-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
5247482
commit 8a5f392
Showing
19 changed files
with
99,175 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| { | ||
| "app": "go mod download && go run create_aurora_cdk.go", | ||
| "watch": { | ||
| "include": [ | ||
| "**" | ||
| ], | ||
| "exclude": [ | ||
| "README.md", | ||
| "cdk*.json", | ||
| "go.mod", | ||
| "go.sum", | ||
| "**/*test.go" | ||
| ] | ||
| }, | ||
| "context": { | ||
| "@aws-cdk/aws-lambda:recognizeLayerVersion": true, | ||
| "@aws-cdk/core:checkSecretUsage": true, | ||
| "@aws-cdk/core:target-partitions": [ | ||
| "aws", | ||
| "aws-cn" | ||
| ], | ||
| "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true, | ||
| "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true, | ||
| "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true, | ||
| "@aws-cdk/aws-iam:minimizePolicies": true, | ||
| "@aws-cdk/core:validateSnapshotRemovalPolicy": true, | ||
| "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true, | ||
| "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true, | ||
| "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true, | ||
| "@aws-cdk/aws-apigateway:disableCloudWatchRole": true, | ||
| "@aws-cdk/core:enablePartitionLiterals": true, | ||
| "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true, | ||
| "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true, | ||
| "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true, | ||
| "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true, | ||
| "@aws-cdk/aws-route53-patters:useCertificate": true, | ||
| "@aws-cdk/customresources:installLatestAwsSdkDefault": false, | ||
| "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true, | ||
| "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true, | ||
| "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true, | ||
| "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true, | ||
| "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true, | ||
| "@aws-cdk/aws-redshift:columnId": true, | ||
| "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true, | ||
| "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true, | ||
| "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true, | ||
| "@aws-cdk/aws-kms:aliasNameRef": true, | ||
| "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true, | ||
| "@aws-cdk/core:includePrefixInUniqueNameGeneration": true, | ||
| "@aws-cdk/aws-efs:denyAnonymousAccess": true, | ||
| "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true, | ||
| "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true, | ||
| "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true, | ||
| "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true, | ||
| "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true, | ||
| "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true, | ||
| "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true, | ||
| "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true, | ||
| "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true, | ||
| "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true, | ||
| "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true, | ||
| "@aws-cdk/aws-eks:nodegroupNameAttribute": true, | ||
| "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true, | ||
| "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true, | ||
| "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,123 @@ | ||
| package main | ||
|
|
||
| import ( | ||
| "os" | ||
|
|
||
| "github.com/aws/aws-cdk-go/awscdk/v2" | ||
| "github.com/aws/aws-cdk-go/awscdk/v2/awsec2" | ||
| "github.com/aws/aws-cdk-go/awscdk/v2/awsrds" | ||
|
|
||
| // "github.com/aws/aws-cdk-go/awscdk/v2/awssqs" | ||
| "github.com/aws/constructs-go/constructs/v10" | ||
| "github.com/aws/jsii-runtime-go" | ||
| ) | ||
|
|
||
| type CreateAuroraCdkStackProps struct { | ||
| awscdk.StackProps | ||
| } | ||
|
|
||
| func getPrivateIsolatedSubnets(vpc awsec2.IVpc) []awsec2.ISubnet { | ||
| var privateIsolatedSubnets []awsec2.ISubnet | ||
| for _, subnet := range *vpc.PrivateSubnets() { | ||
| if subnet.AvailabilityZone() != nil && subnet.Ipv4CidrBlock() != nil { | ||
| privateIsolatedSubnets = append(privateIsolatedSubnets, subnet) | ||
| } | ||
| } | ||
| return privateIsolatedSubnets | ||
| } | ||
|
|
||
| func NewCreateAuroraCdkStack(scope constructs.Construct, id string, props *CreateAuroraCdkStackProps) awscdk.Stack { | ||
| var sprops awscdk.StackProps | ||
| if props != nil { | ||
| sprops = props.StackProps | ||
| } | ||
| stack := awscdk.NewStack(scope, &id, &sprops) | ||
|
|
||
| vpcID := os.Getenv("VPC_ID") | ||
| if vpcID == "" { | ||
| panic("VPC_ID environment variable is not set") | ||
| } | ||
|
|
||
| //get prexisting VPC | ||
| vpc := awsec2.Vpc_FromLookup(stack, jsii.String("VPC"), &awsec2.VpcLookupOptions{ | ||
| VpcId: jsii.String(vpcID), | ||
| }) | ||
|
|
||
| clusterSg := awsec2.NewSecurityGroup(stack, jsii.String("AuroraClusterSecurityGroup"), &awsec2.SecurityGroupProps{ | ||
| Vpc: vpc, | ||
| Description: jsii.String("Security group for Aurora PostgreSQL cluster"), | ||
| AllowAllOutbound: jsii.Bool(true), | ||
| }) | ||
| // Allow any IPv4 & any port. Fine for now, but bad for production | ||
| clusterSg.AddIngressRule( | ||
| awsec2.Peer_AnyIpv4(), | ||
| awsec2.Port_TcpRange(jsii.Number(0), jsii.Number(65535)), | ||
| jsii.String("Allow PostgreSQL traffic"), | ||
| jsii.Bool(true), | ||
| ) | ||
|
|
||
| privateIsolatedSubnets := getPrivateIsolatedSubnets(vpc) | ||
|
|
||
| cluster := awsrds.NewDatabaseCluster(stack, jsii.String("AuroraClusterV2"), &awsrds.DatabaseClusterProps{ | ||
| Engine: awsrds.DatabaseClusterEngine_AuroraPostgres(&awsrds.AuroraPostgresClusterEngineProps{ | ||
| Version: awsrds.AuroraPostgresEngineVersion_VER_16_1(), | ||
| }), | ||
| ClusterIdentifier: jsii.String("AuroraDBCluster2"), | ||
| Writer: awsrds.ClusterInstance_ServerlessV2(jsii.String("writer"), &awsrds.ServerlessV2ClusterInstanceProps{ | ||
| PubliclyAccessible: jsii.Bool(false), | ||
| }), | ||
| DefaultDatabaseName: jsii.String("DefaultDatabase"), | ||
| ServerlessV2MinCapacity: jsii.Number(0.5), | ||
| ServerlessV2MaxCapacity: jsii.Number(5), | ||
| RemovalPolicy: awscdk.RemovalPolicy_DESTROY, | ||
| Vpc: vpc, | ||
| EnableDataApi: jsii.Bool(true), // only used to create the table | ||
| VpcSubnets: &awsec2.SubnetSelection{ | ||
| Subnets: &privateIsolatedSubnets, | ||
| }, | ||
| SecurityGroups: &[]awsec2.ISecurityGroup{clusterSg}, | ||
| }) | ||
|
|
||
| awscdk.NewCfnOutput(stack, jsii.String("RdsSecretArn"), &awscdk.CfnOutputProps{ | ||
| Value: cluster.Secret().SecretArn(), | ||
| }) | ||
| awscdk.NewCfnOutput(stack, jsii.String("RdsDatabaseName"), &awscdk.CfnOutputProps{ | ||
| Value: cluster.NewCfnProps().DatabaseName, | ||
| }) | ||
| awscdk.NewCfnOutput(stack, jsii.String("RdsSecret"), &awscdk.CfnOutputProps{ | ||
| Value: cluster.Secret().SecretName(), | ||
| }) | ||
|
|
||
| return stack | ||
| } | ||
|
|
||
| func main() { | ||
| defer jsii.Close() | ||
|
|
||
| app := awscdk.NewApp(nil) | ||
|
|
||
| NewCreateAuroraCdkStack(app, "CreateAuroraCdkStack", &CreateAuroraCdkStackProps{ | ||
| awscdk.StackProps{ | ||
| Env: env(), | ||
| }, | ||
| }) | ||
|
|
||
| app.Synth(nil) | ||
| } | ||
|
|
||
| // env determines the AWS environment (account+region) in which our stack is to | ||
| // be deployed. For more information see: https://docs.aws.amazon.com/cdk/latest/guide/environments.html | ||
| func env() *awscdk.Environment { | ||
|
|
||
| awsRegion := os.Getenv("AWS_REGION") | ||
| awsAccountId := os.Getenv("AWS_ACCOUNT_ID") | ||
|
|
||
| if awsRegion == "" || awsAccountId == "" { | ||
| panic("AWS_REGION and AWS_ACCOUNT_ID env are not set") | ||
| } | ||
|
|
||
| return &awscdk.Environment{ | ||
| Account: jsii.String(awsAccountId), | ||
| Region: jsii.String(awsRegion), | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| module create_aurora_cdk | ||
|
|
||
| go 1.18 | ||
|
|
||
| require ( | ||
| github.com/aws/aws-cdk-go/awscdk v1.204.0-devpreview | ||
| github.com/aws/aws-cdk-go/awscdk/v2 v2.152.0 | ||
| github.com/aws/constructs-go/constructs/v10 v10.3.0 | ||
| github.com/aws/jsii-runtime-go v1.101.0 | ||
| ) | ||
|
|
||
| require ( | ||
| github.com/Masterminds/semver/v3 v3.2.1 // indirect | ||
| github.com/aws/constructs-go/constructs/v3 v3.4.232 // indirect | ||
| github.com/cdklabs/awscdk-asset-awscli-go/awscliv1/v2 v2.2.202 // indirect | ||
| github.com/cdklabs/awscdk-asset-kubectl-go/kubectlv20/v2 v2.1.2 // indirect | ||
| github.com/cdklabs/awscdk-asset-node-proxy-agent-go/nodeproxyagentv6/v2 v2.0.3 // indirect | ||
| github.com/fatih/color v1.17.0 // indirect | ||
| github.com/mattn/go-colorable v0.1.13 // indirect | ||
| github.com/mattn/go-isatty v0.0.20 // indirect | ||
| github.com/yuin/goldmark v1.4.13 // indirect | ||
| golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect | ||
| golang.org/x/mod v0.18.0 // indirect | ||
| golang.org/x/sys v0.21.0 // indirect | ||
| golang.org/x/tools v0.22.0 // indirect | ||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= | ||
| github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= | ||
| github.com/aws/aws-cdk-go/awscdk v1.204.0-devpreview h1:t3TI4mtmRQlUF5OceL3zhhTlz1RtFMMbsWQ1oMrAsWg= | ||
| github.com/aws/aws-cdk-go/awscdk v1.204.0-devpreview/go.mod h1:ZAyiU+hVHfDS6Vvxf1ljmwawmA5Ri6FUay6M04+93pk= | ||
| github.com/aws/aws-cdk-go/awscdk/v2 v2.152.0 h1:3+7xsas2ZreSwf0zVzJhoTrl6DXTCFMvGGLcGWqHz0w= | ||
| github.com/aws/aws-cdk-go/awscdk/v2 v2.152.0/go.mod h1:lpJq6B2AsZbjSvlJbLmCwjKwuT7voQc3xmFjEbJOTdA= | ||
| github.com/aws/constructs-go/constructs/v10 v10.3.0 h1:LsjBIMiaDX/vqrXWhzTquBJ9pPdi02/H+z1DCwg0PEM= | ||
| github.com/aws/constructs-go/constructs/v10 v10.3.0/go.mod h1:GgzwIwoRJ2UYsr3SU+JhAl+gq5j39bEMYf8ev3J+s9s= | ||
| github.com/aws/constructs-go/constructs/v3 v3.4.232 h1:YLw1wSu8/qqmacsZWPXI+qFNu4ml2YZwtRZHL2gaB8M= | ||
| github.com/aws/constructs-go/constructs/v3 v3.4.232/go.mod h1:ejR5Hd2llgfqo68taM7H/hnri4hrHObbsqbT6YySLMI= | ||
| github.com/aws/jsii-runtime-go v1.101.0 h1:x4rWNWRz7uDhVN0qSO7T6cG0VAhQ9300s5DjWUrXmWY= | ||
| github.com/aws/jsii-runtime-go v1.101.0/go.mod h1:4L4Qmve/HSwM5hXV5ZowR2gBNb9zqkUtycaaN6aZ3mg= | ||
| github.com/cdklabs/awscdk-asset-awscli-go/awscliv1/v2 v2.2.202 h1:VixXB9DnHN8oP7pXipq8GVFPjWCOdeNxIaS/ZyUwTkI= | ||
| github.com/cdklabs/awscdk-asset-awscli-go/awscliv1/v2 v2.2.202/go.mod h1:iPUti/SWjA3XAS3CpnLciFjS8TN9Y+8mdZgDfSgcyus= | ||
| github.com/cdklabs/awscdk-asset-kubectl-go/kubectlv20/v2 v2.1.2 h1:k+WD+6cERd59Mao84v0QtRrcdZuuSMfzlEmuIypKnVs= | ||
| github.com/cdklabs/awscdk-asset-kubectl-go/kubectlv20/v2 v2.1.2/go.mod h1:CvFHBo0qcg8LUkJqIxQtP1rD/sNGv9bX3L2vHT2FUAo= | ||
| github.com/cdklabs/awscdk-asset-node-proxy-agent-go/nodeproxyagentv6/v2 v2.0.3 h1:8NLWOIVaxAtpUXv5reojlAeDP7R8yswm9mDONf7F/3o= | ||
| github.com/cdklabs/awscdk-asset-node-proxy-agent-go/nodeproxyagentv6/v2 v2.0.3/go.mod h1:ZjFqfhYpCLzh4z7ChcHCrkXfqCuEiRlNApDfJd6plts= | ||
| github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= | ||
| github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= | ||
| github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= | ||
| github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= | ||
| github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= | ||
| github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= | ||
| github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= | ||
| github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= | ||
| github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= | ||
| github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= | ||
| github.com/yuin/goldmark v1.4.13 h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE= | ||
| github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= | ||
| golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= | ||
| golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= | ||
| golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= | ||
| golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= | ||
| golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= | ||
| golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= | ||
| golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= | ||
| golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= | ||
| golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= | ||
| golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | ||
| golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= | ||
| golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= | ||
| golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | ||
| golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= | ||
| golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= | ||
| golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= | ||
| golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= | ||
| golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= | ||
| golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= | ||
| golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= | ||
| golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= | ||
| golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= | ||
| gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= |
Oops, something went wrong.