public DatabaseStack(Construct scope, string name, Vpc vpc, StackProps props = null) : base(scope, $"database-{name}", props)
{
// pricing - rds
// 750 horas de uso de instâncias db.t2.micro Single-AZ do Amazon RDS para execução de
// MySQL, MariaDB, PostgreSQL, Oracle BYOL ou SQL Server(executando SQL Server Express Edition)
//
// 20 GB de armazenamento de banco de dados de SSD
//
// 20 GB de armazenamento de backup para seus backups de banco de dados automatizados e
// quaisquer snapshots de banco de dados iniciados por usuário
//
// pricing - secret manager
// 0,40 USD por segredo por mês. No caso de segredos armazenados por menos de um mês,
// o preço é pro-rata (com base no número de horas).
// 0,05 USD por 10.000 chamadas de API.
var secret = new Secret(this, $"database-{name}-secret", new SecretProps()
{
Description = $"Database {name} password",
SecretName = $"database-{name}-secret"
});
var databaseSecret = new DatabaseSecret(this, $"database-{name}-databasesecret", new DatabaseSecretProps()
{
Username = "******",
MasterSecret = secret,
ExcludeCharacters = "{}[]()'\"/\\"
});
_databaseInstance = new DatabaseInstance(this, $"database-{name}-cluster", new DatabaseInstanceProps()
{
InstanceIdentifier = name + "-instance",
DatabaseName = name,
Credentials = Credentials.FromSecret(databaseSecret),
Engine = DatabaseInstanceEngine.Mysql(new MySqlInstanceEngineProps()
{
Version = MysqlEngineVersion.VER_8_0_21
}),
InstanceType = new InstanceType("t2.micro"),
Vpc = vpc,
VpcSubnets = new SubnetSelection()
{
SubnetType = SubnetType.ISOLATED
}
});
_databaseInstance.AddRotationSingleUser(new RotationSingleUserOptions()
{
AutomaticallyAfter = Duration.Days(7),
ExcludeCharacters = "!@#$%^&*"
});
}
private static IInstanceEngine GetInstanceEngine(DeputyBase databaseEngineVersion, string edition = "ex")
{
var databaseType = databaseEngineVersion.GetType();
if (databaseType == typeof(MysqlEngineVersion))
{
return(DatabaseInstanceEngine.Mysql(new MySqlInstanceEngineProps
{
Version = databaseEngineVersion as MysqlEngineVersion
}));
}
if (databaseType == typeof(PostgresEngineVersion))
{
return(DatabaseInstanceEngine.Postgres(new PostgresInstanceEngineProps()
{
Version = databaseEngineVersion as PostgresEngineVersion
}));
}
if (databaseType == typeof(MariaDbEngineVersion))
{
return(DatabaseInstanceEngine.MariaDb(new MariaDbInstanceEngineProps()
{
Version = databaseEngineVersion as MariaDbEngineVersion
}));
}
if (databaseType == typeof(SqlServerEngineVersion))
{
return(edition switch
{
"ee" => DatabaseInstanceEngine.SqlServerEe(new SqlServerEeInstanceEngineProps()
{
Version = databaseEngineVersion as SqlServerEngineVersion
}),
"se" => DatabaseInstanceEngine.SqlServerSe(new SqlServerSeInstanceEngineProps()
{
Version = databaseEngineVersion as SqlServerEngineVersion
}),
"ex" => DatabaseInstanceEngine.SqlServerEx(new SqlServerExInstanceEngineProps()
{
Version = databaseEngineVersion as SqlServerEngineVersion
}),
"web" => DatabaseInstanceEngine.SqlServerWeb(new SqlServerWebInstanceEngineProps()
{
Version = databaseEngineVersion as SqlServerEngineVersion
}),
_ => throw new ArgumentException("The edition of the SQL Server is not recognized."),
});
private IInstanceEngine GetInstanceEngine(DeputyBase databaseEngineVersion)
{
var databaseType = databaseEngineVersion.GetType();
if (databaseType == typeof(MysqlEngineVersion))
{
return(DatabaseInstanceEngine.Mysql(new MySqlInstanceEngineProps
{
Version = databaseEngineVersion as MysqlEngineVersion
}));
}
if (databaseType == typeof(PostgresEngineVersion))
{
return(DatabaseInstanceEngine.Postgres(new PostgresInstanceEngineProps()
{
Version = databaseEngineVersion as PostgresEngineVersion
}));
}
if (databaseType == typeof(MariaDbEngineVersion))
{
return(DatabaseInstanceEngine.MariaDb(new MariaDbInstanceEngineProps()
{
Version = databaseEngineVersion as MariaDbEngineVersion
}));
}
if (databaseType == typeof(SqlServerEngineVersion))
{
return(DatabaseInstanceEngine.SqlServerEe(new SqlServerEeInstanceEngineProps()
{
Version = databaseEngineVersion as SqlServerEngineVersion
}));
}
if (databaseType == typeof(OracleEngineVersion))
{
return(DatabaseInstanceEngine.OracleEe(new OracleEeInstanceEngineProps()
{
Version = databaseEngineVersion as OracleEngineVersion
}));
}
throw new ArgumentException("Not supported database option. Try: MysqlEngineVersion, PostgresEngineVersion, MariaDbEngineVersion, SqlServerEngineVersion and OracleEngineVersion");
}
public DatabaseInstance Create(Amazon.CDK.AWS.EC2.Vpc vpc, IConfigSettings configSettings, SecurityGroup[] securityGroups)
{
var db = new DatabaseInstance(this, $"{configSettings.Rds.Name}", new DatabaseInstanceProps
{
// todo change all properties based on config settings
Engine = DatabaseInstanceEngine.Mysql(new MySqlInstanceEngineProps
{
//todo change based on config settings
Version = MysqlEngineVersion.VER_5_7,
}),
Credentials = GetCredentials(configSettings),
InstanceType = InstanceType.Of(InstanceClass.BURSTABLE2, InstanceSize.SMALL),
VpcSubnets = new SubnetSelection
{
SubnetType = SubnetType.ISOLATED
},
Vpc = vpc,
MultiAz = configSettings.Rds.MultiAz,
BackupRetention = Duration.Days(configSettings.Rds.BackupRetentionInDays),
StorageEncrypted = configSettings.Rds.StorageEncrypted,
AutoMinorVersionUpgrade = configSettings.Rds.AutoMinorVersionUpgrade,
// todo
StorageType = StorageType.GP2,
SecurityGroups = securityGroups,
InstanceIdentifier = configSettings.Rds.Name,
DeletionProtection = configSettings.Rds.DeletionProtection,
});
// rotate the master password (use this when storing it in secrets manager)
//db.AddRotationSingleUser();
//EaSdRDpAgGjGKd0AL-uI2fwSJ,znW5
DBInstance = db;
return(db);
}
internal NorthwindCdkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
var vpc = new Vpc(this, "LabVpc", new VpcProps
{
MaxAzs = 2
});
// SQL Server
var sg = new SecurityGroup(this, "NorthwindDatabaseSecurityGroup", new SecurityGroupProps
{
Vpc = vpc,
SecurityGroupName = "Northwind-DB-SG",
AllowAllOutbound = false
});
// !!!!!!!!!! replace IP according to the instructions above
sg.AddIngressRule(Peer.Ipv4("35.171.193.180/32"), Port.Tcp(1433)); // SQL Server
// !!!!!!!!!!
var sql = new DatabaseInstance(this, "NorthwindSQLServer", new DatabaseInstanceProps
{
Vpc = vpc,
InstanceIdentifier = "northwind-sqlserver",
Engine = DatabaseInstanceEngine.SqlServerEx(new SqlServerExInstanceEngineProps {
Version = SqlServerEngineVersion.VER_14
}), // SQL Server Express
Credentials = Credentials.FromUsername("adminuser", new CredentialsFromUsernameOptions()
{
Password = new SecretValue("Admin12345?")
}),
//MasterUsername = "******",
//MasterUserPassword = new SecretValue("Admin12345?"),
InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.SMALL), // t3.small
SecurityGroups = new ISecurityGroup[] { sg },
MultiAz = false,
VpcSubnets = new SubnetSelection()
{
SubnetType = SubnetType.PUBLIC
}, // public subnet
DeletionProtection = false, // you need to be able to delete database
DeleteAutomatedBackups = true,
BackupRetention = Duration.Days(0),
RemovalPolicy = RemovalPolicy.DESTROY // you need to be able to delete database
});;
new CfnOutput(this, "SQLServerEndpointAddress", new CfnOutputProps
{
Value = sql.DbInstanceEndpointAddress
});
// SQL Server connection string in Systems Manager Parameter Store
new StringParameter(this, "NorthwindDatabaseConnectionString", new StringParameterProps
{
ParameterName = "/Northwind/ConnectionStrings/NorthwindDatabase",
Type = ParameterType.STRING,
Description = "SQL Server connection string",
StringValue = string.Format("Server={0},1433;Integrated Security=false;User ID=adminuser;Password=Admin12345?;Initial Catalog=NorthwindTraders;", sql.DbInstanceEndpointAddress)
});
// PostgreSQL setup
// !!!!!!!!!! add 2 rules when you use provided VM, add 1 rule when you use your computer
sg.AddIngressRule(Peer.Ipv4("35.171.193.180/32"), Port.Tcp(5432)); // PostgreSQL
sg.AddIngressRule(Peer.Ipv4("3.238.53.13/32"), Port.Tcp(5432)); // PostgreSQL
// !!!!!!!!!!
var postgreSql = new DatabaseCluster(this, "NorthwindPostgreSQL", new DatabaseClusterProps
{
InstanceProps = new Amazon.CDK.AWS.RDS.InstanceProps
{
Vpc = vpc,
InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.MEDIUM), // t3.medium
SecurityGroups = new ISecurityGroup[] { sg },
VpcSubnets = new SubnetSelection()
{
SubnetType = SubnetType.PUBLIC
}, // you need to access database from your developer PC
ParameterGroup = ParameterGroup.FromParameterGroupName(this, "DBInstanceParameterGroup", "default.aurora-postgresql11"),
},
ParameterGroup = ParameterGroup.FromParameterGroupName(this, "DBClusterParameterGroup", "default.aurora-postgresql11"),
ClusterIdentifier = "northwind-postgresql",
Engine = DatabaseClusterEngine.AuroraPostgres(new AuroraPostgresClusterEngineProps
{
Version = AuroraPostgresEngineVersion.VER_11_6
}), // Aurora PostgreSQL
Credentials = Credentials.FromUsername("adminuser", new CredentialsFromUsernameOptions
{
Password = new SecretValue("Admin12345?")
}),
//MasterUser = new Login
//{
// Username = "******",
// Password = new SecretValue("Admin12345?")
//},
Instances = 1,
Port = 5432,
Backup = new BackupProps
{
Retention = Duration.Days(1) // minimum is 1
},
DefaultDatabaseName = "NorthwindTraders",
InstanceIdentifierBase = "northwind-postgresql-instance",
RemovalPolicy = RemovalPolicy.DESTROY // you need to be able to delete database,
});;
new CfnOutput(this, "PostgreSQLEndpointAddress", new CfnOutputProps
{
Value = postgreSql.ClusterEndpoint.Hostname
});
// Aurora PostgreSQL connection string in Systems Manager Parameter Store
new StringParameter(this, "NorthwindPostgreSQLDatabaseConnectionString", new StringParameterProps
{
ParameterName = "/Northwind/ConnectionStrings/NorthwindPostgreDatabase",
Type = ParameterType.STRING,
Description = "PostgreSQL connection string",
StringValue = string.Format("Server={0};Database=NorthwindTraders;Username=adminuser;Password=Admin12345?", postgreSql.ClusterEndpoint.Hostname)
});
}
public QaStage(Construct scope, string id, QaStageProps props) : base(scope, id, props)
{
var mainStack = new Stack(this, "main-stack", new StackProps
{
Env = Constants.DefaultEnv
});
var credentials = new GitHubSourceCredentials(mainStack, "github-source-credentials", new GitHubSourceCredentialsProps
{
AccessToken = SecretValue.SecretsManager("github/oauth/token")
});
var vpc = new Vpc(mainStack, "main-vpc", new VpcProps
{
Cidr = "10.0.0.0/16"
});
//should change this to Aurora Serverless!!!
//https://dev.to/cjjenkinson/how-to-create-an-aurora-serverless-rds-instance-on-aws-with-cdk-5bb0
var db = new PostgresStack(this, "postgres-db-stack", new DatabaseInstanceProps
{
Vpc = vpc,
Engine = DatabaseInstanceEngine.Postgres(new PostgresInstanceEngineProps
{
Version = PostgresEngineVersion.VER_12_3
}),
AllocatedStorage = 5,
BackupRetention = Duration.Days(0),
DeletionProtection = false,
InstanceType = InstanceType.Of(InstanceClass.BURSTABLE2, InstanceSize.MICRO),
MasterUsername = "******",
MultiAz = false,
DatabaseName = "postgres",
RemovalPolicy = RemovalPolicy.DESTROY,
AllowMajorVersionUpgrade = false
}, new StackProps
{
Env = Constants.DefaultEnv
});
var containerEnvVars = new Dictionary <string, string>
{
{ "DB__ADDRESS", db.Instance.InstanceEndpoint.SocketAddress }
};
var containerSecrets = new Dictionary <string, Secret>
{
{ "DatabaseConnection", Secret.FromSecretsManager(db.Instance.Secret) }
};
var accountMetadataTable = new Table(mainStack, "AccountMetadata", new TableProps
{
TableName = "AccountMetadata",
PartitionKey = new Attribute
{
Name = "UserId",
Type = AttributeType.NUMBER
},
SortKey = new Attribute
{
Name = "AccountId",
Type = AttributeType.NUMBER
},
Stream = StreamViewType.NEW_IMAGE
});
var ecsCluster = new Cluster(mainStack, "app-cluster", new ClusterProps
{
Vpc = vpc,
ClusterName = "app-cluster",
ContainerInsights = true
});
var fargateSslCertArn = SecretValue.SecretsManager("fargateSslCertArn").ToString();
var albCert = Certificate.FromCertificateArn(mainStack, "alb-cert", fargateSslCertArn);
var sandbankBuildInfra = this.CreateApiBuildStack("SandBank", vpc);
var sandbankApi = this.CreateApiStack("SandBank",
ecsCluster,
vpc,
sandbankBuildInfra.EcrRepository,
"sandbank-api",
props.HostedZoneName,
props.HostedZoneId,
albCert,
containerEnvVars,
containerSecrets);
accountMetadataTable.GrantFullAccess(sandbankApi.FargateService.TaskDefinition.TaskRole);
var cloudfrontCertArn = SecretValue.SecretsManager("cloudfrontcertarn").ToString();
var cert = Certificate.FromCertificateArn(mainStack, "cloudfront-cert", cloudfrontCertArn);
var sandbankSpa = new SpaStack(this, "sandbank-spa-stack", new SpaStackProps
{
Env = Constants.DefaultEnv,
Vpc = vpc,
ServiceName = "sandbank-spa",
SubDomain = "sandbank",
HostedZoneName = props.HostedZoneName,
HostedZoneId = props.HostedZoneId,
CloudFrontCert = cert,
GitHubSourceProps = Constants.GithubRepo,
BuildSpecFile = Constants.NpmBuildSpec,
SpaDirectory = "App/FrontEnd/sandbank.spa",
ApiUrl = $"{sandbankApi.ApiUrl}/api" //maybe should use CfnOutput instead
});
//lambda
//SandBank.Lambda.ConfigAuditTrail::SandBank.Lambda.ConfigAuditTrail.Function::FunctionHandler
}
