kritro
kritro
/ variables.ts
Last active
May 20, 2021 07:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Variables with example values behind comment | |
| const volumeEncryptionKey = ssm.StringParameter.valueForStringParameter(this, '/acme/cdk/ec2/VolumeKmsKeyId'); //arn:aws:kms:eu-west-1:2222222222222:key/1234567-98765432-asdf-987654321234 | |
| var servername = ssm.StringParameter.valueForStringParameter(this, '/acme/cdk/ec2/app-mysql/servername'); //app-mysql-001 | |
| const environment = ssm.StringParameter.valueForStringParameter(this, '/acme/cdk/ec2/app-mysql/environment'); //test | |
| const serverkey = ssm.StringParameter.valueForStringParameter(this, '/acme/cdk/ec2/app-mysql/serverkey'); //acmekey, key must exist in account | |
| const serverdescription = ssm.StringParameter.valueForStringParameter(this, '/acme/cdk/ec2/app-mysql/serverdescription');//mysql server | |
| var instancetypeparam = ssm.StringParameter.valueForStringParameter(this, '/acme/cdk/ec2/app-mysql/instancetype'); //t3.medium | |
| const domainJoinDocument = ssm.StringParameter.valueForStringParameter(this, '/acme/cdk/ec2/app-mysql/domainJoinD |
kritro
/ instancetype.ts
Last active
May 20, 2021 07:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Set default value to be t3.medium | |
| var instancetype = ec2.InstanceType.of( | |
| ec2.InstanceClass.T3, | |
| ec2.InstanceSize.MEDIUM | |
| ); | |
| //Check the instancetypeparam from ssm param store and change the instance type accordingly | |
| if (instancetypeparam == "m5.large"){ | |
| instancetype = ec2.InstanceType.of( | |
| ec2.InstanceClass.M5, | |
| ec2.InstanceSize.LARGE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Create vpc object from the vpc in the account that has the name acme-standard-vpc | |
| const vpc = ec2.Vpc.fromLookup(this, 'VPC', { | |
| vpcName: 'acme-standard-vpc' | |
| }); |
kritro
/ privatesubnet.ts
Last active
May 20, 2021 07:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Get subnetid from another stack | |
| var subnet1Id = cdk.Fn.importValue('infra-acme-network-stack-private-sn-1'); | |
| //Create the subnet selection which is the type the L2 construct Instance expect | |
| const subnet = vpc.selectSubnets({ | |
| subnets:[ | |
| ec2.Subnet.fromSubnetAttributes(this, 'subnet1', { | |
| subnetId: subnet1Id, | |
| availabilityZone: 'eu-west-1a' | |
| }) |
kritro
/ subnet1.ts
Last active
May 20, 2021 07:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Get subnetid from static value, you could also use CfnImport to import from another stack | |
| var publicSubnet1Id = "subnet-98765432123456"; | |
| //Create the subnet selection which is the type the nlb requires | |
| const publicSubnet = vpc.selectSubnets({ | |
| subnets:[ | |
| ec2.Subnet.fromSubnetAttributes(this, 'publicSubnet1', { | |
| subnetId: publicSubnet1Id, | |
| availabilityZone: 'eu-west-1a' | |
| }) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Network load balancer | |
| const nlb = new elbv2.NetworkLoadBalancer(this, 'NLB', { | |
| vpc, | |
| internetFacing: true, | |
| vpcSubnets: publicSubnet, | |
| loadBalancerName: "app-mysql-nlb-public", | |
| crossZoneEnabled: false | |
| }); | |
| cdk.Tags.of(nlb).add("Name", servername+"-network-load-balancer"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Create the IAM Role | |
| const role = new iam.Role(this, 'app-mysql-server-role', { | |
| assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com') | |
| }) | |
| //Add some AWS managed policies to that role | |
| role.addManagedPolicy(iam.ManagedPolicy.fromManagedPolicyArn(this, "AmazonSSMAutomationRole", "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole")); | |
| role.addManagedPolicy(iam.ManagedPolicy.fromManagedPolicyArn(this, "AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore")); | |
| //Create the underlying json for the custom policy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const securityGroup = new ec2.SecurityGroup(this,'app-mysql-server-sg', | |
| { | |
| vpc: vpc, | |
| allowAllOutbound: true, // will let your instance send outboud traffic | |
| securityGroupName: 'app-mysql-server-sg', | |
| }) | |
| cdk.Tags.of(securityGroup).add("Name", servername+"-security-group"); |
kritro
/ publicip.ts
Last active
May 20, 2021 07:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const publicIp = require('public-ip'); | |
| async function waitForIP() { | |
| var ip = await publicIp.v4(); | |
| // console.log(ip); | |
| return ip; | |
| } | |
| function setLaptopIngressRule() { | |
| waitForIP().then(result => securityGroup.addIngressRule(ec2.Peer.ipv4(result+"/32"), ec2.Port.tcp(3389), 'Allows rdp access from laptop public')); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const dVolume = new ec2.Volume(this, 'Data', { | |
| availabilityZone: 'eu-west-1a', | |
| size: cdk.Size.gibibytes(volumeDsize), | |
| encrypted: true, | |
| volumeType: ec2.EbsDeviceVolumeType.GP3, | |
| encryptionKey: kms.Key.fromKeyArn(this, 'VolumeEncryptionKey', volumeEncryptionKey), | |
| }); | |
| cdk.Tags.of(dVolume).add("Name", servername+"-d-volume"); |
OlderNewer