AWS CDK Stack - VPC ,4AZ, 1NG, Secret Manager, AWS Aurora replication, Clouud9

base-stack-vpc-rds-cloud-9.ts

import * as cdk from '@aws-cdk/core';
import * as ec2 from '@aws-cdk/aws-ec2';
import * as secretsManager from '@aws-cdk/aws-secretsmanager';
import * as  ssm from '@aws-cdk/aws-ssm';
import { ISecurityGroup, SecurityGroup } from '@aws-cdk/aws-ec2';
import * as rds from '@aws-cdk/aws-rds';
import * as cloud9 from '@aws-cdk/aws-cloud9';

export interface CdkBaseStackProps extends cdk.StackProps {
  stage: string,
  vpc?: ec2.Vpc
}
export class BaseStack extends cdk.Stack {
  public readonly vpc: ec2.Vpc;
  public readonly defaultSecurityGroup: ISecurityGroup;
  public readonly databaseCredentialsSecret: secretsManager.Secret;
  public readonly rdsCluster: rds.DatabaseCluster;
  constructor(scope: cdk.Construct, id: string, props: CdkBaseStackProps) {
    super(scope, id, props);

    if(!props.vpc){
      const vpc = new ec2.Vpc(this, `VPC-${props?.stage}`, {
        natGateways: 1,
        maxAzs: 4,
      });
  
      this.vpc = vpc;
    }
    else{
      this.vpc = props.vpc;
    }

    // first, lets generate a secret to be used as credentials for our database
    this.databaseCredentialsSecret = new secretsManager.Secret(this, `${props?.stage}-DBCredentialsSecret`, {
      secretName: `${props?.stage}-rds-credentials`,
      generateSecretString: {
        secretStringTemplate: JSON.stringify({
          username: 'postgres',
        }),
        excludePunctuation: true,
        includeSpace: false,
        generateStringKey: 'password'
      }
    });

    // lets output a few properties to help use find the credentials 
    new cdk.CfnOutput(this, 'Secret Name', { value: this.databaseCredentialsSecret.secretName });
    new cdk.CfnOutput(this, 'Secret ARN', { value: this.databaseCredentialsSecret.secretArn });
    new cdk.CfnOutput(this, 'Secret Full ARN', { value: this.databaseCredentialsSecret.secretFullArn || '' });

    // next, create a new string parameter to be use
    new ssm.StringParameter(this, 'DBCredentialsArn', {
      parameterName: `${props?.stage}-credentials-arn`,
      stringValue: this.databaseCredentialsSecret.secretArn,
    });

    // get the default security group
    this.defaultSecurityGroup = SecurityGroup.fromSecurityGroupId(this, "SG", this.vpc.vpcDefaultSecurityGroup);

    // finally, lets configure and create our database!
    const rdsConfig: rds.DatabaseClusterProps = {
      engine: rds.DatabaseClusterEngine.auroraPostgres({ version: rds.AuroraPostgresEngineVersion.VER_11_9 }),
      instanceProps: {
        instanceType: new ec2.InstanceType('t3.large'),
        vpc: this.vpc,
        vpcSubnets: {
          subnetType: ec2.SubnetType.PRIVATE,
        },
        securityGroups: [this.defaultSecurityGroup],
      },
      iamAuthentication: true,
      instances: 2,
      clusterIdentifier: `${props?.stage}`,
      credentials: rds.Credentials.fromSecret(this.databaseCredentialsSecret), // Get both username and password from existing secret
    }

    this.rdsCluster = new rds.DatabaseCluster(this, `${props?.stage}-cluster`, rdsConfig);

    // https://rdspg.workshop.aws/lab8-dbatasks.html
    // use cloud9 to access db
    const c9env = new cloud9.Ec2Environment(this, 'Cloud9Env3', {
      vpc: this.vpc,
      subnetSelection: {
        subnetType: ec2.SubnetType.PRIVATE
      },
      instanceType: new ec2.InstanceType('t2.micro')
    });

    // print the Cloud9 IDE URL in the output
    new cdk.CfnOutput(this, 'URL', { value: c9env.ideUrl });
  }
}