private void ConfigureTaskDefinition(IRecipeProps <Configuration> props)
{
var settings = props.Settings;
AppTaskDefinition = new FargateTaskDefinition(this, nameof(AppTaskDefinition), InvokeCustomizeCDKPropsEvent(nameof(AppTaskDefinition), this, new FargateTaskDefinitionProps
{
TaskRole = AppIAMTaskRole,
Cpu = settings.TaskCpu,
MemoryLimitMiB = settings.TaskMemory
}));
AppLogging = new AwsLogDriver(InvokeCustomizeCDKPropsEvent(nameof(AppLogging), this, new AwsLogDriverProps
{
StreamPrefix = props.StackName
}));
if (string.IsNullOrEmpty(props.ECRRepositoryName))
{
throw new InvalidOrMissingConfigurationException("The provided ECR Repository Name is null or empty.");
}
var ecrRepository = Repository.FromRepositoryName(this, "ECRRepository", props.ECRRepositoryName);
AppContainerDefinition = new ContainerDefinitionOptions
{
Image = ContainerImage.FromEcrRepository(ecrRepository, props.ECRImageTag),
Logging = AppLogging
};
AppTaskDefinition.AddContainer(nameof(AppContainerDefinition), InvokeCustomizeCDKPropsEvent(nameof(AppContainerDefinition), this, AppContainerDefinition));
}
public static FargateTaskDefinition CreateTaskDefinition1(Construct scope)
{
var repo = CreateDockerContainerImage(scope);
var taskDefinition = new FargateTaskDefinition(scope, "DownloadAccuzipFileTaskDefinition", new FargateTaskDefinitionProps()
{
MemoryLimitMiB = 2048,
});
taskDefinition.AddContainer(Config.ECR_REPO_NAME, new ContainerDefinitionProps()
{
MemoryLimitMiB = 2048,
Image = ContainerImage.FromEcrRepository(repo),
Logging = new AwsLogDriver(new AwsLogDriverProps()
{
StreamPrefix = "dmappresort"
})
});
var policyStatement = new Amazon.CDK.AWS.IAM.PolicyStatement();
policyStatement.AddAllResources();
policyStatement.AddActions(new string[] { "s3:*" });
taskDefinition.AddToTaskRolePolicy(policyStatement);
return(taskDefinition);
}
internal CdkFargateStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
var vpc = new Vpc(this, "SatellytesVpc", new VpcProps
{
Cidr = "10.0.0.0/16",
MaxAzs = 1,
SubnetConfiguration = new[] {
new SubnetConfiguration()
{
Name = "Satellytes/public",
SubnetType = SubnetType.PUBLIC,
}
},
});
var cluster = new Cluster(this, "SatellytesCluster", new ClusterProps
{
Vpc = vpc,
});
var taskDefinition = new TaskDefinition(this, "SatellytesWebTask", new TaskDefinitionProps {
TaskRole = Role.FromRoleArn(this, "taskRole", "arn:aws:iam::576853867587:role/ecsTaskExecutionRole", new FromRoleArnOptions()
{
Mutable = false
}),
ExecutionRole = Role.FromRoleArn(this, "taskExecutionRole", "arn:aws:iam::576853867587:role/ecsTaskExecutionRole", new FromRoleArnOptions()
{
Mutable = false
}),
Compatibility = Compatibility.FARGATE,
Cpu = "256",
MemoryMiB = "512",
});
var inboundSecurityGrp = new SecurityGroup(this, "satellytesSecurityGrpInboundInet", new SecurityGroupProps {
Vpc = vpc
});
inboundSecurityGrp.AddIngressRule(Peer.AnyIpv4(), Port.Tcp(8080), "inbound http");
taskDefinition.AddContainer("satellytesWebImage", new ContainerDefinitionProps {
Image = ContainerImage.FromEcrRepository(Repository.FromRepositoryName(this, "repo", "satellytes-website/backend"), "1cfb651f73fcd20895fc44c06f7bb180ca0e8322"),
});
new FargateService(this, "SatellytesWebService", new FargateServiceProps {
Cluster = cluster,
TaskDefinition = taskDefinition,
VpcSubnets = new SubnetSelection {
SubnetType = SubnetType.PUBLIC
},
AssignPublicIp = true,
});
}
private void CreateContainerDefinition(EcsTaskDefinitionOptions definitionOptions, TaskDefinition taskDefinition)
{
foreach (var containerDef in definitionOptions.Containers)
{
var ecr = StackResources.EcrRepositories.FirstOrDefault(ecr => ecr.Key == containerDef.RepositoryId);
if (ecr.Key == null || ecr.Value == null)
{
throw new ArgumentException("Please add a ECR definition option properly set up on your json configuration. No task definition could not be added.");
}
var portMapping = new List <PortMapping>();
if (containerDef.TCPPortMapping?.Any() == true)
{
foreach (var ports in containerDef.TCPPortMapping)
{
portMapping.Add(new PortMapping
{
ContainerPort = ports.ContainerPort,
HostPort = ports.HostPort,
Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP
});
}
}
var containerDefinitionProps = new ContainerDefinitionProps
{
TaskDefinition = taskDefinition,
Image = ContainerImage.FromEcrRepository(ecr.Value, containerDef.ImageTag),
MemoryLimitMiB = containerDef.MemoryLimitMiB,
Cpu = containerDef.CpuUnits,
StartTimeout = Duration.Minutes(containerDef.StartTimeOutMinutes),
PortMappings = portMapping.ToArray(),
Environment = containerDef.EnvironmentVariables,
DnsServers = containerDef.DnsServers?.ToArray()
};
var container = AwsCdkHandler.CreateContainerDefinitionByProps(containerDef.Id, containerDefinitionProps);
if (definitionOptions.MountPoints?.Any() == true)
{
var mountPoints = new List <MountPoint>();
foreach (var mountPointOption in definitionOptions.MountPoints)
{
mountPoints.Add(new MountPoint
{
SourceVolume = mountPointOption.SourceVolume,
ContainerPath = mountPointOption.ContainerPath
});
}
container.AddMountPoints(mountPoints.ToArray());
}
}
}
internal MyDotNetCoreServerlessWebAppEcsFargateCdkAppStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
var imageTagParameter = this.Node.TryGetContext("ImageTag");
string imageTag = imageTagParameter.ToString() ?? "latest";
IRepository ecrRepository = Repository.FromRepositoryArn(this, "MyDotNetCorServerlessWebAppServiceContainerRepository", "arn:aws:ecr:eu-west-1:098208531922:repository/mydotnetcorewebapp");
var loadBalancedFargateService = new ApplicationLoadBalancedFargateService(this, "MyDotNetCorServerlessWebAppService", new ApplicationLoadBalancedFargateServiceProps()
{
AssignPublicIp = true,
TaskImageOptions = new ApplicationLoadBalancedTaskImageOptions()
{
Image = ContainerImage.FromEcrRepository(ecrRepository, imageTag),
}
});;
}
private ApplicationLoadBalancedFargateService CreateEcsService(
Cluster ecsCluster,
Secret dbPasswordSecret,
DatabaseConstructFactory dbConstructFactory,
DatabaseConstructOutput dbConstructOutput
)
{
var imageRepository = Repository.FromRepositoryName(this, "ExistingEcrRepository", settings.DockerImageRepository);
var ecsService = new ApplicationLoadBalancedFargateService(this, $"{settings.ScopeName}FargateService",
new ApplicationLoadBalancedFargateServiceProps
{
Cluster = ecsCluster,
DesiredCount = settings.DesiredComputeReplicaCount,
Cpu = settings.CpuMillicores,
MemoryLimitMiB = settings.MemoryMiB,
PublicLoadBalancer = settings.PublicLoadBalancer,
LoadBalancer = new ApplicationLoadBalancer(this, $"{settings.ScopeName}-ALB", new ApplicationLoadBalancerProps {
LoadBalancerName = "unicorn-store",
Vpc = ecsCluster.Vpc,
InternetFacing = true,
DeletionProtection = false,
}),
TaskImageOptions = new ApplicationLoadBalancedTaskImageOptions
{
Image = ContainerImage.FromEcrRepository(imageRepository, settings.ImageTag),
Environment = new Dictionary <string, string>()
{
{ "ASPNETCORE_ENVIRONMENT", settings.DotNetEnvironment ?? "Production" },
{ "DefaultAdminUsername", settings.DefaultSiteAdminUsername },
{ $"UnicornDbConnectionStringBuilder__{dbConstructFactory.DbConnStrBuilderServerPropName}",
dbConstructOutput.EndpointAddress },
{ $"UnicornDbConnectionStringBuilder__Port", dbConstructOutput.Port },
{ $"UnicornDbConnectionStringBuilder__{dbConstructFactory.DBConnStrBuilderUserPropName}",
settings.DbUsername },
},
Secrets = new Dictionary <string, Secret>
{
{ "DefaultAdminPassword", Helpers.CreateAutoGenPasswordSecretDef($"{settings.ScopeName}DefaultSiteAdminPassword").CreateSecret(this) },
{ $"UnicornDbConnectionStringBuilder__{dbConstructFactory.DBConnStrBuilderPasswordPropName}", dbPasswordSecret }
}
},
}
);
return(ecsService);
}
private ApplicationLoadBalancedEc2Service CreateService(Cluster cluster)
{
var repository = Repository.FromRepositoryAttributes(this, "dev-api-repo", new RepositoryAttributes
{
RepositoryName = "app-repo",
RepositoryArn = "arn:aws:ecr:us-east-1:714871639201:repository/app-repo",
});
return(new ApplicationLoadBalancedEc2Service(this, "dev-ecs-service",
new ApplicationLoadBalancedEc2ServiceProps()
{
ServiceName = "dev-crud-api-service",
Cluster = cluster,
DesiredCount = 1,
TaskImageOptions = new ApplicationLoadBalancedTaskImageOptions
{
Image = ContainerImage.FromEcrRepository(repository, "latest"),
},
MemoryLimitMiB = 256,
PublicLoadBalancer = true,
}));
}
public ApiStack(Construct scope, string id, ApiProps props = null) : base(scope, id, props)
{
var hostedZone = HostedZone.FromHostedZoneAttributes(this, "HostedZone", new HostedZoneAttributes
{
ZoneName = props.HostedZoneName,
HostedZoneId = props.HostedZoneId
});
FargateService = new ApplicationLoadBalancedFargateService(this, $"{props.ServiceName}-fargate-service", new ApplicationLoadBalancedFargateServiceProps
{
ServiceName = props.ServiceName,
Cluster = props.EcsCluster,
TaskImageOptions = new ApplicationLoadBalancedTaskImageOptions
{
ContainerName = props.ServiceName,
Image = ContainerImage.FromEcrRepository(props.EcrRepository),
Environment = props.ContainerEnvVars,
Secrets = props.ContainerSecrets,
EnableLogging = true
},
Certificate = props.Certificate,
DomainName = $"{props.SubDomain}.{props.HostedZoneName}",
DomainZone = hostedZone,
//this has an internet-facing ALB open to the world - could enhance security by hiding behind an API gateway
});
FargateService.TargetGroup.ConfigureHealthCheck(new HealthCheck
{
Path = "/health"
});
ApiUrl = $"https://{props.SubDomain}.{props.HostedZoneName}";
//seems handy https://github.com/aws/aws-cdk/issues/8352
//also handy https://chekkan.com/iam-policy-perm-for-public-load-balanced-ecs-fargate-on-cdk/
}
public EcsStack(Construct parent, string id, EcsStackProps props) : base(parent, id)
{
this.ecsCluster = new Cluster(this, "Cluster", new ClusterProps
{
Vpc = props.Vpc,
});
this.ecsCluster.Connections.AllowFromAnyIpv4(Port.Tcp(8080));
Console.Write(props.ecrRepository.RepositoryArn);
this.ecsService = new NetworkLoadBalancedFargateService(this, "Service", new NetworkLoadBalancedFargateServiceProps()
{
Cluster = this.ecsCluster,
DesiredCount = 1,
PublicLoadBalancer = true,
TaskImageOptions = new NetworkLoadBalancedTaskImageOptions
{
EnableLogging = true,
ContainerPort = 8080,
Image = ContainerImage.FromEcrRepository(props.ecrRepository),
}
}
);
this.ecsService.Service.Connections.AllowFrom(Peer.Ipv4(props.Vpc.VpcCidrBlock), Port.Tcp(8080));
var taskDefinitionPolicy = new PolicyStatement();
taskDefinitionPolicy.AddActions(
// Rules which allow ECS to attach network interfaces to instances
// on your behalf in order for awsvpc networking mode to work right
"ec2:AttachNetworkInterface",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:Describe*",
"ec2:DetachNetworkInterface",
// Rules which allow ECS to update load balancers on your behalf
// with the information sabout how to send traffic to your containers
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:Describe*",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:RegisterTargets",
// Rules which allow ECS to run tasks that have IAM roles assigned to them.
"iam:PassRole",
// Rules that let ECS create and push logs to CloudWatch.
"logs:DescribeLogStreams",
"logs:CreateLogGroup");
taskDefinitionPolicy.AddAllResources();
this.ecsService.Service.TaskDefinition.AddToExecutionRolePolicy(
taskDefinitionPolicy
);
var taskRolePolicy = new PolicyStatement();
taskRolePolicy.AddActions(
// Allow the ECS Tasks to download images from ECR
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
// Allow the ECS tasks to upload logs to CloudWatch
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:PutLogEvents"
);
taskRolePolicy.AddAllResources();
this.ecsService.Service.TaskDefinition.AddToTaskRolePolicy(
taskRolePolicy
);
}
internal AppStack(Construct scope, RecipeConfiguration <Configuration> recipeConfiguration, IStackProps props = null)
: base(scope, recipeConfiguration.StackName, props)
{
var settings = recipeConfiguration.Settings;
IVpc vpc;
if (settings.Vpc.IsDefault)
{
vpc = Vpc.FromLookup(this, "Vpc", new VpcLookupOptions
{
IsDefault = true
});
}
else if (settings.Vpc.CreateNew)
{
vpc = new Vpc(this, "Vpc", new VpcProps
{
MaxAzs = 2
});
}
else
{
vpc = Vpc.FromLookup(this, "Vpc", new VpcLookupOptions
{
VpcId = settings.Vpc.VpcId
});
}
ICluster cluster;
if (settings.ECSCluster.CreateNew)
{
cluster = new Cluster(this, "Cluster", new ClusterProps
{
Vpc = vpc,
ClusterName = settings.ECSCluster.NewClusterName
});
}
else
{
cluster = Cluster.FromClusterAttributes(this, "Cluster", new ClusterAttributes
{
ClusterArn = settings.ECSCluster.ClusterArn,
ClusterName = ECSFargateUtilities.GetClusterNameFromArn(settings.ECSCluster.ClusterArn),
SecurityGroups = new ISecurityGroup[0],
Vpc = vpc
});
}
IRole taskRole;
if (settings.ApplicationIAMRole.CreateNew)
{
taskRole = new Role(this, "TaskRole", new RoleProps
{
AssumedBy = new ServicePrincipal("ecs-tasks.amazonaws.com")
});
}
else
{
taskRole = Role.FromRoleArn(this, "TaskRole", settings.ApplicationIAMRole.RoleArn, new FromRoleArnOptions {
Mutable = false
});
}
var taskDefinition = new FargateTaskDefinition(this, "TaskDefinition", new FargateTaskDefinitionProps
{
TaskRole = taskRole,
Cpu = settings.TaskCpu,
MemoryLimitMiB = settings.TaskMemory
});
var logging = new AwsLogDriver(new AwsLogDriverProps
{
StreamPrefix = recipeConfiguration.StackName
});
var ecrRepository = Repository.FromRepositoryName(this, "ECRRepository", recipeConfiguration.ECRRepositoryName);
taskDefinition.AddContainer("Container", new ContainerDefinitionOptions
{
Image = ContainerImage.FromEcrRepository(ecrRepository, recipeConfiguration.ECRImageTag),
Logging = logging
});
SubnetSelection subnetSelection = null;
if (settings.Vpc.IsDefault)
{
subnetSelection = new SubnetSelection
{
SubnetType = SubnetType.PUBLIC
};
}
new ScheduledFargateTask(this, "FargateService", new ScheduledFargateTaskProps
{
Cluster = cluster,
Schedule = Schedule.Expression(settings.Schedule),
Vpc = vpc,
ScheduledFargateTaskDefinitionOptions = new ScheduledFargateTaskDefinitionOptions
{
TaskDefinition = taskDefinition
},
SubnetSelection = subnetSelection
});
}
internal AppStack(Construct scope, RecipeConfiguration <Configuration> recipeConfiguration, IStackProps props = null)
: base(scope, recipeConfiguration.StackName, props)
{
var settings = recipeConfiguration.Settings;
IVpc vpc;
if (settings.Vpc.IsDefault)
{
vpc = Vpc.FromLookup(this, "Vpc", new VpcLookupOptions
{
IsDefault = true
});
}
else if (settings.Vpc.CreateNew)
{
vpc = new Vpc(this, "Vpc", new VpcProps
{
MaxAzs = 2
});
}
else
{
vpc = Vpc.FromLookup(this, "Vpc", new VpcLookupOptions
{
VpcId = settings.Vpc.VpcId
});
}
ICluster cluster;
if (settings.ECSCluster.CreateNew)
{
cluster = new Cluster(this, "Cluster", new ClusterProps
{
Vpc = vpc,
ClusterName = settings.ECSCluster.NewClusterName
});
}
else
{
cluster = Cluster.FromClusterAttributes(this, "Cluster", new ClusterAttributes
{
ClusterArn = settings.ECSCluster.ClusterArn,
ClusterName = ECSFargateUtilities.GetClusterNameFromArn(settings.ECSCluster.ClusterArn),
SecurityGroups = new ISecurityGroup[0],
Vpc = vpc
});
}
IRole taskRole;
if (settings.ApplicationIAMRole.CreateNew)
{
taskRole = new Role(this, "TaskRole", new RoleProps
{
AssumedBy = new ServicePrincipal("ecs-tasks.amazonaws.com")
});
}
else
{
taskRole = Role.FromRoleArn(this, "TaskRole", settings.ApplicationIAMRole.RoleArn, new FromRoleArnOptions {
Mutable = false
});
}
var taskDefinition = new FargateTaskDefinition(this, "TaskDefinition", new FargateTaskDefinitionProps
{
TaskRole = taskRole,
Cpu = settings.TaskCpu,
MemoryLimitMiB = settings.TaskMemory
});
var ecrRepository = Repository.FromRepositoryName(this, "ECRRepository", recipeConfiguration.ECRRepositoryName);
var container = taskDefinition.AddContainer("Container", new ContainerDefinitionOptions
{
Image = ContainerImage.FromEcrRepository(ecrRepository, recipeConfiguration.ECRImageTag)
});
container.AddPortMappings(new PortMapping
{
ContainerPort = 80,
Protocol = Protocol.TCP
});
var ecsLoadBalancerAccessSecurityGroup = new SecurityGroup(this, "WebAccessSecurityGroup", new SecurityGroupProps
{
Vpc = vpc,
SecurityGroupName = $"{recipeConfiguration.StackName}-ECSService"
});
var ecsServiceSecurityGroups = new List <ISecurityGroup>();
ecsServiceSecurityGroups.Add(ecsLoadBalancerAccessSecurityGroup);
if (!string.IsNullOrEmpty(settings.AdditionalECSServiceSecurityGroups))
{
var count = 1;
foreach (var securityGroupId in settings.AdditionalECSServiceSecurityGroups.Split(','))
{
ecsServiceSecurityGroups.Add(SecurityGroup.FromSecurityGroupId(this, $"AdditionalGroup-{count++}", securityGroupId.Trim(), new SecurityGroupImportOptions
{
Mutable = false
}));
}
}
new ApplicationLoadBalancedFargateService(this, "FargateService", new ApplicationLoadBalancedFargateServiceProps
{
Cluster = cluster,
TaskDefinition = taskDefinition,
DesiredCount = settings.DesiredCount,
ServiceName = settings.ECSServiceName,
AssignPublicIp = settings.Vpc.IsDefault,
SecurityGroups = ecsServiceSecurityGroups.ToArray()
});
}
private void ConfigureECSClusterAndService(IRecipeProps <Configuration> recipeConfiguration)
{
if (AppVpc == null)
{
throw new InvalidOperationException($"{nameof(AppVpc)} has not been set. The {nameof(ConfigureVpc)} method should be called before {nameof(ConfigureECSClusterAndService)}");
}
var settings = recipeConfiguration.Settings;
if (settings.ECSCluster.CreateNew)
{
EcsCluster = new Cluster(this, nameof(EcsCluster), InvokeCustomizeCDKPropsEvent(nameof(EcsCluster), this, new ClusterProps
{
Vpc = AppVpc,
ClusterName = settings.ECSCluster.NewClusterName
}));
}
else
{
EcsCluster = Cluster.FromClusterAttributes(this, nameof(EcsCluster), InvokeCustomizeCDKPropsEvent(nameof(EcsCluster), this, new ClusterAttributes
{
ClusterArn = settings.ECSCluster.ClusterArn,
ClusterName = ECSFargateUtilities.GetClusterNameFromArn(settings.ECSCluster.ClusterArn),
SecurityGroups = new ISecurityGroup[0],
Vpc = AppVpc
}));
}
AppTaskDefinition = new FargateTaskDefinition(this, nameof(AppTaskDefinition), InvokeCustomizeCDKPropsEvent(nameof(AppTaskDefinition), this, new FargateTaskDefinitionProps
{
TaskRole = AppIAMTaskRole,
Cpu = settings.TaskCpu,
MemoryLimitMiB = settings.TaskMemory
}));
AppLogging = new AwsLogDriver(InvokeCustomizeCDKPropsEvent(nameof(AppLogging), this, new AwsLogDriverProps
{
StreamPrefix = recipeConfiguration.StackName
}));
if (string.IsNullOrEmpty(recipeConfiguration.ECRRepositoryName))
{
throw new InvalidOrMissingConfigurationException("The provided ECR Repository Name is null or empty.");
}
EcrRepository = Repository.FromRepositoryName(this, nameof(EcrRepository), recipeConfiguration.ECRRepositoryName);
AppContainerDefinition = AppTaskDefinition.AddContainer(nameof(AppContainerDefinition), InvokeCustomizeCDKPropsEvent(nameof(AppContainerDefinition), this, new ContainerDefinitionOptions
{
Image = ContainerImage.FromEcrRepository(EcrRepository, recipeConfiguration.ECRImageTag),
Logging = AppLogging
}));
AppContainerDefinition.AddPortMappings(new PortMapping
{
ContainerPort = 80,
Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP
});
WebAccessSecurityGroup = new SecurityGroup(this, nameof(WebAccessSecurityGroup), InvokeCustomizeCDKPropsEvent(nameof(WebAccessSecurityGroup), this, new SecurityGroupProps
{
Vpc = AppVpc,
SecurityGroupName = $"{recipeConfiguration.StackName}-ECSService"
}));
EcsServiceSecurityGroups = new List <ISecurityGroup>();
EcsServiceSecurityGroups.Add(WebAccessSecurityGroup);
if (!string.IsNullOrEmpty(settings.AdditionalECSServiceSecurityGroups))
{
var count = 1;
foreach (var securityGroupId in settings.AdditionalECSServiceSecurityGroups.Split(','))
{
EcsServiceSecurityGroups.Add(SecurityGroup.FromSecurityGroupId(this, $"AdditionalGroup-{count++}", securityGroupId.Trim(), new SecurityGroupImportOptions
{
Mutable = false
}));
}
}
AppFargateService = new FargateService(this, nameof(AppFargateService), InvokeCustomizeCDKPropsEvent(nameof(AppFargateService), this, new FargateServiceProps
{
Cluster = EcsCluster,
TaskDefinition = AppTaskDefinition,
DesiredCount = settings.DesiredCount,
ServiceName = settings.ECSServiceName,
AssignPublicIp = settings.Vpc.IsDefault,
SecurityGroups = EcsServiceSecurityGroups.ToArray()
}));
}
public static Amazon.CDK.AWS.StepFunctions.Tasks.EcsRunTask CreateTask(Construct scope, Table presortTable)
{
var environmentCID = Amazon.CDK.AWS.SSM.StringParameter.ValueFromLookup(scope, Config.PARAMETER_STORE_AWS_ACCOUNTID_CICD);
var repo = new Amazon.CDK.AWS.ECR.Repository(scope, "ECRRepo", new Amazon.CDK.AWS.ECR.RepositoryProps()
{
RemovalPolicy = RemovalPolicy.DESTROY,
RepositoryName = Config.ECR_REPO_NAME
});
repo.AddToResourcePolicy(new Amazon.CDK.AWS.IAM.PolicyStatement(new Amazon.CDK.AWS.IAM.PolicyStatementProps
{
Effect = Amazon.CDK.AWS.IAM.Effect.ALLOW,
Actions = new string[] { "ecr:*" },
Principals = new Amazon.CDK.AWS.IAM.IPrincipal[]
{
new Amazon.CDK.AWS.IAM.ArnPrincipal("arn:aws:iam::" + environmentCID + ":root")
}
}));
var taskDefinition = new FargateTaskDefinition(scope, "DownloadAccuzipFileTaskDefinition", new FargateTaskDefinitionProps()
{
Cpu = 4096,
MemoryLimitMiB = 8192,
});
var containerDefinition = taskDefinition.AddContainer(Config.ECR_REPO_NAME + "1", new ContainerDefinitionProps()
{
Cpu = 4096,
MemoryLimitMiB = 8192,
Image = ContainerImage.FromEcrRepository(repo),
Logging = new AwsLogDriver(new AwsLogDriverProps()
{
StreamPrefix = "dmappresort"
})
});
var policyStatement = new Amazon.CDK.AWS.IAM.PolicyStatement();
policyStatement.AddAllResources();
policyStatement.AddActions(new string[] { "dynamoDb:*", "ses:*", "s3:*" });
taskDefinition.AddToTaskRolePolicy(policyStatement);
var cluster = CreateCluster(scope);
var lstEnviron = new List <TaskEnvironmentVariable>();
//lstEnviron.Add(new TaskEnvironmentVariable
//{
// Name = "accuzipFileS3key",
// Value = JsonPath.StringAt("$.accuzipFileS3key")
//});
//lstEnviron.Add(new TaskEnvironmentVariable
//{
// Name = "beforeReduceFileS3Key",
// Value = JsonPath.StringAt("$.beforeReduceFileS3Key")
//});
//lstEnviron.Add(new TaskEnvironmentVariable
//{
// Name = "bucketName",
// Value = JsonPath.StringAt("$.bucketName")
//});
//lstEnviron.Add(new TaskEnvironmentVariable
//{
// Name = "apiKey",
// Value = JsonPath.StringAt("$.apiKey")
//});
lstEnviron.Add(new TaskEnvironmentVariable
{
Name = "REQUESTID",
Value = JsonPath.StringAt("$.requestId")
});
lstEnviron.Add(new TaskEnvironmentVariable
{
Name = "DYNAMO_TABLE",
Value = presortTable.TableName
});
return(new EcsRunTask(scope, "FileMergeFargate", new EcsRunTaskProps()
{
LaunchTarget = new EcsFargateLaunchTarget(),
AssignPublicIp = true,
IntegrationPattern = IntegrationPattern.RUN_JOB,
Cluster = cluster,
TaskDefinition = taskDefinition,
ContainerOverrides = (new List <ContainerOverride>
{
new ContainerOverride
{
ContainerDefinition = containerDefinition,
Environment = lstEnviron.ToArray()
}
}).ToArray()
}));
}
private void ConfigureAppRunnerService(IRecipeProps <Configuration> props)
{
if (ServiceAccessRole == null)
{
throw new InvalidOperationException($"{nameof(ServiceAccessRole)} has not been set. The {nameof(ConfigureIAMRoles)} method should be called before {nameof(ConfigureAppRunnerService)}");
}
if (TaskRole == null)
{
throw new InvalidOperationException($"{nameof(TaskRole)} has not been set. The {nameof(ConfigureIAMRoles)} method should be called before {nameof(ConfigureAppRunnerService)}");
}
if (string.IsNullOrEmpty(props.ECRRepositoryName))
{
throw new InvalidOrMissingConfigurationException("The provided ECR Repository Name is null or empty.");
}
var ecrRepository = Repository.FromRepositoryName(this, "ECRRepository", props.ECRRepositoryName);
Configuration settings = props.Settings;
var appRunnerServiceProp = new CfnServiceProps
{
ServiceName = settings.ServiceName,
SourceConfiguration = new CfnService.SourceConfigurationProperty
{
AuthenticationConfiguration = new CfnService.AuthenticationConfigurationProperty
{
AccessRoleArn = ServiceAccessRole.RoleArn
},
ImageRepository = new CfnService.ImageRepositoryProperty
{
ImageRepositoryType = "ECR",
ImageIdentifier = ContainerImage.FromEcrRepository(ecrRepository, props.ECRImageTag).ImageName,
ImageConfiguration = new CfnService.ImageConfigurationProperty
{
Port = settings.Port.ToString(),
StartCommand = !string.IsNullOrWhiteSpace(settings.StartCommand) ? settings.StartCommand : null
}
}
}
};
if (!string.IsNullOrEmpty(settings.EncryptionKmsKey))
{
var encryptionConfig = new CfnService.EncryptionConfigurationProperty();
appRunnerServiceProp.EncryptionConfiguration = encryptionConfig;
encryptionConfig.KmsKey = settings.EncryptionKmsKey;
}
var healthCheckConfig = new CfnService.HealthCheckConfigurationProperty();
appRunnerServiceProp.HealthCheckConfiguration = healthCheckConfig;
healthCheckConfig.HealthyThreshold = settings.HealthCheckHealthyThreshold;
healthCheckConfig.Interval = settings.HealthCheckInterval;
healthCheckConfig.Protocol = settings.HealthCheckProtocol;
healthCheckConfig.Timeout = settings.HealthCheckTimeout;
healthCheckConfig.UnhealthyThreshold = settings.HealthCheckUnhealthyThreshold;
if (string.Equals(healthCheckConfig.Protocol, "HTTP"))
{
healthCheckConfig.Path = string.IsNullOrEmpty(settings.HealthCheckPath) ? "/" : settings.HealthCheckPath;
}
var instanceConfig = new CfnService.InstanceConfigurationProperty();
appRunnerServiceProp.InstanceConfiguration = instanceConfig;
instanceConfig.InstanceRoleArn = TaskRole.RoleArn;
instanceConfig.Cpu = settings.Cpu;
instanceConfig.Memory = settings.Memory;
AppRunnerService = new CfnService(this, nameof(AppRunnerService), InvokeCustomizeCDKPropsEvent(nameof(AppRunnerService), this, appRunnerServiceProp));
var output = new CfnOutput(this, "EndpointURL", new CfnOutputProps
{
Value = $"https://{AppRunnerService.AttrServiceUrl}/"
});
}
public ApiStack(Construct parent, string id, IApiStackProps props) : base(parent, id, props)
{
var cluster = new Cluster(
this,
"Example",
new ClusterProps
{
Vpc = props.Vpc,
});
var logging = new AwsLogDriver(new AwsLogDriverProps
{
StreamPrefix = "Example",
});
var taskDef = new FargateTaskDefinition(
this,
"Task",
new FargateTaskDefinitionProps
{
MemoryLimitMiB = 512,
Cpu = 256,
});
var repo = Repository.FromRepositoryName(
this,
"EcrRepository",
props.Repository.RepositoryName);
var imageTag = new CfnParameter(
this,
props.ApiImageTag,
new CfnParameterProps
{
Default = "latest",
});
var container = new ContainerDefinition(
this,
"ApiContainer",
new ContainerDefinitionProps
{
TaskDefinition = taskDef,
Image = ContainerImage.FromEcrRepository(repo, imageTag.ValueAsString),
Logging = logging,
});
container.AddPortMappings(new PortMapping
{
ContainerPort = 80,
HostPort = 80,
Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP,
});
var loadBalancer = new ApplicationLoadBalancer(
this,
"LoadBalancer",
new ApplicationLoadBalancerProps
{
Vpc = props.Vpc,
Http2Enabled = false,
IdleTimeout = Duration.Seconds(5),
InternetFacing = true,
IpAddressType = IpAddressType.IPV4,
VpcSubnets = new SubnetSelection
{
Subnets = props.Vpc.PublicSubnets,
},
});
var ecsService = new ApplicationLoadBalancedFargateService(
this,
"Service",
new ApplicationLoadBalancedFargateServiceProps
{
Cluster = cluster,
TaskDefinition = taskDef,
AssignPublicIp = false,
PublicLoadBalancer = true,
LoadBalancer = loadBalancer,
});
PrintLoadBalancerDnsName(ecsService);
}
internal UsersServiceFargateStack(Construct scope, string id, IUsersServiceFargateStackProps props) : base(scope, id, props)
{
var repository = Repository.FromRepositoryName(this, "UsersRepository", "users-service");
var taskDefinition = new FargateTaskDefinition(this, "UsersServiceTaskDef", new FargateTaskDefinitionProps
{
Cpu = 256,
MemoryLimitMiB = 512
});
var container = taskDefinition.AddContainer("WebApi", new ContainerDefinitionOptions
{
Image = ContainerImage.FromEcrRepository(repository),
Logging = new AwsLogDriver(new AwsLogDriverProps
{
LogRetention = Amazon.CDK.AWS.Logs.RetentionDays.TWO_WEEKS,
StreamPrefix = "UsersService-"
})
});
container.AddPortMappings(new PortMapping
{
ContainerPort = 80
});
var service = new FargateService(this, "UsersService", new FargateServiceProps
{
Cluster = props.Cluster,
TaskDefinition = taskDefinition,
DesiredCount = 2,
VpcSubnets = new SubnetSelection
{
SubnetType = SubnetType.PUBLIC
},
AssignPublicIp = true
});
service.AutoScaleTaskCount(new EnableScalingProps
{
MinCapacity = 2,
MaxCapacity = 4
}).ScaleOnCpuUtilization("CPU", new CpuUtilizationScalingProps
{
TargetUtilizationPercent = 70
});
props.Listener.AddTargets("UsersServiceTarget", new AddApplicationTargetsProps
{
HealthCheck = new HealthCheck
{
HealthyHttpCodes = "200-299",
Path = "/api/users/health",
Protocol = Amazon.CDK.AWS.ElasticLoadBalancingV2.Protocol.HTTP,
HealthyThresholdCount = 2,
UnhealthyThresholdCount = 5,
Timeout = Duration.Seconds(10),
Interval = Duration.Seconds(70),
Port = "80"
},
Protocol = ApplicationProtocol.HTTP,
Port = 80,
Targets = new IApplicationLoadBalancerTarget[] { service },
PathPattern = "/api/users*",
Priority = 2
});
}