Last active
October 22, 2019 11:18
-
-
Save rich-nahra/90add68c317b36b97e422bd935637945 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import cdk = require('@aws-cdk/core'); | |
import ec2 = require('@aws-cdk/aws-ec2'); | |
export class DnsStack extends cdk.Stack { | |
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) { | |
super(scope, id, props); | |
const numVpc = 1 | |
const keyName = 'mykp' //cdk doesn't seem to have api for ec2 keypair. create manually. | |
const remoteSubnets = ['x.x.x.x/x'] | |
const remoteWanIP = 'x.x.x.x' | |
for (let index = 1; index <= numVpc; index++) { | |
const vpc = new ec2.Vpc(this, `vpc${index}`, { | |
cidr: `10.${index-1}.0.0/20`, | |
maxAzs: 2, | |
subnetConfiguration: [ | |
{ | |
name: `vpc${index}-private`, | |
subnetType: ec2.SubnetType.PRIVATE, | |
}, | |
{ | |
name: `vpc${index}-public`, | |
subnetType: ec2.SubnetType.PUBLIC | |
} | |
], | |
vpnGateway: true, | |
}) | |
const vpn = vpc.addVpnConnection(`vpn${index}`, { | |
ip: remoteWanIP, | |
staticRoutes: remoteSubnets | |
}) | |
const sg = new ec2.SecurityGroup(this, `vpn${index}`, { | |
vpc | |
}) | |
vpc.availabilityZones.forEach((az, i) => { | |
i++; | |
let vm = new ec2.Instance(this, `vpc${index}-vm${i}`, { | |
vpc: vpc, | |
instanceName: `vpc${index}-vm${i}`, | |
keyName, | |
instanceType: new ec2.InstanceType('t2.micro'), | |
machineImage: new ec2.AmazonLinuxImage(), | |
availabilityZone: az, | |
}) | |
vm.connections.allowInternally(ec2.Port.tcp(22)) | |
vm.connections.allowFromAnyIpv4(ec2.Port.allIcmp()); | |
vm.connections.addSecurityGroup(sg); | |
remoteSubnets.forEach(s => { | |
vm.connections.allowFrom(ec2.Peer.ipv4(s), ec2.Port.tcp(22), 'allow ssh over vpn from customer subnet') | |
}) | |
}) | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment