Almost ready
parent
fc5845f88a
commit
03ac8003e2
17
cdk/app.py
17
cdk/app.py
|
@ -6,14 +6,15 @@ from sfec2.sci_stack import VpcBasisStack
|
|||
|
||||
app = cdk.App()
|
||||
|
||||
cdkEnv = cdk.Environment(account=os.getenv('CDK_DEFAULT_ACCOUNT'),
|
||||
region="us-east-2")
|
||||
regionList = [ "us-east-2", "ap-southeast-1" ]
|
||||
|
||||
vpcStack = VpcBasisStack(app, "basis", env=cdkEnv )
|
||||
|
||||
deployList = [ "a", "b", "c" ]
|
||||
|
||||
for thing in deployList:
|
||||
SciInstancesStack(vpcStack, f"i-{thing}-s", thing=thing, env=cdkEnv )
|
||||
i = 0
|
||||
for region in regionList:
|
||||
cdkEnv = cdk.Environment(
|
||||
account=os.getenv('CDK_DEFAULT_ACCOUNT'),
|
||||
region=region)
|
||||
vpcStack = VpcBasisStack(app, f"v{i}", env=cdkEnv )
|
||||
SciInstancesStack(vpcStack, f"i-{i}", env=cdkEnv )
|
||||
i = i + 1
|
||||
|
||||
app.synth()
|
||||
|
|
|
@ -3,16 +3,19 @@ import aws_cdk as cdk
|
|||
import aws_cdk.aws_ec2 as ec2
|
||||
import aws_cdk.aws_iam as iam
|
||||
from constructs import Construct
|
||||
from aws_cdk.aws_s3_assets import Asset
|
||||
|
||||
class SciInstancesStack(cdk.Stack):
|
||||
|
||||
def __init__(self, vpcStack: Construct, construct_id:
|
||||
str, thing: str, env: cdk.Environment, **kwargs) -> None:
|
||||
str, env: cdk.Environment, **kwargs) -> None:
|
||||
super().__init__(vpcStack, construct_id, env=env, **kwargs)
|
||||
|
||||
thisVpc = vpcStack.vpc
|
||||
role = iam.Role(self, "InstanceSSM", assumed_by=iam.ServicePrincipal("ec2.amazonaws.com"))
|
||||
role.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("AmazonSSMManagedInstanceCore"))
|
||||
|
||||
imageId = ec2.LookupMachineImage(name='debian-11-amd64-20221219-1234', windows=False)
|
||||
ec2instance = ec2.Instance(self, f"i-{thing}",
|
||||
ec2instance = ec2.Instance(self, "ec2",
|
||||
vpc=vpcStack.vpc,
|
||||
instance_type=ec2.InstanceType("t2.nano"),
|
||||
machine_image=imageId,
|
||||
|
@ -22,7 +25,21 @@ class SciInstancesStack(cdk.Stack):
|
|||
)
|
||||
],
|
||||
security_group = vpcStack.SciSG,
|
||||
role=role
|
||||
)
|
||||
# Script in S3 as Asset
|
||||
asset = Asset(self, "Asset", path=os.path.join("..", "init.sh"))
|
||||
local_path = ec2instance.user_data.add_s3_download_command(
|
||||
bucket=asset.bucket,
|
||||
bucket_key=asset.s3_object_key
|
||||
)
|
||||
|
||||
# Userdata executes script from S3
|
||||
ec2instance.user_data.add_execute_file_command(
|
||||
file_path=local_path
|
||||
)
|
||||
asset.grant_read(ec2instance.role)
|
||||
|
||||
|
||||
class VpcBasisStack(cdk.Stack):
|
||||
|
||||
|
@ -39,11 +56,17 @@ class VpcBasisStack(cdk.Stack):
|
|||
cidr_mask = 26
|
||||
)
|
||||
],
|
||||
nat_gateways = 3
|
||||
nat_gateways = 0
|
||||
)
|
||||
|
||||
# Create standard Security Group for all EC2 instances
|
||||
self.SciSG = ec2.SecurityGroup(self, 'Sci-sg', vpc=self.vpc,
|
||||
allow_all_outbound=True, security_group_name='Sci-sg' );
|
||||
allow_all_outbound=True, security_group_name='Sci-sg' )
|
||||
self.SciSG.add_ingress_rule(peer=ec2.Peer.ipv4('173.79.190.162/32'),
|
||||
connection=ec2.Port.tcp(22), description="ssh in from home")
|
||||
self.SciSG.add_ingress_rule(peer=ec2.Peer.any_ipv6(),
|
||||
connection=ec2.Port.tcp(80), description="HTTP open to the world, ipv6")
|
||||
self.SciSG.add_ingress_rule(peer=ec2.Peer.any_ipv4(),
|
||||
connection=ec2.Port.tcp(80), description="HTTP open to the world, ipv4")
|
||||
|
||||
app = cdk.App()
|
||||
|
|
Loading…
Reference in New Issue