From f268dc25143e4724d5a967e7d152a9a416d56f09 Mon Sep 17 00:00:00 2001 From: Paco Hope Date: Wed, 28 Dec 2022 21:06:23 -0500 Subject: [PATCH] initial commit --- cdk/.gitignore | 10 ++++++++ cdk/README.md | 12 ++++++++++ cdk/app.py | 19 +++++++++++++++ cdk/cdk.context.json | 7 ++++++ cdk/cdk.json | 38 ++++++++++++++++++++++++++++++ cdk/requirements.txt | 2 ++ cdk/sfec2/__init__.py | 0 cdk/sfec2/sci_stack.py | 53 ++++++++++++++++++++++++++++++++++++++++++ 8 files changed, 141 insertions(+) create mode 100644 cdk/.gitignore create mode 100644 cdk/README.md create mode 100644 cdk/app.py create mode 100644 cdk/cdk.context.json create mode 100644 cdk/cdk.json create mode 100644 cdk/requirements.txt create mode 100644 cdk/sfec2/__init__.py create mode 100644 cdk/sfec2/sci_stack.py diff --git a/cdk/.gitignore b/cdk/.gitignore new file mode 100644 index 0000000..37833f8 --- /dev/null +++ b/cdk/.gitignore @@ -0,0 +1,10 @@ +*.swp +package-lock.json +__pycache__ +.pytest_cache +.venv +*.egg-info + +# CDK asset staging directory +.cdk.staging +cdk.out diff --git a/cdk/README.md b/cdk/README.md new file mode 100644 index 0000000..9d6acf6 --- /dev/null +++ b/cdk/README.md @@ -0,0 +1,12 @@ + +# Science Fair CDK app + +# Setup + +1. Install [nvm](https://github.com/nvm-sh/nvm) +2. `npm install -g aws-cdk` + +# Deploy + +`cdk bootstrap` +`cdk deploy --all` diff --git a/cdk/app.py b/cdk/app.py new file mode 100644 index 0000000..450a55b --- /dev/null +++ b/cdk/app.py @@ -0,0 +1,19 @@ +#!/usr/bin/env python3 +import os +import aws_cdk as cdk +from sfec2.sci_stack import SciInstancesStack +from sfec2.sci_stack import VpcBasisStack + +app = cdk.App() + +cdkEnv = cdk.Environment(account=os.getenv('CDK_DEFAULT_ACCOUNT'), + region="us-east-2") + +vpcStack = VpcBasisStack(app, "basis", env=cdkEnv ) + +deployList = [ "a", "b", "c" ] + +for thing in deployList: + SciInstancesStack(vpcStack, f"i-{thing}-s", thing=thing, env=cdkEnv ) + +app.synth() diff --git a/cdk/cdk.context.json b/cdk/cdk.context.json new file mode 100644 index 0000000..ff09882 --- /dev/null +++ b/cdk/cdk.context.json @@ -0,0 +1,7 @@ +{ + "availability-zones:account=096320175891:region=us-east-2": [ + "us-east-2a", + "us-east-2b", + "us-east-2c" + ] +} diff --git a/cdk/cdk.json b/cdk/cdk.json new file mode 100644 index 0000000..30411dd --- /dev/null +++ b/cdk/cdk.json @@ -0,0 +1,38 @@ +{ + "app": "python3 app.py", + "watch": { + "include": [ + "**" + ], + "exclude": [ + "README.md", + "cdk*.json", + "requirements*.txt", + "source.bat", + "**/__init__.py", + "python/__pycache__", + "tests" + ] + }, + "context": { + "@aws-cdk/aws-lambda:recognizeLayerVersion": true, + "@aws-cdk/core:checkSecretUsage": true, + "@aws-cdk/core:target-partitions": [ + "aws", + "aws-cn" + ], + "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true, + "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true, + "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true, + "@aws-cdk/aws-iam:minimizePolicies": true, + "@aws-cdk/core:validateSnapshotRemovalPolicy": true, + "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true, + "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true, + "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true, + "@aws-cdk/aws-apigateway:disableCloudWatchRole": true, + "@aws-cdk/core:enablePartitionLiterals": true, + "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true, + "@aws-cdk/aws-iam:standardizedServicePrincipals": true, + "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true + } +} diff --git a/cdk/requirements.txt b/cdk/requirements.txt new file mode 100644 index 0000000..b9d85ca --- /dev/null +++ b/cdk/requirements.txt @@ -0,0 +1,2 @@ +aws-cdk-lib==2.57.0 +constructs>=10.0.0,<11.0.0 diff --git a/cdk/sfec2/__init__.py b/cdk/sfec2/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/cdk/sfec2/sci_stack.py b/cdk/sfec2/sci_stack.py new file mode 100644 index 0000000..883f7a6 --- /dev/null +++ b/cdk/sfec2/sci_stack.py @@ -0,0 +1,53 @@ +import os +import aws_cdk as cdk +import aws_cdk.aws_ec2 as ec2 +import aws_cdk.aws_iam as iam +from constructs import Construct + +class SciInstancesStack(cdk.Stack): + + def __init__(self, vpcStack: Construct, construct_id: + str, thing: str, env: cdk.Environment, **kwargs) -> None: + super().__init__(vpcStack, construct_id, env=env, **kwargs) + + thisVpc = vpcStack.vpc + ec2instance = ec2.Instance(self, f"i-{thing}", + vpc=vpcStack.vpc, + instance_type=ec2.InstanceType("t2.nano"), + machine_image=ec2.AmazonLinuxImage(), + block_devices=[ec2.BlockDevice( + device_name="/dev/sda1", + volume=ec2.BlockDeviceVolume.ebs(50), + ) + ], + security_group = vpcStack.SciSG, + ) + +class VpcBasisStack(cdk.Stack): + + def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: + super().__init__(scope, construct_id, **kwargs) + + self.vpc = ec2.Vpc(self, 'out-vpc', + cidr = "172.17.0.0/18", + max_azs = 3, + subnet_configuration=[ + ec2.SubnetConfiguration( + name = 'pub', + subnet_type = ec2.SubnetType.PUBLIC, + cidr_mask = 26 + ), + ec2.SubnetConfiguration( + name = 'pri', + subnet_type = ec2.SubnetType.PRIVATE_WITH_NAT, + cidr_mask = 20 + ) + ], + nat_gateways = 3 + ) + + # Create standard Security Group for all EC2 instances + self.SciSG = ec2.SecurityGroup(self, 'Sci-sg', vpc=self.vpc, + allow_all_outbound=True, security_group_name='Sci-sg' ); + +app = cdk.App()