MarkusWendorf · January 20, 2023 10:19
diff --git a/Fargate.ts b/Fargate.ts
 import { Duration, Stack } from "aws-cdk-lib";
 import * as ec2 from "aws-cdk-lib/aws-ec2";
 import { DockerImageAsset } from "aws-cdk-lib/aws-ecr-assets";
 import * as ecs from "aws-cdk-lib/aws-ecs";
 import * as ecsPatterns from "aws-cdk-lib/aws-ecs-patterns";
 import { ApplicationProtocol } from "aws-cdk-lib/aws-elasticloadbalancingv2";
 import * as route53 from "aws-cdk-lib/aws-route53";
 import * as path from "path";

 export function addFargateCluster(
  stack: Stack,
 ) {
  const vpc = new ec2.Vpc(stack, "KcFargateVpc", {
    natGateways: 1, // important - keep as small as possible
    vpnGateway: false,
    maxAzs: 2, // at least two subnets in two different Availability Zones must be specified
    subnetConfiguration: [
      { name: "public", subnetType: ec2.SubnetType.PUBLIC },
      { name: "private", subnetType: ec2.SubnetType.PRIVATE_WITH_NAT },
    ],
  });

  const securityGroup = new ec2.SecurityGroup(stack, "SecurityGroup", {
    vpc,
  });

  securityGroup.connections.allowInternally(ec2.Port.allTcp());
  securityGroup.connections.allowFromAnyIpv4(ec2.Port.allTcp()); 

  const hostedZone = route53.HostedZone.fromHostedZoneAttributes(stack, "HostedZone", {
    zoneName: "sso.altow.io",
    hostedZoneId: "Z050392598DMPNRFL81U",
  });

  const keycloakImage = new DockerImageAsset(stack, "KeycloakImage", {
    directory: path.join(process.cwd(), "keycloak"),
  });

  const taskDefinition = new ecs.TaskDefinition(stack, "TaskDef", {
    memoryMiB: "1024",
    cpu: "1024",
    networkMode: ecs.NetworkMode.AWS_VPC,
    compatibility: ecs.Compatibility.FARGATE,
  });

  taskDefinition.addContainer("Container", {
    image: ecs.ContainerImage.fromDockerImageAsset(keycloakImage),
    portMappings: [{ containerPort: 8080, hostPort: 8080 }],
    logging: ecs.LogDriver.awsLogs({
      streamPrefix: "build-status-app",
    }),
  });

  const cluster = new ecs.Cluster(stack, "KcFargateCluster", { vpc });
  const fargate = new ecsPatterns.ApplicationLoadBalancedFargateService(stack, "Fargate", {
    domainName: "build-status-whatever.cwp.roche.com",
    cluster,
    desiredCount: 1,
    securityGroups: [securityGroup],
    taskDefinition,
    publicLoadBalancer: true,
    assignPublicIp: true,
    healthCheckGracePeriod: Duration.seconds(10),
    protocol: ApplicationProtocol.HTTPS,
    domainZone: hostedZone,
  });

  fargate.targetGroup.setAttribute("deregistration_delay.timeout_seconds", "10");

  return fargate;
 }
	import { Duration, Stack } from "aws-cdk-lib";
	import * as ec2 from "aws-cdk-lib/aws-ec2";
	import { DockerImageAsset } from "aws-cdk-lib/aws-ecr-assets";
	import * as ecs from "aws-cdk-lib/aws-ecs";
	import * as ecsPatterns from "aws-cdk-lib/aws-ecs-patterns";
	import { ApplicationProtocol } from "aws-cdk-lib/aws-elasticloadbalancingv2";
	import * as route53 from "aws-cdk-lib/aws-route53";
	import * as path from "path";

	export function addFargateCluster(
	stack: Stack,
	) {
	const vpc = new ec2.Vpc(stack, "KcFargateVpc", {
	natGateways: 1, // important - keep as small as possible
	vpnGateway: false,
	maxAzs: 2, // at least two subnets in two different Availability Zones must be specified
	subnetConfiguration: [
	{ name: "public", subnetType: ec2.SubnetType.PUBLIC },
	{ name: "private", subnetType: ec2.SubnetType.PRIVATE_WITH_NAT },
	],
	});

	const securityGroup = new ec2.SecurityGroup(stack, "SecurityGroup", {
	vpc,
	});

	securityGroup.connections.allowInternally(ec2.Port.allTcp());
	securityGroup.connections.allowFromAnyIpv4(ec2.Port.allTcp());

	const hostedZone = route53.HostedZone.fromHostedZoneAttributes(stack, "HostedZone", {
	zoneName: "sso.altow.io",
	hostedZoneId: "Z050392598DMPNRFL81U",
	});

	const keycloakImage = new DockerImageAsset(stack, "KeycloakImage", {
	directory: path.join(process.cwd(), "keycloak"),
	});

	const taskDefinition = new ecs.TaskDefinition(stack, "TaskDef", {
	memoryMiB: "1024",
	cpu: "1024",
	networkMode: ecs.NetworkMode.AWS_VPC,
	compatibility: ecs.Compatibility.FARGATE,
	});

	taskDefinition.addContainer("Container", {
	image: ecs.ContainerImage.fromDockerImageAsset(keycloakImage),
	portMappings: [{ containerPort: 8080, hostPort: 8080 }],
	logging: ecs.LogDriver.awsLogs({
	streamPrefix: "build-status-app",
	}),
	});

	const cluster = new ecs.Cluster(stack, "KcFargateCluster", { vpc });
	const fargate = new ecsPatterns.ApplicationLoadBalancedFargateService(stack, "Fargate", {
	domainName: "build-status-whatever.cwp.roche.com",
	cluster,
	desiredCount: 1,
	securityGroups: [securityGroup],
	taskDefinition,
	publicLoadBalancer: true,
	assignPublicIp: true,
	healthCheckGracePeriod: Duration.seconds(10),
	protocol: ApplicationProtocol.HTTPS,
	domainZone: hostedZone,
	});

	fargate.targetGroup.setAttribute("deregistration_delay.timeout_seconds", "10");

	return fargate;
	}