internal NetworkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { //UsingLevel2Constructs(); var vpc = new CfnVPC(this, Program.PREFIX + "primary-vpc", new CfnVPCProps { CidrBlock = "10.20.0.0/16" }); vpc.Tags.SetTag(Program.NAME, Program.PREFIX + "primary-vpc"); VpcRef = vpc.Ref; //var vpcId = (string)this.Node.TryGetContext(Program.PREFIX + "primary-vpc"); var L1Vpc = Vpc.FromLookup(this, "VPC", new VpcLookupOptions { VpcName = Program.PREFIX + "primary-vpc" }); /*var L1VPC = Vpc.FromLookup(this, VpcRef, new VpcLookupOptions{ * VpcId = VpcRef * });*/ var privateSubnetA = new CfnSubnet(this, Program.PREFIX + "private-subnet-a", new CfnSubnetProps { CidrBlock = "10.20.0.0/24", AvailabilityZone = this.AvailabilityZones[0], VpcId = vpc.Ref }); privateSubnetA.Tags.SetTag(Program.NAME, Program.PREFIX + "private-subnet-a"); var privateSubnetB = new CfnSubnet(this, Program.PREFIX + "private-subnet-b", new CfnSubnetProps { CidrBlock = "10.20.1.0/24", AvailabilityZone = this.AvailabilityZones[1], VpcId = vpc.Ref }); privateSubnetB.Tags.SetTag(Program.NAME, Program.PREFIX + "private-subnet-b"); }
internal Stack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { //setup the image var asset = new DockerImageAsset(this, $"{Config.AppName}Image", new DockerImageAssetProps { Directory = Path.Combine(System.Environment.CurrentDirectory, "api"), }); //Create the Fargate service var vpc = Vpc.FromLookup( this, "sandbox", new VpcLookupOptions { VpcName = "sandbox_vpc" } ); var cluster = new Cluster(this, $"{Config.AppName}Cluster", new ClusterProps { Vpc = vpc }); var applicationDomain = $"{Config.ApplicationSubdomain}.{Config.DomainName}"; var hostedZone = HostedZone.FromLookup( this, "HostedZone", new HostedZoneProviderProps { DomainName = $"{Config.DomainName}.", PrivateZone = false } ); // Create a load-balanced Fargate service and make it public var fargateService = new ApplicationLoadBalancedFargateService(this, $"{Config.AppName}Service", new ApplicationLoadBalancedFargateServiceProps { Cluster = cluster, // Required DesiredCount = 1, // Default is 1 TaskImageOptions = new ApplicationLoadBalancedTaskImageOptions { Image = ContainerImage.FromDockerImageAsset(asset) }, MemoryLimitMiB = 1024, // Default is 256 PublicLoadBalancer = true, // Default is false DomainName = applicationDomain, DomainZone = hostedZone, } ); new CfnOutput( this, "Route53Url", new CfnOutputProps { Value = applicationDomain, Description = "Nice Route53 Url" } ); }
private IVpc findVpcByVpcId(string vpcId) { // How to import existing VPC // https://qiita.com/kai_kou/items/e35fd8c6af7dff9f2624 // see difference of fromLookup and fromVpcAttributes // https://garbe.io/blog/2019/09/20/hey-cdk-how-to-use-existing-resources/ var vpc = Vpc.FromLookup(this, "ExistingVPC", new VpcLookupOptions() { VpcId = vpcId }); return(vpc); }
public static Cluster CreateCluster(Construct scope) { var vpc = Vpc.FromLookup(scope, "MyVPC", new VpcLookupOptions() { VpcId = "vpc-00b85526a33fa6e93" }); return(new Cluster(scope, "DownloadAccuzipFilesCluster", new ClusterProps { ClusterName = Config.FARGATE_CLUSTER_NAME, Vpc = vpc })); }
internal IVpc AddVpc(string id, PingPongNetworkProps props) { if (props.UseExistingVpc) { System.Console.WriteLine($"Using VPC = {props.ExistingVpcName}"); return(Vpc.FromLookup(this, $"{id}-vpc", new VpcLookupOptions() { VpcName = props.ExistingVpcName })); } else { return(new Vpc(this, $"{id}-vpc", new VpcProps { })); } }
public ContainersStack(Construct parent, string id, IStackProps props) : base(parent, id, props) { var vpc = Vpc.FromLookup(this, id = "DefaultVpc", new VpcLookupOptions { IsDefault = true }); if (vpc == null) { throw new System.NullReferenceException($"Unable to determine default VPC in region {this.Region}"); } var cluster = new Cluster(this, "Cluster", new ClusterProps { Vpc = vpc }); var taskDef = new FargateTaskDefinition(this, "FargateTaskDefinition"); var currentDir = Directory.GetCurrentDirectory(); var path = Path.GetFullPath(Path.Combine(currentDir, @"dotnetapp/")); var containerOptions = new ContainerDefinitionOptions { Image = ContainerImage.FromAsset("dotnetapp") }; var portMapping = new PortMapping() { ContainerPort = 80, HostPort = 80 }; taskDef.AddContainer("Container", containerOptions).AddPortMappings(portMapping); var serviceProps = new ApplicationLoadBalancedFargateServiceProps() { MemoryLimitMiB = 512, Cpu = 256, TaskDefinition = taskDef }; ApplicationLoadBalancedFargateService service = new ApplicationLoadBalancedFargateService(this, "DotnetFargateApp", serviceProps); }
internal AuroraDatabaseStack(Construct scope, string id, AuroraDatabaseStackProps props) : base(scope, id, props) { var defaultVpc = Vpc.FromLookup(this, "default", new VpcLookupOptions { IsDefault = true }); var securityGroup = new SecurityGroup(this, "aurora-sg", new SecurityGroupProps { AllowAllOutbound = true, Description = "Primary Aurora Serverless SG. Used by Lambdas", Vpc = defaultVpc }); securityGroup.AddIngressRule(securityGroup, Port.AllTraffic()); new CfnDBCluster(this, "aurora-cluster", new CfnDBClusterProps { Engine = "aurora", EngineMode = "serverless", Port = 3306, MasterUsername = "******", MasterUserPassword = "******", DeletionProtection = false, StorageEncrypted = true, VpcSecurityGroupIds = new string[] { securityGroup.SecurityGroupId }, ScalingConfiguration = new ScalingConfigurationProperty { AutoPause = true, MinCapacity = 1, MaxCapacity = 1, SecondsUntilAutoPause = 300 } }); new BastionHostLinux(this, "bastion-host", new BastionHostLinuxProps { Vpc = defaultVpc, SecurityGroup = securityGroup }); }
public IVpc Locate(string identification, string vpcId, bool isDefault = true) { if (string.IsNullOrEmpty(vpcId)) { throw new ArgumentException("The VPC id cannot be null "); } var result = Vpc.FromLookup(Scope, string.IsNullOrEmpty(identification) ? $"{ApplicationName}{EnvironmentName}vpc" : identification, new VpcLookupOptions { IsDefault = isDefault, VpcId = vpcId }); if (result == null) { throw new ArgumentException($"The provided vpcId {vpcId} does not exists"); } return(result); }
public AppStack(Construct parent, string id, IStackProps props) : base(parent, id, props) { var cluster = new Cluster(this, "AppCluster", new ClusterProps { Vpc = Vpc.FromLookup(this, "DefaultVpc", new VpcLookupOptions() { IsDefault = true }), }); new ApplicationLoadBalancedFargateService(this, "AppService", new ApplicationLoadBalancedFargateServiceProps { Cluster = cluster, DesiredCount = 1, TaskImageOptions = new ApplicationLoadBalancedTaskImageOptions { Image = ContainerImage.FromAsset(DockerFolderBuilder.GetBuildFolder(), new AssetImageProps() { File = Path.Combine("DockerProject1", "Dockerfile") }), TaskRole = new Role(this, "AppRole", new RoleProps() { RoleName = "AppRole", AssumedBy = new ServicePrincipal("ecs-tasks.amazonaws.com"), ManagedPolicies = new IManagedPolicy[] { ManagedPolicy.FromAwsManagedPolicyName("TranslateFullAccess"), ManagedPolicy.FromAwsManagedPolicyName("AmazonS3FullAccess"), } }) }, MemoryLimitMiB = 2048, // Default is 256 PublicLoadBalancer = true, // Default is false AssignPublicIp = true, } ); }
private void ConfigureVpc(Configuration settings) { if (settings.Vpc.IsDefault) { AppVpc = Vpc.FromLookup(this, nameof(AppVpc), new VpcLookupOptions { IsDefault = true }); } else if (settings.Vpc.CreateNew) { AppVpc = new Vpc(this, nameof(AppVpc), InvokeCustomizeCDKPropsEvent(nameof(AppVpc), this, new VpcProps { MaxAzs = 2 })); } else { AppVpc = Vpc.FromLookup(this, nameof(AppVpc), new VpcLookupOptions { VpcId = settings.Vpc.VpcId }); } }
public IvrStack(Construct scope, string stackId, StackProps stackProps, IvrSiteSchema schema, IEnumerable <SecurityGroupRule> securityGroupRules) : base(scope, stackId, stackProps) { IVpc vpc = null; var MaxIpsPerSubnet = IvrVpcProps.MaxIpsPerSubnet; if (!string.IsNullOrWhiteSpace(schema.VpcName)) { vpc = Vpc.FromLookup(this, "$VPC", new VpcLookupOptions { VpcName = schema.VpcName, }); // will error if not found //MaxIpsPerSubnet = ???; } else if (!string.IsNullOrWhiteSpace(schema.VpcId)) { vpc = Vpc.FromLookup(this, "$VPC", new VpcLookupOptions { VpcId = schema.VpcId, }); // will error if not found //MaxIpsPerSubnet = ???; } else if (null != schema.VpcProps) { // use provided props to create brand new VPC vpc = new IvrVpc(this, $"VPC", schema.VpcProps); } if (schema.AddVpcS3Gateway) { var s3gw = new GatewayVpcEndpoint(this, $"S3GW", new GatewayVpcEndpointProps { Vpc = vpc, Service = GatewayVpcEndpointAwsService.S3, Subnets = new SubnetSelection[] { new SubnetSelection { SubnetType = SubnetType.PUBLIC, } }, }); } var role = new Role(this, "IVR", new RoleProps { AssumedBy = new ServicePrincipal("ec2.amazonaws.com"), InlinePolicies = new IvrInlinePolicies(stackProps.Env.Account, stackId, schema), }); // Configure inbound security for RDP (and more?) var securityGroup = new SecurityGroup(this, $"Ingress", new SecurityGroupProps { Vpc = vpc, AllowAllOutbound = schema.AllowAllOutbound, }); securityGroupRules.ForEach(rule => securityGroup.WithSecurityGroupRule(rule)); if (schema.AllowAllIntranet) { securityGroup.WithSecurityGroupRule(new IngressRule(Peer.Ipv4($"{vpc.VpcCidrBlock}"), Port.AllTraffic()).WithDescription($"All intranet traffic")); } // Finally - create our instances! var hosts = new List <HostInstance>(); for (var subnetIndex = 0; ++subnetIndex <= Math.Min(vpc.PublicSubnets.Length, schema.MaxSubnets);) { var hostIndexInSubnet = 0; foreach (var group in schema.HostGroups) { var numberOfHosts = Math.Min(group.HostCount, MaxIpsPerSubnet); if (numberOfHosts != group.HostCount) { Console.WriteLine($"Group({group.Name}) host count changed from {group.HostCount} to {numberOfHosts}"); group.HostCount = numberOfHosts; } var instanceProps = IvrInstanceProps.InstanceProps(vpc, vpc.PublicSubnets[subnetIndex - 1], role, securityGroup, group.InstanceProps); for (var hostCount = 0; ++hostCount <= numberOfHosts; ++hostIndexInSubnet) { var hostName = $"{schema.HostNamePrefix}{subnetIndex}{hostIndexInSubnet:00}"; var hostPrimingProps = new HostPrimingProps { HostName = hostName.AsWindowsComputerName(), // must fit into 15 chars WorkingFolder = $"{stackId}".AsWindowsFolder(), AwsAccount = stackProps.Env.Account, AwsRoleName = role.RoleName, RdpProps = schema.RdpProps, EC2Users = schema.EC2Users, DownloadAndInstall = group.DownloadAndInstall, S3iArgs = $"{group.InstallS3i} --verbose", }; var hostCommands = HostPriming.PrimeForS3i(hostPrimingProps) .WithFirewallAllowInbound($"{vpc.VpcCidrBlock}"); hostCommands.WithRenameAndRestart(hostPrimingProps.HostName); instanceProps.KeyName = schema.KeyPairName; instanceProps.UserData = hostCommands.UserData; hosts.Add(new HostInstance { Group = group, Instance = new Instance_(this, hostName.AsCloudFormationId(), instanceProps), }); } } } // associate pre-allocated EIPs var preAllocatedEIPs = schema.PreAllocatedElasticIPs?.SelectMany(s => s.Csv()).ToList() ?? new List <string> { }; var hostsThatRequireEIP = hosts.Where(h => h.Group.UsePreAllocatedElasticIPs).ToList(); if (preAllocatedEIPs.Count < hostsThatRequireEIP.Count) { throw new ArgumentException($"Pre-Allocated Elastic IPs needed: {hostsThatRequireEIP.Count()}, but only {preAllocatedEIPs.Count()} configured in schema.{nameof(IvrSiteSchema.PreAllocatedElasticIPs)}"); } var elasticIPAssociations = hostsThatRequireEIP.Zip(preAllocatedEIPs, (h, a) => { return(new CfnEIPAssociation(this, $"EIPA{h.Instance.InstancePrivateIp}".AsCloudFormationId(), new CfnEIPAssociationProps { AllocationId = a, InstanceId = h.Instance.InstanceId, })); }).ToList(); // execute LINQ now // We have schema.Domain registered in advance if (!string.IsNullOrWhiteSpace(schema.HostedZoneDomain)) { var theZone = HostedZone.FromLookup(this, $"{stackId}_Zone_", new HostedZoneProviderProps { DomainName = schema.HostedZoneDomain, //Comment = "HostedZone created by Route53 Registrar", }); // assign new Elastic IPs as needed if (!string.IsNullOrWhiteSpace(schema.SubdomainEIPs)) { var newElasticIPs = hosts.Where(h => h.Group.AllocateNewElasticIPs).Select(h => { return(new CfnEIP(this, $"EIP{h.Instance.InstancePrivateIp}".AsCloudFormationId(), new CfnEIPProps { // 'standard' or 'vpc': https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-eip.html#cfn-ec2-eip-domain Domain = "vpc", InstanceId = h.Instance.InstanceId, })); }).ToList(); // collect them now to prevent LINQ side effects if (newElasticIPs.Any()) { // Register public Elastic IPs var arNewPublic = new ARecord(this, $"ARecord_Public_NewAlloc".AsCloudFormationId(), new ARecordProps { Zone = theZone, RecordName = $"{schema.SubdomainEIPs}.{theZone.ZoneName}", Target = RecordTarget.FromValues(newElasticIPs.Select(eip => eip.Ref).ToArray()), Ttl = Duration.Seconds(300), }); } else if (elasticIPAssociations.Any()) { // Register public Elastic IPs /* * var arPrePublic = new ARecord(this, $"ARecord_Public_PreAlloc".AsCloudFormationId(), new ARecordProps * { * Zone = theZone, * RecordName = $"{schema.SubdomainEIPs}.{theZone.ZoneName}", * Target = RecordTarget.FromValues(elasticIPAssociations.Select(eipa => eipa.Ref).ToArray()), // ***** how to do that? * Ttl = Duration.Seconds(300), * }); */ foreach (var a in elasticIPAssociations) { Console.WriteLine($"Pre-Allocated Elastic IP Associations: {a.AllocationId}/{a.InstanceId}, {a.Eip}/{a.PrivateIpAddress}, {a.Ref} - please put it to {schema.SubdomainEIPs}.{theZone.ZoneName} ARecord manually"); } } } if (0 < hosts.Count && !string.IsNullOrWhiteSpace(schema.SubdomainHosts)) { // Register private IPs (never changing, as opposed to public - which change on stop/start) addresses of all hosts var arPrivate = new ARecord(this, $"ARecord_Private_".AsCloudFormationId(), new ARecordProps { Zone = theZone, RecordName = $"{schema.SubdomainHosts}.{theZone.ZoneName}", Target = RecordTarget.FromIpAddresses(hosts.Select(h => h.Instance.InstancePrivateIp).ToArray()), Ttl = Duration.Seconds(300), }); } //throw new Exception(); } }
internal AppStack(Construct scope, RecipeConfiguration <Configuration> recipeConfiguration, IStackProps props = null) : base(scope, recipeConfiguration.StackName, props) { var settings = recipeConfiguration.Settings; IVpc vpc; if (settings.Vpc.IsDefault) { vpc = Vpc.FromLookup(this, "Vpc", new VpcLookupOptions { IsDefault = true }); } else if (settings.Vpc.CreateNew) { vpc = new Vpc(this, "Vpc", new VpcProps { MaxAzs = 2 }); } else { vpc = Vpc.FromLookup(this, "Vpc", new VpcLookupOptions { VpcId = settings.Vpc.VpcId }); } ICluster cluster; if (settings.ECSCluster.CreateNew) { cluster = new Cluster(this, "Cluster", new ClusterProps { Vpc = vpc, ClusterName = settings.ECSCluster.NewClusterName }); } else { cluster = Cluster.FromClusterAttributes(this, "Cluster", new ClusterAttributes { ClusterArn = settings.ECSCluster.ClusterArn, ClusterName = ECSFargateUtilities.GetClusterNameFromArn(settings.ECSCluster.ClusterArn), SecurityGroups = new ISecurityGroup[0], Vpc = vpc }); } IRole taskRole; if (settings.ApplicationIAMRole.CreateNew) { taskRole = new Role(this, "TaskRole", new RoleProps { AssumedBy = new ServicePrincipal("ecs-tasks.amazonaws.com") }); } else { taskRole = Role.FromRoleArn(this, "TaskRole", settings.ApplicationIAMRole.RoleArn, new FromRoleArnOptions { Mutable = false }); } var taskDefinition = new FargateTaskDefinition(this, "TaskDefinition", new FargateTaskDefinitionProps { TaskRole = taskRole, Cpu = settings.TaskCpu, MemoryLimitMiB = settings.TaskMemory }); var logging = new AwsLogDriver(new AwsLogDriverProps { StreamPrefix = recipeConfiguration.StackName }); var ecrRepository = Repository.FromRepositoryName(this, "ECRRepository", recipeConfiguration.ECRRepositoryName); taskDefinition.AddContainer("Container", new ContainerDefinitionOptions { Image = ContainerImage.FromEcrRepository(ecrRepository, recipeConfiguration.ECRImageTag), Logging = logging }); SubnetSelection subnetSelection = null; if (settings.Vpc.IsDefault) { subnetSelection = new SubnetSelection { SubnetType = SubnetType.PUBLIC }; } new ScheduledFargateTask(this, "FargateService", new ScheduledFargateTaskProps { Cluster = cluster, Schedule = Schedule.Expression(settings.Schedule), Vpc = vpc, ScheduledFargateTaskDefinitionOptions = new ScheduledFargateTaskDefinitionOptions { TaskDefinition = taskDefinition }, SubnetSelection = subnetSelection }); }
internal AppStack(Construct scope, RecipeConfiguration <Configuration> recipeConfiguration, IStackProps props = null) : base(scope, recipeConfiguration.StackName, props) { var settings = recipeConfiguration.Settings; IVpc vpc; if (settings.Vpc.IsDefault) { vpc = Vpc.FromLookup(this, "Vpc", new VpcLookupOptions { IsDefault = true }); } else if (settings.Vpc.CreateNew) { vpc = new Vpc(this, "Vpc", new VpcProps { MaxAzs = 2 }); } else { vpc = Vpc.FromLookup(this, "Vpc", new VpcLookupOptions { VpcId = settings.Vpc.VpcId }); } ICluster cluster; if (settings.ECSCluster.CreateNew) { cluster = new Cluster(this, "Cluster", new ClusterProps { Vpc = vpc, ClusterName = settings.ECSCluster.NewClusterName }); } else { cluster = Cluster.FromClusterAttributes(this, "Cluster", new ClusterAttributes { ClusterArn = settings.ECSCluster.ClusterArn, ClusterName = ECSFargateUtilities.GetClusterNameFromArn(settings.ECSCluster.ClusterArn), SecurityGroups = new ISecurityGroup[0], Vpc = vpc }); } IRole taskRole; if (settings.ApplicationIAMRole.CreateNew) { taskRole = new Role(this, "TaskRole", new RoleProps { AssumedBy = new ServicePrincipal("ecs-tasks.amazonaws.com") }); } else { taskRole = Role.FromRoleArn(this, "TaskRole", settings.ApplicationIAMRole.RoleArn, new FromRoleArnOptions { Mutable = false }); } var taskDefinition = new FargateTaskDefinition(this, "TaskDefinition", new FargateTaskDefinitionProps { TaskRole = taskRole, Cpu = settings.TaskCpu, MemoryLimitMiB = settings.TaskMemory }); var ecrRepository = Repository.FromRepositoryName(this, "ECRRepository", recipeConfiguration.ECRRepositoryName); var container = taskDefinition.AddContainer("Container", new ContainerDefinitionOptions { Image = ContainerImage.FromEcrRepository(ecrRepository, recipeConfiguration.ECRImageTag) }); container.AddPortMappings(new PortMapping { ContainerPort = 80, Protocol = Protocol.TCP }); var ecsLoadBalancerAccessSecurityGroup = new SecurityGroup(this, "WebAccessSecurityGroup", new SecurityGroupProps { Vpc = vpc, SecurityGroupName = $"{recipeConfiguration.StackName}-ECSService" }); var ecsServiceSecurityGroups = new List <ISecurityGroup>(); ecsServiceSecurityGroups.Add(ecsLoadBalancerAccessSecurityGroup); if (!string.IsNullOrEmpty(settings.AdditionalECSServiceSecurityGroups)) { var count = 1; foreach (var securityGroupId in settings.AdditionalECSServiceSecurityGroups.Split(',')) { ecsServiceSecurityGroups.Add(SecurityGroup.FromSecurityGroupId(this, $"AdditionalGroup-{count++}", securityGroupId.Trim(), new SecurityGroupImportOptions { Mutable = false })); } } new ApplicationLoadBalancedFargateService(this, "FargateService", new ApplicationLoadBalancedFargateServiceProps { Cluster = cluster, TaskDefinition = taskDefinition, DesiredCount = settings.DesiredCount, ServiceName = settings.ECSServiceName, AssignPublicIp = settings.Vpc.IsDefault, SecurityGroups = ecsServiceSecurityGroups.ToArray() }); }
public DevStack(Construct parent, string id, IStackProps props) : base(parent, id, props) { var cluster = new Cluster(this, "AppCluster", new ClusterProps { Vpc = Vpc.FromLookup(this, "DefaultVpc", new VpcLookupOptions() { IsDefault = true }), }); FargateTaskDefinition taskDef = new FargateTaskDefinition(this, "DevStackTaskDef", new FargateTaskDefinitionProps() { }); var mysqlContainer = taskDef.AddContainer("mysql", new ContainerDefinitionProps() { Image = ContainerImage.FromAsset(DockerFolderBuilder.GetBuildFolder(), new AssetImageProps() { File = Path.Combine("LocalStack", "Dockerfile.mysql") }) }); mysqlContainer.AddPortMappings(new PortMapping() { HostPort = 3306, ContainerPort = 3306, Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP }); var mongoContainer = taskDef.AddContainer("mongodb", new ContainerDefinitionProps() { Image = ContainerImage.FromAsset(DockerFolderBuilder.GetBuildFolder(), new AssetImageProps() { File = Path.Combine("LocalStack", "Dockerfile.mongo") }) }); mongoContainer.AddPortMappings(new PortMapping() { HostPort = 27017, ContainerPort = 27017, Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP }); var localStackContainer = taskDef.AddContainer("localstack", new ContainerDefinitionProps() { Image = ContainerImage.FromAsset(DockerFolderBuilder.GetBuildFolder(), new AssetImageProps() { File = Path.Combine("LocalStack", "Dockerfile.localstack") }) }); localStackContainer.AddPortMappings(new PortMapping() { HostPort = 4572, ContainerPort = 4572, Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP }); localStackContainer.AddPortMappings(new PortMapping() { HostPort = 4576, ContainerPort = 4576, Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP }); localStackContainer.AddPortMappings(new PortMapping() { HostPort = 4584, ContainerPort = 4584, Protocol = Amazon.CDK.AWS.ECS.Protocol.TCP }); var schemabuilder = taskDef.AddContainer("schemaBuilder", new ContainerDefinitionProps() { Image = ContainerImage.FromAsset(DockerFolderBuilder.GetBuildFolder(), new AssetImageProps() { File = Path.Combine("LocalStack", "Dockerfile") }) }); schemabuilder.AddContainerDependencies(new ContainerDependency[] { new ContainerDependency() { Container = mysqlContainer, Condition = ContainerDependencyCondition.START }, new ContainerDependency() { Container = mongoContainer, Condition = ContainerDependencyCondition.START }, new ContainerDependency() { Container = localStackContainer, Condition = ContainerDependencyCondition.START } }); // Create a load-balanced Fargate service and make it public new ApplicationLoadBalancedFargateService(this, "DevStackService", new ApplicationLoadBalancedFargateServiceProps { Cluster = cluster, // Required DesiredCount = 1, TaskDefinition = taskDef, MemoryLimitMiB = 2048, // Default is 256 PublicLoadBalancer = true, // Default is false AssignPublicIp = true } ); }
internal StepFunctionDemoStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { Bucket stepFunctionDemoBucket = new Bucket(this, "StepFunctionDemoBucket", new BucketProps { Encryption = BucketEncryption.S3_MANAGED, RemovalPolicy = RemovalPolicy.RETAIN }); Table stepFunctionDemoTable = new Table(this, "StepFunctionDemoTable", new TableProps { BillingMode = BillingMode.PROVISIONED, PartitionKey = new Amazon.CDK.AWS.DynamoDB.Attribute { Name = "Id", Type = AttributeType.STRING }, RemovalPolicy = RemovalPolicy.DESTROY }); //Step Function invoking Lambda function Function invokeOddEvenStepFunction = new Function(this, "InvokeOddEvenStepFunction", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::InvokeOddEvenStepFunction", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Lambda Function that invokes the Demo Step Function", }); //Function to calculate Odd or Even Function oddOrEvenFunction = new Function(this, "OddOrEvenFunction", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::OddOrEvenFunction", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Lambda Function that calculates odd or even", }); //Demo Lambda to perform Process 1 Function process1Function = new Function(this, "Process1Function", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::Process1Function", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Demo Lambda Function that runs process1", }); Function processAFunction = new Function(this, "ProcessAFunction", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::Process1Function", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Demo Lambda Function that runs process1", }); //Demo Lambda to perform Process 2 Function process2Function = new Function(this, "Process2Function", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::Process2Function", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Demo Lambda Function that runs process2", }); //Demo Lambda to perform Process 1 Function process11Function = new Function(this, "Process11Function", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::Process11Function", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Demo Lambda Function that runs job process1", }); //Demo Lambda to perform Process 2 Function process12Function = new Function(this, "Process12Function", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::Process12Function", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Demo Lambda Function that runs job process2", }); Function taskTokenExecutorFunction = new Function(this, "TaskTokenExecutorFunction", new FunctionProps { Runtime = Runtime.DOTNET_CORE_3_1, Code = Code.FromAsset("src/Demo.Services.Lambda/bin/Release/netcoreapp3.1/Demo.Services.Lambda.zip"), Handler = "Demo.Services.Lambda::Demo.Services.Lambda.Functions::TaskTokenExecutor", Timeout = Duration.Minutes(5), MemorySize = 512, Description = "Demo Lambda Function that executes Task Token Step", Environment = new Dictionary <string, string>() { ["STEP_FUNCTION_DEMO_BUCKET"] = stepFunctionDemoBucket.BucketName } }); stepFunctionDemoBucket.GrantReadWrite(taskTokenExecutorFunction); var oddEvenFunction = new Task(this, "OddEvenFunction", new TaskProps { Task = new InvokeFunction(oddOrEvenFunction.LatestVersion) }); var process1 = new Task(this, "Process1", new TaskProps { Task = new InvokeFunction(process1Function.LatestVersion) }); var processA = new Task(this, "ProcessA", new TaskProps { Task = new InvokeFunction(processAFunction.LatestVersion) }); var process2 = new Task(this, "Process2", new TaskProps { Task = new InvokeFunction(process2Function.LatestVersion) }); var process11 = new Task(this, "Process11", new TaskProps { Task = new InvokeFunction(process11Function.LatestVersion), ResultPath = "$.Resolved" }); var process12 = new Task(this, "Process12", new TaskProps { Task = new InvokeFunction(process12Function.LatestVersion) }); var taskTokenExecutor = new Task(this, "TaskTokenExecutor", new TaskProps { Task = new RunLambdaTask(taskTokenExecutorFunction.LatestVersion, new RunLambdaTaskProps() { IntegrationPattern = ServiceIntegrationPattern.WAIT_FOR_TASK_TOKEN, Payload = TaskInput.FromContextAt("$$.Task.Token") }), Parameters = new Dictionary <string, object> { ["Payload"] = new Dictionary <string, object> { ["TaskToken.$"] = "$$.Task.Token", ["State.$"] = "$" } } }); //Choice to go to Process 1 or Process 2 based on input number is odd or even. var isEven = new Choice(this, "Is the number Even?"); var isResolvedOrOverriden = new Choice(this, "Is Resolved Or Overriden?"); //var chain1 = Chain.Start(oddEvenFunction) // .Next(isEven // .When( // Condition.StringEquals("$.Result", "Even"), // Chain.Start(process1) // .Next(process11) // .Next(isResolvedOrOverriden // .When( // Condition.Or( // new[] // { // Condition.BooleanEquals("$.Resolved", true), // Condition.BooleanEquals("$.Override", true) // }), process12) // .Otherwise(process2))) // .When(Condition.StringEquals("$.Result", "Odd"), process2)); var chain1 = Chain.Start(oddEvenFunction) .Next(isEven .When( Condition.StringEquals("$.Result", "Even"), Chain.Start(process1) .Next(taskTokenExecutor) .Next(isResolvedOrOverriden .When( Condition.Or( new[] { Condition.BooleanEquals("$.Resolved", true), Condition.BooleanEquals("$.Override", true) }), process12) .Otherwise(process2))) .When(Condition.StringEquals("$.Result", "Odd"), process2)); //State Machine var stateMachine = new StateMachine(this, "JobDemoStateMachine", new StateMachineProps { StateMachineName = "JobDemoStateMachine", Timeout = Duration.Minutes(5), Definition = chain1 }); stateMachine.Role?.AddManagedPolicy(ManagedPolicy.FromManagedPolicyArn(this, "DynamoDBFullAccessForStepFunction", "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess")); stateMachine.Role?.AddManagedPolicy(ManagedPolicy.FromManagedPolicyArn(this, "LambdaFullAccessForStepFunction", "arn:aws:iam::aws:policy/AWSLambdaFullAccess")); var demofargateTask1 = new FargateTaskDefinition(this, "demoECSTask1Definition", new FargateTaskDefinitionProps { MemoryLimitMiB = 4096, Cpu = 2048 }); var demofargateTask2 = new FargateTaskDefinition(this, "demoECSTask2Definition", new FargateTaskDefinitionProps { MemoryLimitMiB = 4096, Cpu = 2048 }); stepFunctionDemoBucket.GrantReadWrite(demofargateTask2.TaskRole); IVpc publicVpc = Vpc.FromLookup(this, "PublicVPC", new VpcLookupOptions { Tags = new Dictionary <string, string> { ["Paces:VpcType"] = "Public" } }); var cluster = Cluster.FromClusterAttributes(this, "PublicCluster", new ClusterAttributes { ClusterName = "OHC-PACES", Vpc = publicVpc, SecurityGroups = new[] { SecurityGroup.FromSecurityGroupId(this, "SecurityGroup", "sg-0a1bab8166d8fb715") } }); var container1 = demofargateTask1.AddContainer("app", new ContainerDefinitionOptions { Image = ContainerImage.FromAsset(".", new AssetImageProps { File = "Dockerfile" }), Logging = LogDriver.AwsLogs(new AwsLogDriverProps { LogGroup = new LogGroup(this, "demoECSTask1LogGroup", new LogGroupProps { LogGroupName = "/ecs/demoECSTask1-" + RandomString.Generate(10, StackId), }), StreamPrefix = "logs" }), }); var container2 = demofargateTask2.AddContainer("app", new ContainerDefinitionOptions { Image = ContainerImage.FromAsset(".", new AssetImageProps { File = "Dockerfile.1" }), Environment = new Dictionary <string, string> { ["STEP_FUNCTION_DEMO_BUCKET"] = stepFunctionDemoBucket.BucketName }, Logging = LogDriver.AwsLogs(new AwsLogDriverProps { LogGroup = new LogGroup(this, "demoECSTask2LogGroup", new LogGroupProps { LogGroupName = $"/ecs/demoECSTask2-{RandomString.Generate(10, StackId)}", }), StreamPrefix = "logs" }) }); Rule rule = new Rule(this, "DemoJobRule", new RuleProps { Schedule = Schedule.Cron(new CronOptions { Day = "*", Hour = "*", Minute = "1", Month = "*", Year = "*" }), Description = "Runs demo job fargate task", Targets = new IRuleTarget[] { new EcsTask( new EcsTaskProps { Cluster = cluster, TaskDefinition = demofargateTask2, SubnetSelection = new SubnetSelection { OnePerAz = true } }) } }); //var ecsTask1 = new Task(this, "ecsTask1", new TaskProps //{ // InputPath = "$", // Task = new CustomTask(new RunEcsFargateTaskProps // { // Cluster = Cluster.FromClusterAttributes(this, "PublicCluster", new ClusterAttributes // { // ClusterName = "OHC-PACES", // Vpc = publicVpc, // SecurityGroups = new[] { SecurityGroup.FromSecurityGroupId(this, "SecurityGroup", "sg-0a1bab8166d8fb715") } // }), // TaskDefinition = fargateTask1, // ContainerOverrides = new[] // { // new ContainerOverride // { // ContainerDefinition = container, // Command = new []{"$.Data"} // }, // } // }) //}); var ecsTask1 = new Task(this, "EcsTask1", new TaskProps { InputPath = "$", Task = new RunEcsFargateTask(new RunEcsFargateTaskProps { Cluster = cluster, TaskDefinition = demofargateTask1, //ContainerOverrides = new[] //{ // new ContainerOverride // { // ContainerDefinition = container, // // }, //} }), Parameters = new Dictionary <string, object> { ["Overrides"] = new Dictionary <string, object> { ["ContainerOverrides"] = new Dictionary <string, string>[] { new Dictionary <string, string> { ["Name"] = "app", ["Command.$"] = "$.ECSPayload" } } } } }); var chain2 = Chain.Start(processA).Next(ecsTask1); var stateMachineWithTask = new StateMachine(this, "JobDemoStateMachine-1", new StateMachineProps { StateMachineName = "JobDemoStateMachine-1", Timeout = Duration.Minutes(15), Definition = chain2, Role = Role.FromRoleArn(this, "StateMachineWithTaskRole", "arn:aws:iam::342600918501:role/service-role/PacesEdi274DefaultStateMachineRole") }); //All Policies // 1. Invoke function policies invokeOddEvenStepFunction.Role?.AddManagedPolicy(ManagedPolicy.FromManagedPolicyArn(this, "InvokeLambdaPolicy", "arn:aws:iam::aws:policy/AWSLambdaFullAccess")); var policyStatement = new PolicyStatement { Sid = "CanInvokeStepFunctions", Effect = Effect.ALLOW }; policyStatement.AddActions(new[] { "states:StartExecution" }); invokeOddEvenStepFunction.AddToRolePolicy(policyStatement); policyStatement.AddResources(stateMachine.StateMachineArn); invokeOddEvenStepFunction.AddEnvironment(Functions.StateMachineArnKey, stateMachine.StateMachineArn); process12Function.AddEnvironment(Functions.StepFunctionDemoBucketKey, stepFunctionDemoBucket.BucketName); stepFunctionDemoBucket.GrantReadWrite(process12Function); var policyStatementDemofargateTask2 = new PolicyStatement { Sid = "CanNotifyStepFunction", Effect = Effect.ALLOW }; policyStatementDemofargateTask2.AddActions(new[] { "states:SendTask*" }); demofargateTask2.AddToExecutionRolePolicy(policyStatementDemofargateTask2); demofargateTask2.AddToTaskRolePolicy(policyStatementDemofargateTask2); policyStatementDemofargateTask2.AddAllResources(); }