Created
July 13, 2021 03:07
-
-
Save fourgates/7f78e406b12b32bbe104cf970755cffa to your computer and use it in GitHub Desktop.
AWS CDK Stack - VPC ,4AZ, 1NG, Secret Manager, AWS Aurora replication, Clouud9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import * as cdk from '@aws-cdk/core'; | |
| import * as ec2 from '@aws-cdk/aws-ec2'; | |
| import * as secretsManager from '@aws-cdk/aws-secretsmanager'; | |
| import * as ssm from '@aws-cdk/aws-ssm'; | |
| import { ISecurityGroup, SecurityGroup } from '@aws-cdk/aws-ec2'; | |
| import * as rds from '@aws-cdk/aws-rds'; | |
| import * as cloud9 from '@aws-cdk/aws-cloud9'; | |
| export interface CdkBaseStackProps extends cdk.StackProps { | |
| stage: string, | |
| vpc?: ec2.Vpc | |
| } | |
| export class BaseStack extends cdk.Stack { | |
| public readonly vpc: ec2.Vpc; | |
| public readonly defaultSecurityGroup: ISecurityGroup; | |
| public readonly databaseCredentialsSecret: secretsManager.Secret; | |
| public readonly rdsCluster: rds.DatabaseCluster; | |
| constructor(scope: cdk.Construct, id: string, props: CdkBaseStackProps) { | |
| super(scope, id, props); | |
| if(!props.vpc){ | |
| const vpc = new ec2.Vpc(this, `VPC-${props?.stage}`, { | |
| natGateways: 1, | |
| maxAzs: 4, | |
| }); | |
| this.vpc = vpc; | |
| } | |
| else{ | |
| this.vpc = props.vpc; | |
| } | |
| // first, lets generate a secret to be used as credentials for our database | |
| this.databaseCredentialsSecret = new secretsManager.Secret(this, `${props?.stage}-DBCredentialsSecret`, { | |
| secretName: `${props?.stage}-rds-credentials`, | |
| generateSecretString: { | |
| secretStringTemplate: JSON.stringify({ | |
| username: 'postgres', | |
| }), | |
| excludePunctuation: true, | |
| includeSpace: false, | |
| generateStringKey: 'password' | |
| } | |
| }); | |
| // lets output a few properties to help use find the credentials | |
| new cdk.CfnOutput(this, 'Secret Name', { value: this.databaseCredentialsSecret.secretName }); | |
| new cdk.CfnOutput(this, 'Secret ARN', { value: this.databaseCredentialsSecret.secretArn }); | |
| new cdk.CfnOutput(this, 'Secret Full ARN', { value: this.databaseCredentialsSecret.secretFullArn || '' }); | |
| // next, create a new string parameter to be use | |
| new ssm.StringParameter(this, 'DBCredentialsArn', { | |
| parameterName: `${props?.stage}-credentials-arn`, | |
| stringValue: this.databaseCredentialsSecret.secretArn, | |
| }); | |
| // get the default security group | |
| this.defaultSecurityGroup = SecurityGroup.fromSecurityGroupId(this, "SG", this.vpc.vpcDefaultSecurityGroup); | |
| // finally, lets configure and create our database! | |
| const rdsConfig: rds.DatabaseClusterProps = { | |
| engine: rds.DatabaseClusterEngine.auroraPostgres({ version: rds.AuroraPostgresEngineVersion.VER_11_9 }), | |
| instanceProps: { | |
| instanceType: new ec2.InstanceType('t3.large'), | |
| vpc: this.vpc, | |
| vpcSubnets: { | |
| subnetType: ec2.SubnetType.PRIVATE, | |
| }, | |
| securityGroups: [this.defaultSecurityGroup], | |
| }, | |
| iamAuthentication: true, | |
| instances: 2, | |
| clusterIdentifier: `${props?.stage}`, | |
| credentials: rds.Credentials.fromSecret(this.databaseCredentialsSecret), // Get both username and password from existing secret | |
| } | |
| this.rdsCluster = new rds.DatabaseCluster(this, `${props?.stage}-cluster`, rdsConfig); | |
| // https://rdspg.workshop.aws/lab8-dbatasks.html | |
| // use cloud9 to access db | |
| const c9env = new cloud9.Ec2Environment(this, 'Cloud9Env3', { | |
| vpc: this.vpc, | |
| subnetSelection: { | |
| subnetType: ec2.SubnetType.PRIVATE | |
| }, | |
| instanceType: new ec2.InstanceType('t2.micro') | |
| }); | |
| // print the Cloud9 IDE URL in the output | |
| new cdk.CfnOutput(this, 'URL', { value: c9env.ideUrl }); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment