public DatabaseStack(Construct scope, string name, Vpc vpc, StackProps props = null) : base(scope, $"database-{name}", props) { // pricing - rds // 750 horas de uso de instâncias db.t2.micro Single-AZ do Amazon RDS para execução de // MySQL, MariaDB, PostgreSQL, Oracle BYOL ou SQL Server(executando SQL Server Express Edition) // // 20 GB de armazenamento de banco de dados de SSD // // 20 GB de armazenamento de backup para seus backups de banco de dados automatizados e // quaisquer snapshots de banco de dados iniciados por usuário // // pricing - secret manager // 0,40 USD por segredo por mês. No caso de segredos armazenados por menos de um mês, // o preço é pro-rata (com base no número de horas). // 0,05 USD por 10.000 chamadas de API. var secret = new Secret(this, $"database-{name}-secret", new SecretProps() { Description = $"Database {name} password", SecretName = $"database-{name}-secret" }); var databaseSecret = new DatabaseSecret(this, $"database-{name}-databasesecret", new DatabaseSecretProps() { Username = "******", MasterSecret = secret, ExcludeCharacters = "{}[]()'\"/\\" }); _databaseInstance = new DatabaseInstance(this, $"database-{name}-cluster", new DatabaseInstanceProps() { InstanceIdentifier = name + "-instance", DatabaseName = name, Credentials = Credentials.FromSecret(databaseSecret), Engine = DatabaseInstanceEngine.Mysql(new MySqlInstanceEngineProps() { Version = MysqlEngineVersion.VER_8_0_21 }), InstanceType = new InstanceType("t2.micro"), Vpc = vpc, VpcSubnets = new SubnetSelection() { SubnetType = SubnetType.ISOLATED } }); _databaseInstance.AddRotationSingleUser(new RotationSingleUserOptions() { AutomaticallyAfter = Duration.Days(7), ExcludeCharacters = "!@#$%^&*" }); }
private static IInstanceEngine GetInstanceEngine(DeputyBase databaseEngineVersion, string edition = "ex") { var databaseType = databaseEngineVersion.GetType(); if (databaseType == typeof(MysqlEngineVersion)) { return(DatabaseInstanceEngine.Mysql(new MySqlInstanceEngineProps { Version = databaseEngineVersion as MysqlEngineVersion })); } if (databaseType == typeof(PostgresEngineVersion)) { return(DatabaseInstanceEngine.Postgres(new PostgresInstanceEngineProps() { Version = databaseEngineVersion as PostgresEngineVersion })); } if (databaseType == typeof(MariaDbEngineVersion)) { return(DatabaseInstanceEngine.MariaDb(new MariaDbInstanceEngineProps() { Version = databaseEngineVersion as MariaDbEngineVersion })); } if (databaseType == typeof(SqlServerEngineVersion)) { return(edition switch { "ee" => DatabaseInstanceEngine.SqlServerEe(new SqlServerEeInstanceEngineProps() { Version = databaseEngineVersion as SqlServerEngineVersion }), "se" => DatabaseInstanceEngine.SqlServerSe(new SqlServerSeInstanceEngineProps() { Version = databaseEngineVersion as SqlServerEngineVersion }), "ex" => DatabaseInstanceEngine.SqlServerEx(new SqlServerExInstanceEngineProps() { Version = databaseEngineVersion as SqlServerEngineVersion }), "web" => DatabaseInstanceEngine.SqlServerWeb(new SqlServerWebInstanceEngineProps() { Version = databaseEngineVersion as SqlServerEngineVersion }), _ => throw new ArgumentException("The edition of the SQL Server is not recognized."), });
private IInstanceEngine GetInstanceEngine(DeputyBase databaseEngineVersion) { var databaseType = databaseEngineVersion.GetType(); if (databaseType == typeof(MysqlEngineVersion)) { return(DatabaseInstanceEngine.Mysql(new MySqlInstanceEngineProps { Version = databaseEngineVersion as MysqlEngineVersion })); } if (databaseType == typeof(PostgresEngineVersion)) { return(DatabaseInstanceEngine.Postgres(new PostgresInstanceEngineProps() { Version = databaseEngineVersion as PostgresEngineVersion })); } if (databaseType == typeof(MariaDbEngineVersion)) { return(DatabaseInstanceEngine.MariaDb(new MariaDbInstanceEngineProps() { Version = databaseEngineVersion as MariaDbEngineVersion })); } if (databaseType == typeof(SqlServerEngineVersion)) { return(DatabaseInstanceEngine.SqlServerEe(new SqlServerEeInstanceEngineProps() { Version = databaseEngineVersion as SqlServerEngineVersion })); } if (databaseType == typeof(OracleEngineVersion)) { return(DatabaseInstanceEngine.OracleEe(new OracleEeInstanceEngineProps() { Version = databaseEngineVersion as OracleEngineVersion })); } throw new ArgumentException("Not supported database option. Try: MysqlEngineVersion, PostgresEngineVersion, MariaDbEngineVersion, SqlServerEngineVersion and OracleEngineVersion"); }
public DatabaseInstance Create(Amazon.CDK.AWS.EC2.Vpc vpc, IConfigSettings configSettings, SecurityGroup[] securityGroups) { var db = new DatabaseInstance(this, $"{configSettings.Rds.Name}", new DatabaseInstanceProps { // todo change all properties based on config settings Engine = DatabaseInstanceEngine.Mysql(new MySqlInstanceEngineProps { //todo change based on config settings Version = MysqlEngineVersion.VER_5_7, }), Credentials = GetCredentials(configSettings), InstanceType = InstanceType.Of(InstanceClass.BURSTABLE2, InstanceSize.SMALL), VpcSubnets = new SubnetSelection { SubnetType = SubnetType.ISOLATED }, Vpc = vpc, MultiAz = configSettings.Rds.MultiAz, BackupRetention = Duration.Days(configSettings.Rds.BackupRetentionInDays), StorageEncrypted = configSettings.Rds.StorageEncrypted, AutoMinorVersionUpgrade = configSettings.Rds.AutoMinorVersionUpgrade, // todo StorageType = StorageType.GP2, SecurityGroups = securityGroups, InstanceIdentifier = configSettings.Rds.Name, DeletionProtection = configSettings.Rds.DeletionProtection, }); // rotate the master password (use this when storing it in secrets manager) //db.AddRotationSingleUser(); //EaSdRDpAgGjGKd0AL-uI2fwSJ,znW5 DBInstance = db; return(db); }
internal NorthwindCdkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { var vpc = new Vpc(this, "LabVpc", new VpcProps { MaxAzs = 2 }); // SQL Server var sg = new SecurityGroup(this, "NorthwindDatabaseSecurityGroup", new SecurityGroupProps { Vpc = vpc, SecurityGroupName = "Northwind-DB-SG", AllowAllOutbound = false }); // !!!!!!!!!! replace IP according to the instructions above sg.AddIngressRule(Peer.Ipv4("35.171.193.180/32"), Port.Tcp(1433)); // SQL Server // !!!!!!!!!! var sql = new DatabaseInstance(this, "NorthwindSQLServer", new DatabaseInstanceProps { Vpc = vpc, InstanceIdentifier = "northwind-sqlserver", Engine = DatabaseInstanceEngine.SqlServerEx(new SqlServerExInstanceEngineProps { Version = SqlServerEngineVersion.VER_14 }), // SQL Server Express Credentials = Credentials.FromUsername("adminuser", new CredentialsFromUsernameOptions() { Password = new SecretValue("Admin12345?") }), //MasterUsername = "******", //MasterUserPassword = new SecretValue("Admin12345?"), InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.SMALL), // t3.small SecurityGroups = new ISecurityGroup[] { sg }, MultiAz = false, VpcSubnets = new SubnetSelection() { SubnetType = SubnetType.PUBLIC }, // public subnet DeletionProtection = false, // you need to be able to delete database DeleteAutomatedBackups = true, BackupRetention = Duration.Days(0), RemovalPolicy = RemovalPolicy.DESTROY // you need to be able to delete database });; new CfnOutput(this, "SQLServerEndpointAddress", new CfnOutputProps { Value = sql.DbInstanceEndpointAddress }); // SQL Server connection string in Systems Manager Parameter Store new StringParameter(this, "NorthwindDatabaseConnectionString", new StringParameterProps { ParameterName = "/Northwind/ConnectionStrings/NorthwindDatabase", Type = ParameterType.STRING, Description = "SQL Server connection string", StringValue = string.Format("Server={0},1433;Integrated Security=false;User ID=adminuser;Password=Admin12345?;Initial Catalog=NorthwindTraders;", sql.DbInstanceEndpointAddress) }); // PostgreSQL setup // !!!!!!!!!! add 2 rules when you use provided VM, add 1 rule when you use your computer sg.AddIngressRule(Peer.Ipv4("35.171.193.180/32"), Port.Tcp(5432)); // PostgreSQL sg.AddIngressRule(Peer.Ipv4("3.238.53.13/32"), Port.Tcp(5432)); // PostgreSQL // !!!!!!!!!! var postgreSql = new DatabaseCluster(this, "NorthwindPostgreSQL", new DatabaseClusterProps { InstanceProps = new Amazon.CDK.AWS.RDS.InstanceProps { Vpc = vpc, InstanceType = InstanceType.Of(InstanceClass.BURSTABLE3, InstanceSize.MEDIUM), // t3.medium SecurityGroups = new ISecurityGroup[] { sg }, VpcSubnets = new SubnetSelection() { SubnetType = SubnetType.PUBLIC }, // you need to access database from your developer PC ParameterGroup = ParameterGroup.FromParameterGroupName(this, "DBInstanceParameterGroup", "default.aurora-postgresql11"), }, ParameterGroup = ParameterGroup.FromParameterGroupName(this, "DBClusterParameterGroup", "default.aurora-postgresql11"), ClusterIdentifier = "northwind-postgresql", Engine = DatabaseClusterEngine.AuroraPostgres(new AuroraPostgresClusterEngineProps { Version = AuroraPostgresEngineVersion.VER_11_6 }), // Aurora PostgreSQL Credentials = Credentials.FromUsername("adminuser", new CredentialsFromUsernameOptions { Password = new SecretValue("Admin12345?") }), //MasterUser = new Login //{ // Username = "******", // Password = new SecretValue("Admin12345?") //}, Instances = 1, Port = 5432, Backup = new BackupProps { Retention = Duration.Days(1) // minimum is 1 }, DefaultDatabaseName = "NorthwindTraders", InstanceIdentifierBase = "northwind-postgresql-instance", RemovalPolicy = RemovalPolicy.DESTROY // you need to be able to delete database, });; new CfnOutput(this, "PostgreSQLEndpointAddress", new CfnOutputProps { Value = postgreSql.ClusterEndpoint.Hostname }); // Aurora PostgreSQL connection string in Systems Manager Parameter Store new StringParameter(this, "NorthwindPostgreSQLDatabaseConnectionString", new StringParameterProps { ParameterName = "/Northwind/ConnectionStrings/NorthwindPostgreDatabase", Type = ParameterType.STRING, Description = "PostgreSQL connection string", StringValue = string.Format("Server={0};Database=NorthwindTraders;Username=adminuser;Password=Admin12345?", postgreSql.ClusterEndpoint.Hostname) }); }
public QaStage(Construct scope, string id, QaStageProps props) : base(scope, id, props) { var mainStack = new Stack(this, "main-stack", new StackProps { Env = Constants.DefaultEnv }); var credentials = new GitHubSourceCredentials(mainStack, "github-source-credentials", new GitHubSourceCredentialsProps { AccessToken = SecretValue.SecretsManager("github/oauth/token") }); var vpc = new Vpc(mainStack, "main-vpc", new VpcProps { Cidr = "10.0.0.0/16" }); //should change this to Aurora Serverless!!! //https://dev.to/cjjenkinson/how-to-create-an-aurora-serverless-rds-instance-on-aws-with-cdk-5bb0 var db = new PostgresStack(this, "postgres-db-stack", new DatabaseInstanceProps { Vpc = vpc, Engine = DatabaseInstanceEngine.Postgres(new PostgresInstanceEngineProps { Version = PostgresEngineVersion.VER_12_3 }), AllocatedStorage = 5, BackupRetention = Duration.Days(0), DeletionProtection = false, InstanceType = InstanceType.Of(InstanceClass.BURSTABLE2, InstanceSize.MICRO), MasterUsername = "******", MultiAz = false, DatabaseName = "postgres", RemovalPolicy = RemovalPolicy.DESTROY, AllowMajorVersionUpgrade = false }, new StackProps { Env = Constants.DefaultEnv }); var containerEnvVars = new Dictionary <string, string> { { "DB__ADDRESS", db.Instance.InstanceEndpoint.SocketAddress } }; var containerSecrets = new Dictionary <string, Secret> { { "DatabaseConnection", Secret.FromSecretsManager(db.Instance.Secret) } }; var accountMetadataTable = new Table(mainStack, "AccountMetadata", new TableProps { TableName = "AccountMetadata", PartitionKey = new Attribute { Name = "UserId", Type = AttributeType.NUMBER }, SortKey = new Attribute { Name = "AccountId", Type = AttributeType.NUMBER }, Stream = StreamViewType.NEW_IMAGE }); var ecsCluster = new Cluster(mainStack, "app-cluster", new ClusterProps { Vpc = vpc, ClusterName = "app-cluster", ContainerInsights = true }); var fargateSslCertArn = SecretValue.SecretsManager("fargateSslCertArn").ToString(); var albCert = Certificate.FromCertificateArn(mainStack, "alb-cert", fargateSslCertArn); var sandbankBuildInfra = this.CreateApiBuildStack("SandBank", vpc); var sandbankApi = this.CreateApiStack("SandBank", ecsCluster, vpc, sandbankBuildInfra.EcrRepository, "sandbank-api", props.HostedZoneName, props.HostedZoneId, albCert, containerEnvVars, containerSecrets); accountMetadataTable.GrantFullAccess(sandbankApi.FargateService.TaskDefinition.TaskRole); var cloudfrontCertArn = SecretValue.SecretsManager("cloudfrontcertarn").ToString(); var cert = Certificate.FromCertificateArn(mainStack, "cloudfront-cert", cloudfrontCertArn); var sandbankSpa = new SpaStack(this, "sandbank-spa-stack", new SpaStackProps { Env = Constants.DefaultEnv, Vpc = vpc, ServiceName = "sandbank-spa", SubDomain = "sandbank", HostedZoneName = props.HostedZoneName, HostedZoneId = props.HostedZoneId, CloudFrontCert = cert, GitHubSourceProps = Constants.GithubRepo, BuildSpecFile = Constants.NpmBuildSpec, SpaDirectory = "App/FrontEnd/sandbank.spa", ApiUrl = $"{sandbankApi.ApiUrl}/api" //maybe should use CfnOutput instead }); //lambda //SandBank.Lambda.ConfigAuditTrail::SandBank.Lambda.ConfigAuditTrail.Function::FunctionHandler }