Last active
September 23, 2021 10:33
-
-
Save cobusbernard/af16ae7c961111c6d0760a21f81c7955 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// CDK Commands: | |
cdk init app --language typescript | |
npm i @aws-cdk/aws-ec2 @aws-cdk/aws-iam @aws-cdk/aws-s3-assets cdk-ec2-key-pair @aws-cdk/aws-s3 @aws-cdk/aws-sagemaker | |
Uncomment line 14 in bin/<your app>.ts: | |
env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, | |
cdk bootstrap | |
cdk deploy | |
// Sample CDK Code | |
import * as cdk from '@aws-cdk/core'; | |
import * as ec2 from "@aws-cdk/aws-ec2"; // Allows working with EC2 and VPC resources | |
import * as iam from "@aws-cdk/aws-iam"; // Allows working with IAM resources | |
import * as s3assets from "@aws-cdk/aws-s3-assets"; // Allows managing files with S3 | |
import * as keypair from "cdk-ec2-key-pair"; // Helper to create EC2 SSH keypairs | |
import * as s3 from "@aws-cdk/aws-s3"; | |
import * as sagemaker from "@aws-cdk/aws-sagemaker"; | |
import * as path from "path"; // Helper for working with file paths | |
export class DemoStack extends cdk.Stack { | |
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) { | |
super(scope, id, props); | |
const vpc = ec2.Vpc.fromLookup(this, "VPC", { | |
isDefault: true | |
}); | |
// Create a key pair to be used with this EC2 Instance | |
const key = new keypair.KeyPair(this, "KeyPair", { | |
name: "cdk-keypair", | |
description: "Key Pair created with CDK Deployment", | |
}); | |
key.grantReadOnPublicKey; | |
// Security group for the EC2 instance | |
const securityGroup = new ec2.SecurityGroup(this, "SecurityGroup", { | |
vpc, | |
description: "Allow SSH (TCP port 22) and HTTP (TCP port 80) in", | |
allowAllOutbound: true, | |
}); | |
// Allow SSH access on port tcp/22 | |
securityGroup.addIngressRule( | |
ec2.Peer.anyIpv4(), | |
ec2.Port.tcp(22), | |
"Allow SSH Access" | |
); | |
// Allow HTTP access on port tcp/80 | |
securityGroup.addIngressRule( | |
ec2.Peer.anyIpv4(), | |
ec2.Port.tcp(80), | |
"Allow HTTP Access" | |
); | |
// Allow HTTP access on port tcp/80 | |
securityGroup.addIngressRule( | |
ec2.Peer.anyIpv4(), | |
ec2.Port.tcp(443), | |
"Allow HTTPS Access" | |
); | |
// IAM role to allow access to other AWS services | |
const role = new iam.Role(this, "ec2Role", { | |
assumedBy: new iam.ServicePrincipal("ec2.amazonaws.com"), | |
}); | |
// IAM policy attachment to allow access to | |
role.addManagedPolicy( | |
iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonSSMManagedInstanceCore") | |
); | |
// Look up the AMI Id for the Amazon Linux 2 Image with CPU Type X86_64 | |
const ami = new ec2.AmazonLinuxImage({ | |
generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2, | |
cpuType: ec2.AmazonLinuxCpuType.X86_64, | |
}); | |
// Create the EC2 instance using the Security Group, AMI, and KeyPair defined. | |
const ec2Instance = new ec2.Instance(this, "Instance", { | |
vpc, | |
instanceType: ec2.InstanceType.of( | |
ec2.InstanceClass.T2, | |
ec2.InstanceSize.MICRO | |
), | |
machineImage: ami, | |
securityGroup: securityGroup, | |
keyName: key.keyPairName, | |
role: role, | |
}); | |
// Command to download the SSH key | |
new cdk.CfnOutput(this, "Download Key Command", { | |
value: | |
"aws secretsmanager get-secret-value --secret-id ec2-ssh-key/cdk-keypair/private --query SecretString --output text > cdk-key.pem && chmod 400 cdk-key.pem", | |
}); | |
// Output the public IP address of the EC2 instance | |
new cdk.CfnOutput(this, "IP Address", { | |
value: ec2Instance.instancePrivateIp, | |
}); | |
// Command to access the EC2 instance using SSH | |
new cdk.CfnOutput(this, "ssh command", { | |
value: | |
"ssh -i cdk-key.pem -o IdentitiesOnly=yes ec2-user@" + | |
ec2Instance.instancePrivateIp, | |
}); | |
const smIamRole = new iam.Role(this, "SageMakerDemo", { | |
assumedBy: new iam.ServicePrincipal("sagemaker.amazonaws.com"), | |
}); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment