Created
February 27, 2023 23:03
-
-
Save zvictor/eedb2b5ca6756cd05e5def9081a4442e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import * as cdk from 'aws-cdk-lib' | |
| import * as ec2 from 'aws-cdk-lib/aws-ec2' | |
| import * as ecs from 'aws-cdk-lib/aws-ecs' | |
| import * as efs from 'aws-cdk-lib/aws-efs' | |
| import * as logs from 'aws-cdk-lib/aws-logs' | |
| export class BaseStack extends cdk.Stack { | |
| constructor(scope: cdk.App, id: string, environment: Record<string, string>, props?: cdk.StackProps) { | |
| super(scope, id, props) | |
| const vpc = new ec2.Vpc(this, `${id}-Vpc`, { | |
| natGateways: 0, | |
| maxAzs: 2, | |
| enableDnsHostnames: true, | |
| enableDnsSupport: true, | |
| }) | |
| const securityGroup = new ec2.SecurityGroup(this, `${id}-security-group`, { | |
| vpc, | |
| allowAllOutbound: true, | |
| }) | |
| const cluster = new ecs.Cluster(this, `${id}-Cluster`, { | |
| vpc, | |
| }) | |
| const fileSystem = new efs.FileSystem(this, `${id}-FileSystem`, { | |
| vpc, | |
| encrypted: true, | |
| performanceMode: efs.PerformanceMode.MAX_IO, | |
| lifecyclePolicy: efs.LifecyclePolicy.AFTER_7_DAYS, | |
| removalPolicy: cdk.RemovalPolicy.RETAIN, | |
| }) | |
| fileSystem.connections.addSecurityGroup(securityGroup) | |
| fileSystem.connections.allowInternally(ec2.Port.tcp(22)) | |
| fileSystem.connections.allowInternally(ec2.Port.tcp(2049)) | |
| const accessPoint = new efs.AccessPoint(this, `${id}-AccessPoint`, { | |
| fileSystem, | |
| path: '/data', | |
| createAcl: { | |
| ownerGid: '999', // user created in Dockerfile | |
| ownerUid: '999', // user created in Dockerfile | |
| permissions: '777', | |
| }, | |
| posixUser: { | |
| uid: '999', // user created in Dockerfile | |
| gid: '999', // user created in Dockerfile | |
| }, | |
| }) | |
| const volumeName = 'efs-data' | |
| const image = ecs.ContainerImage.fromAsset('../services/whatsapp-listener', { | |
| file: './deployment/Dockerfile', | |
| }) | |
| const taskDefinition = new ecs.TaskDefinition(this, `${id}-TaskDefinition`, { | |
| family: `${id}-TaskDefinition`, | |
| memoryMiB: `512`, | |
| cpu: `256`, | |
| compatibility: ecs.Compatibility.EC2_AND_FARGATE, | |
| networkMode: ecs.NetworkMode.AWS_VPC, | |
| }) | |
| taskDefinition.addVolume({ | |
| name: volumeName, | |
| efsVolumeConfiguration: { | |
| fileSystemId: fileSystem.fileSystemId, | |
| transitEncryption: 'ENABLED', | |
| authorizationConfig: { | |
| accessPointId: accessPoint.accessPointId, | |
| }, | |
| }, | |
| }) | |
| const logGroup = new logs.LogGroup(this, `${id}-ContainerLogGroup`, { | |
| logGroupName: `${id}-LogGroup`, | |
| removalPolicy: cdk.RemovalPolicy.DESTROY, | |
| retention: logs.RetentionDays.ONE_WEEK, | |
| }) | |
| const logging = new ecs.AwsLogDriver({ | |
| logGroup, | |
| streamPrefix: id, | |
| mode: ecs.AwsLogDriverMode.NON_BLOCKING, | |
| }) | |
| const container = taskDefinition.addContainer(`${id}-Container`, { | |
| image, | |
| memoryLimitMiB: 512, | |
| cpu: 256, | |
| logging, | |
| environment, | |
| }) | |
| container.addMountPoints({ | |
| containerPath: '/data', | |
| sourceVolume: volumeName, | |
| readOnly: false, | |
| }) | |
| const service = new ecs.FargateService(this, `${id}-Service`, { | |
| enableExecuteCommand: true, | |
| taskDefinition, | |
| desiredCount: 1, | |
| cluster, | |
| vpcSubnets: { subnets: vpc.publicSubnets }, | |
| securityGroups: [securityGroup], | |
| capacityProviderStrategies: [ | |
| { | |
| capacityProvider: 'FARGATE_SPOT', | |
| weight: 100, | |
| base: 1, | |
| }, | |
| { | |
| capacityProvider: 'FARGATE', | |
| weight: 1, | |
| }, | |
| ], | |
| assignPublicIp: true, | |
| }) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment