,
Registry = new Docker.ImageRegistry
{
Server = appRepo.RepositoryUrl,
Username = appRepoCredentials.GetAt(0),
Password = appRepoCredentials.GetAt(1)
}
});
// Spin up a load balanced service running our container image.
var appTask = new Ecs.TaskDefinition("app-task", new Ecs.TaskDefinitionArgs
{
Family = "fargate-task-definition",
Cpu = "256",
Memory = "512",
NetworkMode = "awsvpc",
RequiresCompatibilities = { "FARGATE" },
ExecutionRoleArn = taskExecRole.Arn,
ContainerDefinitions = image.ImageName.Apply(imageName => @"[{
""name"": ""my-app"",
""image"": """ + imageName + @""",
""portMappings"": [{
""containerPort"": 80,
""hostPort"": 80,
""protocol"": ""tcp""
}]
}]")
});
var appSvc = new Ecs.Service("app-svc", new Ecs.ServiceArgs
{
Cluster = cluster.Arn,
DesiredCount = 3,
LaunchType = "FARGATE",
TaskDefinition = appTask.Arn,
NetworkConfiguration = new Ecs.Inputs.ServiceNetworkConfigurationArgs
{
AssignPublicIp = true,
Subnets = subnetIds,
SecurityGroups = { webSg.Id }
},
LoadBalancers =
{
new Ecs.Inputs.ServiceLoadBalancerArgs
{
TargetGroupArn = webTg.Arn,
ContainerName = "my-app",
ContainerPort = 80
}
}
}, new CustomResourceOptions {
DependsOn = { webListener }
});
// Export the resulting web address.
this.Url = Output.Format($"http://{webLb.DnsName}");
}
public MyStack()
{
var vpc = Output.Create(Pulumi.Aws.Ec2.GetVpc.InvokeAsync(new Pulumi.Aws.Ec2.GetVpcArgs {
Default = true
}));
var vpcId = vpc.Apply(vpc => vpc.Id);
var subnet = vpcId.Apply(id => Pulumi.Aws.Ec2.GetSubnetIds.InvokeAsync(new Pulumi.Aws.Ec2.GetSubnetIdsArgs {
VpcId = id
}));
var subnetIds = subnet.Apply(s => s.Ids);
var ami = Output.Create(Pulumi.Aws.GetAmi.InvokeAsync(new Pulumi.Aws.GetAmiArgs
{
MostRecent = true,
Owners = { "137112412989" },
Filters = { new Pulumi.Aws.Inputs.GetAmiFiltersArgs
{
Name = "name", Values = { "amzn-ami-hvm-*" }
} }
}));
var group = new Pulumi.Aws.Ec2.SecurityGroup("web-secgrp", new Pulumi.Aws.Ec2.SecurityGroupArgs
{
Description = "Enable HTTP access",
Egress =
{
new Pulumi.Aws.Ec2.Inputs.SecurityGroupEgressArgs
{
Protocol = "-1",
FromPort = 0,
ToPort = 0,
CidrBlocks ={ "0.0.0.0/0" }
},
},
Ingress =
{
new Pulumi.Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "tcp",
FromPort = 80,
ToPort = 80,
CidrBlocks ={ "0.0.0.0/0" }
},
new Pulumi.Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "icmp",
FromPort = 8,
ToPort = 80,
CidrBlocks ={ "0.0.0.0/0" }
}
}
});
var loadbalancer = new Pulumi.Aws.LB.LoadBalancer("external-loadbalancer", new Pulumi.Aws.LB.LoadBalancerArgs
{
Internal = false,
SecurityGroups =
{
group.Id
},
Subnets = subnetIds,
LoadBalancerType = "application",
});
this.Url = loadbalancer.DnsName;
var targetGroup = new Pulumi.Aws.LB.TargetGroup("target-group", new Pulumi.Aws.LB.TargetGroupArgs
{
Port = 80,
Protocol = "HTTP",
TargetType = "ip",
VpcId = vpcId,
});
var listener = new Pulumi.Aws.LB.Listener("listener", new Pulumi.Aws.LB.ListenerArgs
{
LoadBalancerArn = loadbalancer.Arn,
Port = 80,
DefaultActions =
{
new Pulumi.Aws.LB.Inputs.ListenerDefaultActionsArgs
{
Type = "forward",
TargetGroupArn = targetGroup.Arn,
}
}
});
var userData = @"
#!/bin/bash
echo ""Hello, World!"" > index.html
nohup python -m SimpleHTTPServer 80 &
";
var azs = Pulumi.Aws.GetAvailabilityZones.InvokeAsync(new Pulumi.Aws.GetAvailabilityZonesArgs()).Result;
foreach (var az in azs.Names)
{
var server = new Pulumi.Aws.Ec2.Instance($"web-server-{az}", new Pulumi.Aws.Ec2.InstanceArgs
{
InstanceType = "t2.micro",
VpcSecurityGroupIds = { group.Id },
UserData = userData,
Ami = ami.Apply(a => a.Id),
AvailabilityZone = az,
});
var attachment = new Pulumi.Aws.LB.TargetGroupAttachment($"web-server-{az}", new Pulumi.Aws.LB.TargetGroupAttachmentArgs
{
Port = 80,
TargetGroupArn = targetGroup.Arn,
TargetId = server.PrivateIp,
});
}
}
private static void ConfigureEcsCluster()
{
cluster = new Ecs.Cluster($"{baseName}-cluster", null, new CustomResourceOptions());
// Create a SecurityGroup that permits HTTP ingress and unrestricted egress.
var webSg = new Ec2.SecurityGroup($"{baseName}-web-sg", new Ec2.SecurityGroupArgs
{
VpcId = vpcId,
Egress =
{
new Ec2.Inputs.SecurityGroupEgressArgs
{
Protocol = "-1",
FromPort = 0,
ToPort = 0,
CidrBlocks ={ "0.0.0.0/0" },
},
},
Ingress =
{
new Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "tcp",
FromPort = 80,
ToPort = 80,
CidrBlocks ={ "0.0.0.0/0" },
},
},
});
// Create an IAM role that can be used by our service's task.
var taskExecRole = new Iam.Role($"{baseName}-task-exec-role", new Iam.RoleArgs
{
AssumeRolePolicy = File.ReadAllText("perm.json"),
});
var taskExecAttach = new Iam.RolePolicyAttachment($"{baseName}-task-exec-policy", new Iam.RolePolicyAttachmentArgs
{
Role = taskExecRole.Name,
PolicyArn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
});
// Create a load balancer to listen for HTTP traffic on port 80.
var webLb = new Elb.LoadBalancer($"{baseName}-web-lb", new Elb.LoadBalancerArgs
{
Subnets = new InputList <string>()
{
subnetId, subnetTwoId
},
SecurityGroups = { webSg.Id },
});
var webTg = new Elb.TargetGroup($"{baseName}-web-tg", new Elb.TargetGroupArgs
{
Port = 80,
Protocol = "HTTP",
TargetType = "ip",
VpcId = vpcId,
});
var webListener = new Elb.Listener($"{baseName}-web-listener", new Elb.ListenerArgs
{
LoadBalancerArn = webLb.Arn,
Port = 80,
DefaultActions =
{
new Elb.Inputs.ListenerDefaultActionsArgs
{
Type = "forward",
TargetGroupArn = webTg.Arn,
},
},
});
var launchConfig = new Ec2.LaunchConfiguration($"{baseName}-launchconfig", new Ec2.LaunchConfigurationArgs()
{
ImageId = "ami-a1491ad2",
InstanceType = "t2.nano",
AssociatePublicIpAddress = true,
SecurityGroups = webSg.Id,
});
var scalingGroup = new Group($"{baseName}-autoscaling", new GroupArgs()
{
AvailabilityZones = new InputList <string>()
{
"eu-west-1a", "eu-west-1b"
},
VpcZoneIdentifiers = new InputList <string>()
{
subnetId, subnetTwoId
},
DesiredCapacity = 1,
LaunchConfiguration = launchConfig.Id,
MaxSize = 1,
MinSize = 0,
});
// Spin up a load balanced service running our container image.
var appTask = new Ecs.TaskDefinition($"{baseName}-app-task", new Ecs.TaskDefinitionArgs
{
Family = "fargate-task-definition",
Cpu = "256",
Memory = "512",
NetworkMode = "awsvpc",
RequiresCompatibilities = { "FARGATE", "EC2" },
ExecutionRoleArn = taskExecRole.Arn,
ContainerDefinitions = @"[{
""name"": ""my-app"",
""image"": ""nginx"",
""portMappings"": [{
""containerPort"": 80,
""hostPort"": 80,
""protocol"": ""tcp""
}]
}]",
});
var ec2Svc = new Ecs.Service($"{baseName}-ec2-svc", new Ecs.ServiceArgs()
{
Cluster = cluster.Arn,
DesiredCount = 1,
LaunchType = "EC2",
TaskDefinition = appTask.Arn,
NetworkConfiguration = new Ecs.Inputs.ServiceNetworkConfigurationArgs
{
Subnets = new InputList <string>()
{
subnetId, subnetTwoId
},
SecurityGroups = { webSg.Id },
},
LoadBalancers =
{
new Ecs.Inputs.ServiceLoadBalancersArgs
{
TargetGroupArn = webTg.Arn,
ContainerName = "my-app",
ContainerPort = 80,
},
},
}, new CustomResourceOptions {
DependsOn = { webListener }
});
}
public MyStack()
{
var cluster = new Pulumi.Aws.Ecs.Cluster("app-cluster");
// Read back the default VPC and public subnets, which we will use.
var vpc = Output.Create(Pulumi.Aws.Ec2.GetVpc.InvokeAsync(new Pulumi.Aws.Ec2.GetVpcArgs {
Default = true
}));
var vpcId = vpc.Apply(vpc => vpc.Id);
var subnet = vpcId.Apply(id => Pulumi.Aws.Ec2.GetSubnetIds.InvokeAsync(new Pulumi.Aws.Ec2.GetSubnetIdsArgs {
VpcId = id
}));
var subnetIds = subnet.Apply(s => s.Ids);
// Create a SecurityGroup that permits HTTP ingress and unrestricted egress.
var webSg = new Pulumi.Aws.Ec2.SecurityGroup("web-sg", new Pulumi.Aws.Ec2.SecurityGroupArgs
{
VpcId = vpcId,
Egress =
{
new Pulumi.Aws.Ec2.Inputs.SecurityGroupEgressArgs
{
Protocol = "-1",
FromPort = 0,
ToPort = 0,
CidrBlocks ={ "0.0.0.0/0" }
}
},
Ingress =
{
new Pulumi.Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "tcp",
FromPort = 80,
ToPort = 80,
CidrBlocks ={ "0.0.0.0/0" }
}
}
});
// Create a load balancer to listen for HTTP traffic on port 80.
var webLb = new Pulumi.Aws.LB.LoadBalancer("web-lb", new Pulumi.Aws.LB.LoadBalancerArgs
{
Subnets = subnetIds,
SecurityGroups = { webSg.Id }
});
var webTg = new Pulumi.Aws.LB.TargetGroup("web-tg", new Pulumi.Aws.LB.TargetGroupArgs
{
Port = 80,
Protocol = "HTTP",
TargetType = "ip",
VpcId = vpcId
});
var webListener = new Pulumi.Aws.LB.Listener("web-listener", new Pulumi.Aws.LB.ListenerArgs
{
LoadBalancerArn = webLb.Arn,
Port = 80,
DefaultActions =
{
new Pulumi.Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = webTg.Arn,
}
}
});
}
public MyStack()
{
var vpc = Output.Create(Aws.Ec2.GetVpc.InvokeAsync(new Aws.Ec2.GetVpcArgs
{
Default = true,
}));
var subnets = vpc.Apply(vpc => Output.Create(Aws.Ec2.GetSubnetIds.InvokeAsync(new Aws.Ec2.GetSubnetIdsArgs
{
VpcId = vpc.Id,
})));
// Create a security group that permits HTTP ingress and unrestricted egress.
var webSecurityGroup = new Aws.Ec2.SecurityGroup("webSecurityGroup", new Aws.Ec2.SecurityGroupArgs
{
VpcId = vpc.Apply(vpc => vpc.Id),
Egress =
{
new Aws.Ec2.Inputs.SecurityGroupEgressArgs
{
Protocol = "-1",
FromPort = 0,
ToPort = 0,
CidrBlocks =
{
"0.0.0.0/0",
},
},
},
Ingress =
{
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "tcp",
FromPort = 80,
ToPort = 80,
CidrBlocks =
{
"0.0.0.0/0",
},
},
},
});
// Create an ECS cluster to run a container-based service.
var cluster = new Aws.Ecs.Cluster("cluster", new Aws.Ecs.ClusterArgs
{
});
// Create an IAM role that can be used by our service's task.
var taskExecRole = new Aws.Iam.Role("taskExecRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary <string, object?>
{
{ "Version", "2008-10-17" },
{ "Statement", new[]
{
new Dictionary <string, object?>
{
{ "Sid", "" },
{ "Effect", "Allow" },
{ "Principal", new Dictionary <string, object?>
{
{ "Service", "ecs-tasks.amazonaws.com" },
} },
{ "Action", "sts:AssumeRole" },
},
} },
}),
});
var taskExecRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("taskExecRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
Role = taskExecRole.Name,
PolicyArn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
});
// Create a load balancer to listen for HTTP traffic on port 80.
var webLoadBalancer = new Aws.ElasticLoadBalancingV2.LoadBalancer("webLoadBalancer", new Aws.ElasticLoadBalancingV2.LoadBalancerArgs
{
Subnets = subnets.Apply(subnets => subnets.Ids),
SecurityGroups =
{
webSecurityGroup.Id,
},
});
var webTargetGroup = new Aws.ElasticLoadBalancingV2.TargetGroup("webTargetGroup", new Aws.ElasticLoadBalancingV2.TargetGroupArgs
{
Port = 80,
Protocol = "HTTP",
TargetType = "ip",
VpcId = vpc.Apply(vpc => vpc.Id),
});
var webListener = new Aws.ElasticLoadBalancingV2.Listener("webListener", new Aws.ElasticLoadBalancingV2.ListenerArgs
{
LoadBalancerArn = webLoadBalancer.Arn,
Port = 80,
DefaultActions =
{
new Aws.ElasticLoadBalancingV2.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = webTargetGroup.Arn,
},
},
});
// Spin up a load balanced service running NGINX
var appTask = new Aws.Ecs.TaskDefinition("appTask", new Aws.Ecs.TaskDefinitionArgs
{
Family = "fargate-task-definition",
Cpu = "256",
Memory = "512",
NetworkMode = "awsvpc",
RequiresCompatibilities =
{
"FARGATE",
},
ExecutionRoleArn = taskExecRole.Arn,
ContainerDefinitions = JsonSerializer.Serialize(new[]
{
new Dictionary <string, object?>
{
{ "name", "my-app" },
{ "image", "nginx" },
{ "portMappings", new[]
{
new Dictionary <string, object?>
{
{ "containerPort", 80 },
{ "hostPort", 80 },
{ "protocol", "tcp" },
},
} },
},
}
),
});
var appService = new Aws.Ecs.Service("appService", new Aws.Ecs.ServiceArgs
{
Cluster = cluster.Arn,
DesiredCount = 5,
LaunchType = "FARGATE",
TaskDefinition = appTask.Arn,
NetworkConfiguration = new Aws.Ecs.Inputs.ServiceNetworkConfigurationArgs
{
AssignPublicIp = true,
Subnets = subnets.Apply(subnets => subnets.Ids),
SecurityGroups =
{
webSecurityGroup.Id,
},
},
LoadBalancers =
{
new Aws.Ecs.Inputs.ServiceLoadBalancerArgs
{
TargetGroupArn = webTargetGroup.Arn,
ContainerName = "my-app",
ContainerPort = 80,
},
},
}, new CustomResourceOptions
{
DependsOn =
{
webListener,
},
});
this.Url = webLoadBalancer.DnsName;
}
public MyStack()
{
var ami = Output.Create(Pulumi.Aws.GetAmi.InvokeAsync(new Pulumi.Aws.GetAmiArgs
{
MostRecent = true,
Owners = { "137112412989" },
Filters = { new Pulumi.Aws.Inputs.GetAmiFiltersArgs
{
Name = "name", Values = { "amzn-ami-hvm-*" }
} }
}));
var group = new Pulumi.Aws.Ec2.SecurityGroup("web-secgrp", new Pulumi.Aws.Ec2.SecurityGroupArgs
{
Description = "Enable HTTP access",
Ingress =
{
new Pulumi.Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "tcp",
FromPort = 80,
ToPort = 80,
CidrBlocks ={ "0.0.0.0/0" }
},
new Pulumi.Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "icmp",
FromPort = 8,
ToPort = 80,
CidrBlocks ={ "0.0.0.0/0" }
}
}
});
var userData = @"
#!/bin/bash
echo ""Hello, World!"" > index.html
nohup python -m SimpleHTTPServer 80 &
";
var azs = Pulumi.Aws.GetAvailabilityZones.InvokeAsync(new Pulumi.Aws.GetAvailabilityZonesArgs()).Result;
var hostnames = new List <Input <string> >();
var ips = new List <Input <string> >();
foreach (var az in azs.Names)
{
var server = new Pulumi.Aws.Ec2.Instance($"web-server-{az}", new Pulumi.Aws.Ec2.InstanceArgs
{
InstanceType = "t2.micro",
VpcSecurityGroupIds = { group.Id },
UserData = userData,
Ami = ami.Apply(a => a.Id),
AvailabilityZone = az,
});
hostnames.Add(server.PublicDns);
ips.Add(server.PublicIp);
}
this.PublicIps = Output.All(ips.ToImmutableArray());
this.PublicDns = Output.All(hostnames.ToImmutableArray());
}
public MyStack()
{
var ecsInstanceRoleRole = new Aws.Iam.Role("ecsInstanceRoleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""ec2.amazonaws.com""
}
}
]
}
",
});
var ecsInstanceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("ecsInstanceRoleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role",
Role = ecsInstanceRoleRole.Name,
});
var ecsInstanceRoleInstanceProfile = new Aws.Iam.InstanceProfile("ecsInstanceRoleInstanceProfile", new Aws.Iam.InstanceProfileArgs
{
Role = ecsInstanceRoleRole.Name,
});
var awsBatchServiceRoleRole = new Aws.Iam.Role("awsBatchServiceRoleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""batch.amazonaws.com""
}
}
]
}
",
});
var awsBatchServiceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("awsBatchServiceRoleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole",
Role = awsBatchServiceRoleRole.Name,
});
var sampleSecurityGroup = new Aws.Ec2.SecurityGroup("sampleSecurityGroup", new Aws.Ec2.SecurityGroupArgs
{
Egress =
{
new Aws.Ec2.Inputs.SecurityGroupEgressArgs
{
CidrBlocks =
{
"0.0.0.0/0",
},
FromPort = 0,
Protocol = "-1",
ToPort = 0,
},
},
});
var sampleVpc = new Aws.Ec2.Vpc("sampleVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
});
var sampleSubnet = new Aws.Ec2.Subnet("sampleSubnet", new Aws.Ec2.SubnetArgs
{
CidrBlock = "10.1.1.0/24",
VpcId = sampleVpc.Id,
});
var sampleComputeEnvironment = new Aws.Batch.ComputeEnvironment("sampleComputeEnvironment", new Aws.Batch.ComputeEnvironmentArgs
{
ComputeEnvironmentName = "sample",
ComputeResources = new Aws.Batch.Inputs.ComputeEnvironmentComputeResourcesArgs
{
InstanceRole = ecsInstanceRoleInstanceProfile.Arn,
InstanceType =
{
"c4.large",
},
MaxVcpus = 16,
MinVcpus = 0,
SecurityGroupIds =
{
sampleSecurityGroup.Id,
},
Subnets =
{
sampleSubnet.Id,
},
Type = "EC2",
},
ServiceRole = awsBatchServiceRoleRole.Arn,
Type = "MANAGED",
}, new CustomResourceOptions
{
DependsOn =
{
"aws_iam_role_policy_attachment.aws_batch_service_role",
},
});
}
public MyStack()
{
// Read back the default VPC and public subnets, which we will use.
var vpc = Output.Create(Ec2.GetVpc.InvokeAsync(new Ec2.GetVpcArgs {
Default = true
}));
var vpcId = vpc.Apply(vpc => vpc.Id);
var subnet = vpcId.Apply(id => Ec2.GetSubnetIds.InvokeAsync(new Ec2.GetSubnetIdsArgs {
VpcId = id
}));
var subnetIds = subnet.Apply(s => s.Ids);
// Create an IAM role that can be used by our service's task.
var eksRole = new Iam.Role("eks-iam-eksRole", new Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2008-10-17"",
""Statement"": [{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""eks.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}]
}"
});
var eksPolicies = new Dictionary <string, string>
{
{ "service-policy", "arn:aws:iam::aws:policy/AmazonEKSServicePolicy" },
{ "cluster-policy", "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" }
};
foreach (var(name, policy) in eksPolicies)
{
var taskExecAttach = new Iam.RolePolicyAttachment($"rpa-{name}",
new Iam.RolePolicyAttachmentArgs
{
Role = eksRole.Name,
PolicyArn = policy,
});
}
// Create an IAM role that can be used by our service's task.
var nodeGroupRole = new Iam.Role("nodegroup-iam-role", new Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2008-10-17"",
""Statement"": [{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""ec2.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}]
}"
});
var nodeGroupPolicies = new Dictionary <string, string>
{
{ "worker", "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy" },
{ "cni", "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" },
{ "registry", "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" }
};
foreach (var(name, policy) in nodeGroupPolicies)
{
var taskExecAttach = new Iam.RolePolicyAttachment($"ngpa-{name}",
new Iam.RolePolicyAttachmentArgs
{
Role = nodeGroupRole.Name,
PolicyArn = policy,
});
}
var clusterSg = new Ec2.SecurityGroup("cluster-sg", new Ec2.SecurityGroupArgs
{
VpcId = vpcId,
Egress =
{
new Ec2.Inputs.SecurityGroupEgressArgs
{
Protocol = "-1",
FromPort = 0,
ToPort = 0,
CidrBlocks ={ "0.0.0.0/0" }
}
},
Ingress =
{
new Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "tcp",
FromPort = 80,
ToPort = 80,
CidrBlocks ={ "0.0.0.0/0" }
}
}
});
var cluster = new Eks.Cluster("eks-cluster", new Eks.ClusterArgs
{
RoleArn = eksRole.Arn,
VpcConfig = new ClusterVpcConfigArgs
{
PublicAccessCidrs =
{
"0.0.0.0/0",
},
SecurityGroupIds =
{
clusterSg.Id,
},
SubnetIds = subnetIds,
},
});
var nodeGroup = new Eks.NodeGroup("node-group", new Eks.NodeGroupArgs
{
ClusterName = cluster.Name,
NodeGroupName = "demo-eks-nodegroup",
NodeRoleArn = nodeGroupRole.Arn,
SubnetIds = subnetIds,
ScalingConfig = new NodeGroupScalingConfigArgs
{
DesiredSize = 2,
MaxSize = 2,
MinSize = 2
},
});
this.Kubeconfig = GenerateKubeconfig(cluster.Endpoint,
cluster.CertificateAuthority.Apply(x => x.Data),
cluster.Name);
}
public MyStack()
{
var cluster = new Pulumi.Aws.Ecs.Cluster("app-cluster");
// Read back the default VPC and public subnets, which we will use.
var vpc = Output.Create(Pulumi.Aws.Ec2.GetVpc.InvokeAsync(new Pulumi.Aws.Ec2.GetVpcArgs {
Default = true
}));
var vpcId = vpc.Apply(vpc => vpc.Id);
var subnet = vpcId.Apply(id => Pulumi.Aws.Ec2.GetSubnetIds.InvokeAsync(new Pulumi.Aws.Ec2.GetSubnetIdsArgs {
VpcId = id
}));
var subnetIds = subnet.Apply(s => s.Ids);
// Create a SecurityGroup that permits HTTP ingress and unrestricted egress.
var webSg = new Pulumi.Aws.Ec2.SecurityGroup("web-sg", new Pulumi.Aws.Ec2.SecurityGroupArgs
{
VpcId = vpcId,
Egress =
{
new Pulumi.Aws.Ec2.Inputs.SecurityGroupEgressArgs
{
Protocol = "-1",
FromPort = 0,
ToPort = 0,
CidrBlocks ={ "0.0.0.0/0" }
}
},
Ingress =
{
new Pulumi.Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "tcp",
FromPort = 80,
ToPort = 80,
CidrBlocks ={ "0.0.0.0/0" }
}
}
});
// Create a load balancer to listen for HTTP traffic on port 80.
var webLb = new Pulumi.Aws.LB.LoadBalancer("web-lb", new Pulumi.Aws.LB.LoadBalancerArgs
{
Subnets = subnetIds,
SecurityGroups = { webSg.Id }
});
var webTg = new Pulumi.Aws.LB.TargetGroup("web-tg", new Pulumi.Aws.LB.TargetGroupArgs
{
Port = 80,
Protocol = "HTTP",
TargetType = "ip",
VpcId = vpcId
});
var webListener = new Pulumi.Aws.LB.Listener("web-listener", new Pulumi.Aws.LB.ListenerArgs
{
LoadBalancerArn = webLb.Arn,
Port = 80,
DefaultActions =
{
new Pulumi.Aws.LB.Inputs.ListenerDefaultActionsArgs
{
Type = "forward",
TargetGroupArn = webTg.Arn,
}
}
});
// Create an IAM role that can be used by our service's task.
var taskExecRole = new Pulumi.Aws.Iam.Role("task-exec-role", new Pulumi.Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2008-10-17"",
""Statement"": [{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""ecs-tasks.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}]
}"
});
var taskExecAttach = new Pulumi.Aws.Iam.RolePolicyAttachment("task-exec-policy", new Pulumi.Aws.Iam.RolePolicyAttachmentArgs
{
Role = taskExecRole.Name,
PolicyArn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
});
// Spin up a load balanced service running our container image.
var appTask = new Pulumi.Aws.Ecs.TaskDefinition("app-task", new Pulumi.Aws.Ecs.TaskDefinitionArgs
{
Family = "fargate-task-definition",
Cpu = "256",
Memory = "512",
NetworkMode = "awsvpc",
RequiresCompatibilities = { "FARGATE" },
ExecutionRoleArn = taskExecRole.Arn,
ContainerDefinitions = @"[{
""name"": ""my-app"",
""image"": ""nginx"",
""portMappings"": [{
""containerPort"": 80,
""hostPort"": 80,
""protocol"": ""tcp""
}]
}]",
});
var appSvc = new Pulumi.Aws.Ecs.Service("app-svc", new Pulumi.Aws.Ecs.ServiceArgs
{
Cluster = cluster.Arn,
DesiredCount = 1,
LaunchType = "FARGATE",
TaskDefinition = appTask.Arn,
NetworkConfiguration = new Pulumi.Aws.Ecs.Inputs.ServiceNetworkConfigurationArgs
{
AssignPublicIp = true,
Subnets = subnetIds,
SecurityGroups = { webSg.Id }
},
LoadBalancers =
{
new Pulumi.Aws.Ecs.Inputs.ServiceLoadBalancersArgs
{
TargetGroupArn = webTg.Arn,
ContainerName = "my-app",
ContainerPort = 80
}
}
}, new CustomResourceOptions {
DependsOn = { webListener }
});
// Export the resulting web address.
this.Url = Output.Format($"http://{webLb.DnsName}");
}
public EksStack()
{
// Read back the default VPC and public subnets, which we will use.
var vpc = Output.Create(Ec2.GetVpc.InvokeAsync(new Ec2.GetVpcArgs {
Default = true
}));
var vpcId = vpc.Apply(vpc => vpc.Id);
var subnet = vpcId.Apply(id => Ec2.GetSubnetIds.InvokeAsync(new Ec2.GetSubnetIdsArgs {
VpcId = id
}));
var subnetIds = subnet.Apply(s => s.Ids);
// Create an IAM role that can be used by our service's task.
var eksRole = new Iam.Role("eks-iam-eksRole", new Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2008-10-17"",
""Statement"": [{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""eks.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}]
}"
});
var eksPolicies = new Dictionary <string, string>
{
{ "service-policy", "arn:aws:iam::aws:policy/AmazonEKSServicePolicy" },
{ "cluster-policy", "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" }
};
foreach (var(name, policy) in eksPolicies)
{
var taskExecAttach = new Iam.RolePolicyAttachment($"rpa-{name}",
new Iam.RolePolicyAttachmentArgs
{
Role = eksRole.Name,
PolicyArn = policy,
});
}
// Create an IAM role that can be used by our service's task.
var nodeGroupRole = new Iam.Role("nodegroup-iam-role", new Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2008-10-17"",
""Statement"": [{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""ec2.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}]
}"
});
var nodeGroupPolicies = new Dictionary <string, string>
{
{ "worker", "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy" },
{ "cni", "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" },
{ "registry", "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" }
};
foreach (var(name, policy) in nodeGroupPolicies)
{
var taskExecAttach = new Iam.RolePolicyAttachment($"ngpa-{name}",
new Iam.RolePolicyAttachmentArgs
{
Role = nodeGroupRole.Name,
PolicyArn = policy,
});
}
var clusterSg = new Ec2.SecurityGroup("cluster-sg", new Ec2.SecurityGroupArgs
{
VpcId = vpcId,
Egress =
{
new Ec2.Inputs.SecurityGroupEgressArgs
{
Protocol = "-1",
FromPort = 0,
ToPort = 0,
CidrBlocks ={ "0.0.0.0/0" }
}
},
Ingress =
{
new Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "tcp",
FromPort = 80,
ToPort = 80,
CidrBlocks ={ "0.0.0.0/0" }
}
}
});
var cluster = new Eks.Cluster("eks-cluster", new Eks.ClusterArgs
{
RoleArn = eksRole.Arn,
VpcConfig = new ClusterVpcConfigArgs
{
PublicAccessCidrs =
{
"0.0.0.0/0",
},
SecurityGroupIds =
{
clusterSg.Id,
},
SubnetIds = subnetIds,
},
});
var nodeGroup = new Eks.NodeGroup("node-group", new Eks.NodeGroupArgs
{
ClusterName = cluster.Name,
NodeGroupName = "demo-eks-nodegroup",
NodeRoleArn = nodeGroupRole.Arn,
SubnetIds = subnetIds,
ScalingConfig = new NodeGroupScalingConfigArgs
{
DesiredSize = 2,
MaxSize = 2,
MinSize = 2
},
});
this.Kubeconfig = GenerateKubeconfig(cluster.Endpoint,
cluster.CertificateAuthority.Apply(x => x.Data),
cluster.Name);
var k8sProvider = new K8s.Provider("k8s-provider", new K8s.ProviderArgs
{
KubeConfig = this.Kubeconfig
}, new CustomResourceOptions
{
DependsOn = { nodeGroup },
});
var appNamespace = new CoreV1.Namespace("app-ns", new NamespaceArgs
{
Metadata = new ObjectMetaArgs
{
Name = "joe-duffy",
},
}, new CustomResourceOptions
{
Provider = k8sProvider,
});
var appLabels = new InputMap <string>
{
{ "app", "iac-workshop" }
};
var deployment = new AppsV1.Deployment("app-dep", new DeploymentArgs
{
Metadata = new ObjectMetaArgs
{
Namespace = appNamespace.Metadata.Apply(x => x.Name),
},
Spec = new DeploymentSpecArgs
{
Selector = new LabelSelectorArgs
{
MatchLabels = appLabels
},
Replicas = 1,
Template = new PodTemplateSpecArgs
{
Metadata = new ObjectMetaArgs
{
Labels = appLabels
},
Spec = new PodSpecArgs
{
Containers =
{
new ContainerArgs
{
Name = "iac-workshop",
Image = "jocatalin/kubernetes-bootcamp:v2",
}
}
}
}
},
}, new CustomResourceOptions
{
Provider = k8sProvider,
});
var service = new CoreV1.Service("app-service", new ServiceArgs
{
Metadata = new ObjectMetaArgs
{
Namespace = appNamespace.Metadata.Apply(x => x.Name),
Labels = deployment.Spec.Apply(spec => spec.Template.Metadata.Labels),
},
Spec = new ServiceSpecArgs
{
Type = "LoadBalancer",
Ports =
{
new ServicePortArgs
{
Port = 80,
TargetPort = 8080
},
},
Selector = deployment.Spec.Apply(spec => spec.Template.Metadata.Labels)
},
}, new CustomResourceOptions
{
Provider = k8sProvider,
});
this.Url = service.Status.Apply(status => status.LoadBalancer.Ingress[0].Hostname);
}
public MyStack()
{
var ami = Pulumi.Aws.GetAmi.InvokeAsync(new Pulumi.Aws.GetAmiArgs
{
Filters =
{
new GetAmiFilterArgs
{
Name = "name",
Values ={ "amzn-ami-hvm-*" },
},
},
Owners = { "137112412989" }, // This owner ID is Amazon
MostRecent = true,
}).Result;
var securityGroup = new Pulumi.Aws.Ec2.SecurityGroup($"webserver-secgrp-1", new SecurityGroupArgs
{
Ingress = new SecurityGroupIngressArgs {
Protocol = "tcp", FromPort = 22, ToPort = 22, CidrBlocks = { "0.0.0.0/0" }
}
});
var spotRequest = new Pulumi.Aws.Ec2.SpotInstanceRequest($"dev-request-1", new SpotInstanceRequestArgs
{
Ami = ami.ImageId,
InstanceType = "t2.micro",
SpotPrice = "0.04",
Tags = { { "Name", "testing" }, { "env", "dev" }, },
WaitForFulfillment = true
});
//What is the best way from here on out to add Tags to the resulting SpotInstance created from the resource above?
//---------------- OPTION 1 ----------------
//Do some sort of wait in a for loop to check for the spotRequest.SpotInstanceId?
//If I could get access to the SpotInstanceId, I can leverage the AWS SDK probably to tag the instances.
//The problem is, I can never get the value of the SpotInstanceId, everything I try just returns: Pulumi.Output`1[System.String]
//if (!Deployment.Instance.IsDryRun)
//{
// Console.WriteLine($"SpotInstanceId: {spotRequest.SpotInstanceId}");
// Console.WriteLine($"SpotInstanceId: {spotRequest.SpotInstanceId.ToString()}");
// Console.WriteLine($"SpotInstanceId: {spotRequest.SpotInstanceId.Apply(x => x)}");
// Console.WriteLine($"SpotInstanceId: {spotRequest.SpotInstanceId.Apply(x => x.ToString())}");
// Console.WriteLine($"SpotInstanceId: {spotRequest.SpotInstanceId.Apply(x => x).ToString()}");
// WaitAndTry(spotRequest).Wait();
//}
//---------------- END OPTION 1 ---------------
//---------------- OPTION 2 --------------------
//Do I have to do a multi-step process to import the resulting instance ID, and then update the tags on the instance that I import?
//Output the SpotInstanceId
SpotInstanceId = spotRequest.SpotInstanceId;
//Run this THE SECOND TIME you run the `pulumi up` command
////var stackReference = new StackReference($"replace/with-your/stack");
////var instanceId = stackReference.GetValueAsync("SpotInstanceId").Result.ToString();
////var ec2Instance = new Pulumi.Aws.Ec2.Instance($"imported-instance", new InstanceArgs
////{
//// Ami = ami.ImageId,
//// InstanceType = "t2.micro",
////}, new CustomResourceOptions
////{
//// DependsOn = spotRequest,
//// ImportId = instanceId
////});
//Run this THE THIRD TIME you run the `pulumi up` command
//////var ec2Instance = new Pulumi.Aws.Ec2.Instance($"imported-instance", new InstanceArgs
//////{
////// Ami = ami.ImageId,
////// InstanceType = "t2.micro",
////// Tags = { { "Name", "testing" }, { "env", "dev" }, },
//////}, new CustomResourceOptions
//////{
////// DependsOn = spotRequest,
//////});
//---------------- END OPTION 2 ---------------------
}
private async Task <IDictionary <string, Output <string> > > Initialize()
{
// VPC
var eksVpc = new Aws.Ec2.Vpc("eksVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.100.0.0/16",
InstanceTenancy = "default",
EnableDnsHostnames = true,
EnableDnsSupport = true,
Tags =
{
{ "Name", "pulumi-eks-vpc" },
},
});
var eksIgw = new Aws.Ec2.InternetGateway("eksIgw", new Aws.Ec2.InternetGatewayArgs
{
VpcId = eksVpc.Id,
Tags =
{
{ "Name", "pulumi-vpc-ig" },
},
});
var eksRouteTable = new Aws.Ec2.RouteTable("eksRouteTable", new Aws.Ec2.RouteTableArgs
{
VpcId = eksVpc.Id,
Routes =
{
new Aws.Ec2.Inputs.RouteTableRouteArgs
{
CidrBlock = "0.0.0.0/0",
GatewayId = eksIgw.Id,
},
},
Tags =
{
{ "Name", "pulumi-vpc-rt" },
},
});
// Subnets, one for each AZ in a region
var zones = await Aws.GetAvailabilityZones.InvokeAsync();
var vpcSubnet = new List <Aws.Ec2.Subnet>();
foreach (var range in zones.Names.Select((v, k) => new { Key = k, Value = v }))
{
vpcSubnet.Add(new Aws.Ec2.Subnet($"vpcSubnet-{range.Key}", new Aws.Ec2.SubnetArgs
{
AssignIpv6AddressOnCreation = false,
VpcId = eksVpc.Id,
MapPublicIpOnLaunch = true,
CidrBlock = $"10.100.{range.Key}.0/24",
AvailabilityZone = range.Value,
Tags =
{
{ "Name", $"pulumi-sn-{range.Value}" },
},
}));
}
var rta = new List <Aws.Ec2.RouteTableAssociation>();
foreach (var range in zones.Names.Select((v, k) => new { Key = k, Value = v }))
{
rta.Add(new Aws.Ec2.RouteTableAssociation($"rta-{range.Key}", new Aws.Ec2.RouteTableAssociationArgs
{
RouteTableId = eksRouteTable.Id,
SubnetId = vpcSubnet[range.Key].Id,
}));
}
var subnetIds = vpcSubnet.Select(__item => __item.Id).ToList();
var eksSecurityGroup = new Aws.Ec2.SecurityGroup("eksSecurityGroup", new Aws.Ec2.SecurityGroupArgs
{
VpcId = eksVpc.Id,
Description = "Allow all HTTP(s) traffic to EKS Cluster",
Tags =
{
{ "Name", "pulumi-cluster-sg" },
},
Ingress =
{
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
CidrBlocks =
{
"0.0.0.0/0",
},
FromPort = 443,
ToPort = 443,
Protocol = "tcp",
Description = "Allow pods to communicate with the cluster API Server.",
},
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
CidrBlocks =
{
"0.0.0.0/0",
},
FromPort = 80,
ToPort = 80,
Protocol = "tcp",
Description = "Allow internet access to pods",
},
},
});
// EKS Cluster Role
var eksRole = new Aws.Iam.Role("eksRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary <string, object?>
{
{ "Version", "2012-10-17" },
{ "Statement", new[]
{
new Dictionary <string, object?>
{
{ "Action", "sts:AssumeRole" },
{ "Principal", new Dictionary <string, object?>
{
{ "Service", "eks.amazonaws.com" },
} },
{ "Effect", "Allow" },
{ "Sid", "" },
},
} },
}),
});
var servicePolicyAttachment = new Aws.Iam.RolePolicyAttachment("servicePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
Role = eksRole.Id,
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy",
});
var clusterPolicyAttachment = new Aws.Iam.RolePolicyAttachment("clusterPolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
Role = eksRole.Id,
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
});
// EC2 NodeGroup Role
var ec2Role = new Aws.Iam.Role("ec2Role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary <string, object?>
{
{ "Version", "2012-10-17" },
{ "Statement", new[]
{
new Dictionary <string, object?>
{
{ "Action", "sts:AssumeRole" },
{ "Principal", new Dictionary <string, object?>
{
{ "Service", "ec2.amazonaws.com" },
} },
{ "Effect", "Allow" },
{ "Sid", "" },
},
} },
}),
});
var workerNodePolicyAttachment = new Aws.Iam.RolePolicyAttachment("workerNodePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
Role = ec2Role.Id,
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
});
var cniPolicyAttachment = new Aws.Iam.RolePolicyAttachment("cniPolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
Role = ec2Role.Id,
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSCNIPolicy",
});
var registryPolicyAttachment = new Aws.Iam.RolePolicyAttachment("registryPolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
Role = ec2Role.Id,
PolicyArn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
});
// EKS Cluster
var eksCluster = new Aws.Eks.Cluster("eksCluster", new Aws.Eks.ClusterArgs
{
RoleArn = eksRole.Arn,
Tags =
{
{ "Name", "pulumi-eks-cluster" },
},
VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs
{
PublicAccessCidrs =
{
"0.0.0.0/0",
},
SecurityGroupIds =
{
eksSecurityGroup.Id,
},
SubnetIds = subnetIds,
},
});
var nodeGroup = new Aws.Eks.NodeGroup("nodeGroup", new Aws.Eks.NodeGroupArgs
{
ClusterName = eksCluster.Name,
NodeGroupName = "pulumi-eks-nodegroup",
NodeRoleArn = ec2Role.Arn,
SubnetIds = subnetIds,
Tags =
{
{ "Name", "pulumi-cluster-nodeGroup" },
},
ScalingConfig = new Aws.Eks.Inputs.NodeGroupScalingConfigArgs
{
DesiredSize = 2,
MaxSize = 2,
MinSize = 1,
},
});
var clusterName = eksCluster.Name;
var kubeconfig = Output.Tuple(eksCluster.Endpoint, eksCluster.CertificateAuthority, eksCluster.Name).Apply(values =>
{
var endpoint = values.Item1;
var certificateAuthority = values.Item2;
var name = values.Item3;
return(JsonSerializer.Serialize(new Dictionary <string, object?>
{
{ "apiVersion", "v1" },
{ "clusters", new[]
{
new Dictionary <string, object?>
{
{ "cluster", new Dictionary <string, object?>
{
{ "server", endpoint },
{ "certificate-authority-data", certificateAuthority.Data },
} },
{ "name", "kubernetes" },
},
} },
{ "contexts", new[]
{
new Dictionary <string, object?>
{
{ "contest", new Dictionary <string, object?>
{
{ "cluster", "kubernetes" },
{ "user", "aws" },
} },
},
} },
{ "current-context", "aws" },
{ "kind", "Config" },
{ "users", new[]
{
new Dictionary <string, object?>
{
{ "name", "aws" },
{ "user", new Dictionary <string, object?>
{
{ "exec", new Dictionary <string, object?>
{
{ "apiVersion", "client.authentication.k8s.io/v1alpha1" },
{ "command", "aws-iam-authenticator" },
} },
{ "args", new[]
{
"token",
"-i",
name,
} },
} },
},
} },
}));
});
return(new Dictionary <string, Output <string> >
{
{ "clusterName", clusterName },
{ "kubeconfig", kubeconfig },
});
}
