public NetworkStack(Construct scope, string name, StackProps props = null) : base(scope, $"network-{name}", props) { _natInstanceProvider = NatProvider.Instance(new NatInstanceProps { InstanceType = new InstanceType("t2.micro") }); _vpc = new Vpc(this, $"network-{name}-vpc", new VpcProps() { Cidr = "10.0.0.0/20", MaxAzs = 2, NatGateways = 1, NatGatewayProvider = _natInstanceProvider, SubnetConfiguration = new ISubnetConfiguration[] { new SubnetConfiguration { CidrMask = 23, Name = "PUBLIC", SubnetType = SubnetType.PUBLIC }, new SubnetConfiguration { CidrMask = 23, Name = "PRIVATE", SubnetType = SubnetType.PRIVATE }, new SubnetConfiguration { CidrMask = 23, Name = "ISOLATED", SubnetType = SubnetType.ISOLATED } } }); }
internal CdkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props) { var targetPlatform = new CfnParameter(this, "TargetPlatform", new CfnParameterProps { AllowedValues = new[] { "Linux", "Windows" }, Type = "String", Default = "Linux" }); var vpc = new Vpc(this, "VPC", new VpcProps { Cidr = "10.0.0.0/16", MaxAzs = 2, NatGatewayProvider = NatProvider.Gateway(), NatGateways = 2, NatGatewaySubnets = new SubnetSelection { SubnetType = SubnetType.PUBLIC, OnePerAz = true }, SubnetConfiguration = new[] { new SubnetConfiguration { CidrMask = 24, Name = "PublicSubnet", SubnetType = SubnetType.PUBLIC }, new SubnetConfiguration { CidrMask = 24, Name = "PrivateSubnet", SubnetType = SubnetType.PRIVATE }, } }); var externalLoadBalancerSecurityGroup = new SecurityGroup(vpc, "ExternalLoadBalancerSecurityGroup", new SecurityGroupProps { Vpc = vpc, Description = "Allows HTTP access to the application." }); externalLoadBalancerSecurityGroup.AddIngressRule(externalLoadBalancerSecurityGroup, Port.Tcp(80), "Allow HTTP"); var frontEndSecurityGroup = new SecurityGroup(vpc, "UISecurityGroup", new SecurityGroupProps { Vpc = vpc, Description = "Allows HTTP access to the UI." }); frontEndSecurityGroup.AddIngressRule(externalLoadBalancerSecurityGroup, Port.Tcp(80), "Allow HTTP"); var internalLoadBalancerSecurityGroup = new SecurityGroup(vpc, "InternalLoadBalancerSecurityGroup", new SecurityGroupProps { Vpc = vpc, Description = "Allows HTTP access to the REST API." }); internalLoadBalancerSecurityGroup.AddIngressRule(frontEndSecurityGroup, Port.Tcp(80)); var restApiSecurityGroup = new SecurityGroup(vpc, "ApiSecurityGroup", new SecurityGroupProps { Vpc = vpc, Description = "Allows HTTP access to the Rest API." }); restApiSecurityGroup.AddIngressRule(internalLoadBalancerSecurityGroup, Port.Tcp(80)); var db = new Database(this, vpc, restApiSecurityGroup); var policy = new Amazon.CDK.AWS.IAM.Policy(this, "DBPasswordSecretAccess", new Amazon.CDK.AWS.IAM.PolicyProps { PolicyName = "AllowPasswordAccess", Statements = new[] { new Amazon.CDK.AWS.IAM.PolicyStatement(new Amazon.CDK.AWS.IAM.PolicyStatementProps { Effect = Amazon.CDK.AWS.IAM.Effect.ALLOW, Actions = new [] { "secretsmanager:GetSecretValue" }, Resources = new [] { db.Password.SecretArn } }) } }); var restApiInstances = new AutoScaledInstances(this, targetPlatform, vpc, false, internalLoadBalancerSecurityGroup, restApiSecurityGroup, db, policy: policy); var frontEndInstances = new AutoScaledInstances(this, targetPlatform, vpc, true, externalLoadBalancerSecurityGroup, frontEndSecurityGroup, restApiLoadBalancer: restApiInstances.Result.LoadBalancer); //var instances = new AutoScaledInstances(this, targetPlatform, vpc, appSecurityGroup); new CICD(this, targetPlatform, frontEndInstances.Result, restApiInstances.Result); }