allenmichael · July 15, 2020 20:46
diff --git a/cdk.ts b/cdk.ts
 import * as cdk from '@aws-cdk/core';
 import * as ec2 from "@aws-cdk/aws-ec2";
 import * as ecs from "@aws-cdk/aws-ecs";
 import * as secrets from "@aws-cdk/aws-secretsmanager";
 import * as ecs_patterns from "@aws-cdk/aws-ecs-patterns";
 import { Aws } from '@aws-cdk/core';

 export class CdkStack extends cdk.Stack {
  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    // The code that defines your stack goes here
    // const vpc = ec2.Vpc.fromLookup(this, 'MyExistingVPC', { isDefault: true });
    const vpc = new ec2.Vpc(this, "EsotericVPC", {
      maxAzs: 3, // Default is all AZs in region,
      cidr: "10.0.0.0/24",
      enableDnsSupport: true,
      enableDnsHostnames: true
    });

    const cluster = new ecs.Cluster(this, "EsotericCluster", {
      vpc,
      clusterName: "EsotericCluster"
    });

    cluster.addDefaultCloudMapNamespace({
      name: "esoteric"
    });

    const bastionSecurityGroup = new ec2.SecurityGroup(this, "BastionSecurityGroup", {
      allowAllOutbound: true,
      description: "Security group allowing Bastion server access to the Esoteric service.",
      vpc
    });

    const bastionIngress = new ec2.CfnSecurityGroupIngress(this, "BastionIngress", {
      ipProtocol: "TCP",
      sourceSecurityGroupId: bastionSecurityGroup.securityGroupId,
      fromPort: 80,
      toPort: 80,
      groupId: bastionSecurityGroup.securityGroupId
    })

    const wordOfPower = new cdk.CfnParameter(this, "WordOfPower", {
      type: "String",
      description: "Word of power to enter.",
      noEcho: true
    });

    const secret = new secrets.Secret(this, 'TemplatedSecret', {
      generateSecretString: {
        secretStringTemplate: wordOfPower.valueAsString,
        generateStringKey: 'wordOfPower'
      },
    });

    const taskDef = new ecs.TaskDefinition(this, "EsotericService", {
      compatibility: ecs.Compatibility.EC2_AND_FARGATE,
      cpu: "256",
      memoryMiB: "512",
    });

    const addedImage = taskDef.addContainer("EsotericContainer", {
      image: ecs.ContainerImage.fromRegistry("amsxbg/esoteric:1.0.3"),
      memoryReservationMiB: 512,
      logging: ecs.LogDriver.awsLogs({
        streamPrefix: "esoteric-api"
      }),
      secrets: {
        WORD_OF_POWER: ecs.Secret.fromSecretsManager(secret)
      }
    });

    addedImage.addPortMappings({
      containerPort: 80,
      hostPort: 80,
      protocol: ecs.Protocol.TCP
    });

    const fargateService = new ecs.FargateService(this, "EsotericFargateService", {
      taskDefinition: taskDef,
      cluster: cluster,
      securityGroup: bastionSecurityGroup,
      desiredCount: 6,
      cloudMapOptions: {
        cloudMapNamespace: cluster.defaultCloudMapNamespace,
        name: "esoteric-api"
      }
    });


    const scaling = fargateService.autoScaleTaskCount({ maxCapacity: 10 });
    scaling.scaleOnCpuUtilization('CpuScaling', {
      targetUtilizationPercent: 50
    });
    scaling.scaleOnMemoryUtilization('MemoryScaling', {
      targetUtilizationPercent: 50
    })

    const login = new ec2.BastionHostLinux(this, "EsotericBastion", {
      vpc,
      securityGroup: bastionSecurityGroup,
      instanceName: "EsotericBastion",
      
    });
  

    // Create a load-balanced Fargate service and make it public
    // new ecs_patterns.ApplicationLoadBalancedFargateService(this, "EsotericService", {
    //   cluster: cluster, // Required
    //   cpu: 512, // Default is 256
    //   desiredCount: 6, // Default is 1
    //   taskImageOptions: {
    //     image: ecs.ContainerImage.fromRegistry("amsxbg/esoteric:1.0.3"),
    //     secrets: {
    //       WORD_OF_POWER: ecs.Secret.fromSecretsManager(secret)
    //     }
    //   },
    //   memoryLimitMiB: 2048, // Default is 512
    //   publicLoadBalancer: true, // Default is false,
    // });
  }
 }
	import * as cdk from '@aws-cdk/core';
	import * as ec2 from "@aws-cdk/aws-ec2";
	import * as ecs from "@aws-cdk/aws-ecs";
	import * as secrets from "@aws-cdk/aws-secretsmanager";
	import * as ecs_patterns from "@aws-cdk/aws-ecs-patterns";
	import { Aws } from '@aws-cdk/core';

	export class CdkStack extends cdk.Stack {
	constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
	super(scope, id, props);

	// The code that defines your stack goes here
	// const vpc = ec2.Vpc.fromLookup(this, 'MyExistingVPC', { isDefault: true });
	const vpc = new ec2.Vpc(this, "EsotericVPC", {
	maxAzs: 3, // Default is all AZs in region,
	cidr: "10.0.0.0/24",
	enableDnsSupport: true,
	enableDnsHostnames: true
	});

	const cluster = new ecs.Cluster(this, "EsotericCluster", {
	vpc,
	clusterName: "EsotericCluster"
	});

	cluster.addDefaultCloudMapNamespace({
	name: "esoteric"
	});

	const bastionSecurityGroup = new ec2.SecurityGroup(this, "BastionSecurityGroup", {
	allowAllOutbound: true,
	description: "Security group allowing Bastion server access to the Esoteric service.",
	vpc
	});

	const bastionIngress = new ec2.CfnSecurityGroupIngress(this, "BastionIngress", {
	ipProtocol: "TCP",
	sourceSecurityGroupId: bastionSecurityGroup.securityGroupId,
	fromPort: 80,
	toPort: 80,
	groupId: bastionSecurityGroup.securityGroupId
	})

	const wordOfPower = new cdk.CfnParameter(this, "WordOfPower", {
	type: "String",
	description: "Word of power to enter.",
	noEcho: true
	});

	const secret = new secrets.Secret(this, 'TemplatedSecret', {
	generateSecretString: {
	secretStringTemplate: wordOfPower.valueAsString,
	generateStringKey: 'wordOfPower'
	},
	});

	const taskDef = new ecs.TaskDefinition(this, "EsotericService", {
	compatibility: ecs.Compatibility.EC2_AND_FARGATE,
	cpu: "256",
	memoryMiB: "512",
	});

	const addedImage = taskDef.addContainer("EsotericContainer", {
	image: ecs.ContainerImage.fromRegistry("amsxbg/esoteric:1.0.3"),
	memoryReservationMiB: 512,
	logging: ecs.LogDriver.awsLogs({
	streamPrefix: "esoteric-api"
	}),
	secrets: {
	WORD_OF_POWER: ecs.Secret.fromSecretsManager(secret)
	}
	});

	addedImage.addPortMappings({
	containerPort: 80,
	hostPort: 80,
	protocol: ecs.Protocol.TCP
	});

	const fargateService = new ecs.FargateService(this, "EsotericFargateService", {
	taskDefinition: taskDef,
	cluster: cluster,
	securityGroup: bastionSecurityGroup,
	desiredCount: 6,
	cloudMapOptions: {
	cloudMapNamespace: cluster.defaultCloudMapNamespace,
	name: "esoteric-api"
	}
	});


	const scaling = fargateService.autoScaleTaskCount({ maxCapacity: 10 });
	scaling.scaleOnCpuUtilization('CpuScaling', {
	targetUtilizationPercent: 50
	});
	scaling.scaleOnMemoryUtilization('MemoryScaling', {
	targetUtilizationPercent: 50
	})

	const login = new ec2.BastionHostLinux(this, "EsotericBastion", {
	vpc,
	securityGroup: bastionSecurityGroup,
	instanceName: "EsotericBastion",

	});


	// Create a load-balanced Fargate service and make it public
	// new ecs_patterns.ApplicationLoadBalancedFargateService(this, "EsotericService", {
	// cluster: cluster, // Required
	// cpu: 512, // Default is 256
	// desiredCount: 6, // Default is 1
	// taskImageOptions: {
	// image: ecs.ContainerImage.fromRegistry("amsxbg/esoteric:1.0.3"),
	// secrets: {
	// WORD_OF_POWER: ecs.Secret.fromSecretsManager(secret)
	// }
	// },
	// memoryLimitMiB: 2048, // Default is 512
	// publicLoadBalancer: true, // Default is false,
	// });
	}
	}