initial commit

9 months ago · f268dc2514
parent 7af8e5e892
commit f268dc2514
8 changed files with 141 additions and 0 deletions
--- a/cdk/.gitignore
+++ b/cdk/.gitignore
@ -0,0 +1,10 @@
+*.swp
+package-lock.json
+__pycache__
+.pytest_cache
+.venv
+*.egg-info
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
--- a/cdk/README.md
+++ b/cdk/README.md
@ -0,0 +1,12 @@
+
+# Science Fair CDK app
+
+# Setup
+
+1. Install [nvm](https://github.com/nvm-sh/nvm)
+2. `npm install -g aws-cdk`
+
+# Deploy
+
+`cdk bootstrap`
+`cdk deploy --all`
--- a/cdk/app.py
+++ b/cdk/app.py
@ -0,0 +1,19 @@
+#!/usr/bin/env python3
+import os
+import aws_cdk as cdk
+from sfec2.sci_stack import SciInstancesStack
+from sfec2.sci_stack import VpcBasisStack
+
+app = cdk.App()
+
+cdkEnv = cdk.Environment(account=os.getenv('CDK_DEFAULT_ACCOUNT'),
+            region="us-east-2")
+
+vpcStack = VpcBasisStack(app, "basis", env=cdkEnv )
+
+deployList = [ "a", "b", "c" ]
+
+for thing in deployList:
+    SciInstancesStack(vpcStack, f"i-{thing}-s", thing=thing, env=cdkEnv )
+
+app.synth()
--- a/cdk/cdk.context.json
+++ b/cdk/cdk.context.json
@ -0,0 +1,7 @@
+{
+  "availability-zones:account=096320175891:region=us-east-2": [
+    "us-east-2a",
+    "us-east-2b",
+    "us-east-2c"
+  ]
+}
--- a/cdk/cdk.json
+++ b/cdk/cdk.json
@ -0,0 +1,38 @@
+{
+  "app": "python3 app.py",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "requirements*.txt",
+      "source.bat",
+      "**/__init__.py",
+      "python/__pycache__",
+      "tests"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true
+  }
+}
--- a/cdk/requirements.txt
+++ b/cdk/requirements.txt
@ -0,0 +1,2 @@
+aws-cdk-lib==2.57.0
+constructs>=10.0.0,<11.0.0
--- a/cdk/sfec2/init.py
+++ b/cdk/sfec2/init.py
--- a/cdk/sfec2/sci_stack.py
+++ b/cdk/sfec2/sci_stack.py
@ -0,0 +1,53 @@
+import os
+import aws_cdk as cdk
+import aws_cdk.aws_ec2 as ec2
+import aws_cdk.aws_iam as iam
+from constructs import Construct
+
+class SciInstancesStack(cdk.Stack):
+
+    def __init__(self, vpcStack: Construct, construct_id:
+        str, thing: str, env: cdk.Environment,  **kwargs) -> None:
+        super().__init__(vpcStack, construct_id, env=env, **kwargs)
+
+        thisVpc  = vpcStack.vpc
+        ec2instance = ec2.Instance(self, f"i-{thing}",
+            vpc=vpcStack.vpc,
+            instance_type=ec2.InstanceType("t2.nano"),
+            machine_image=ec2.AmazonLinuxImage(),
+            block_devices=[ec2.BlockDevice(
+                device_name="/dev/sda1",
+                volume=ec2.BlockDeviceVolume.ebs(50),
+                )
+            ],
+            security_group = vpcStack.SciSG,
+        )
+
+class VpcBasisStack(cdk.Stack):
+
+    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
+        super().__init__(scope, construct_id, **kwargs)
+
+        self.vpc = ec2.Vpc(self, 'out-vpc',
+            cidr = "172.17.0.0/18",
+            max_azs = 3,
+            subnet_configuration=[
+                ec2.SubnetConfiguration(
+                    name = 'pub',
+                    subnet_type = ec2.SubnetType.PUBLIC,
+                    cidr_mask = 26
+                ),
+                ec2.SubnetConfiguration(
+                    name = 'pri',
+                    subnet_type = ec2.SubnetType.PRIVATE_WITH_NAT,
+                    cidr_mask = 20
+                )
+            ],
+            nat_gateways = 3
+        )
+
+        # Create standard Security Group for all EC2 instances
+        self.SciSG = ec2.SecurityGroup(self, 'Sci-sg', vpc=self.vpc,
+            allow_all_outbound=True, security_group_name='Sci-sg' );
+
+app = cdk.App()