-
Notifications
You must be signed in to change notification settings - Fork 0
/
cdk.ts
120 lines (105 loc) · 3.83 KB
/
cdk.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
import * as cdk from '@aws-cdk/core';
import * as ec2 from '@aws-cdk/aws-ec2';
import * as rds from '@aws-cdk/aws-rds';
import * as lambda from '@aws-cdk/aws-lambda';
import * as apigateway from '@aws-cdk/aws-apigateway';
import * as wafv2 from '@aws-cdk/aws-wafv2';
import * as s3 from '@aws-cdk/aws-s3';
import * as cognito from '@aws-cdk/aws-cognito';
import * as route53 from '@aws-cdk/aws-route53';
import * as targets from '@aws-cdk/aws-route53-targets';
export class MyStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// VPC y subredes
const vpc = new ec2.Vpc(this, 'MyVPC', {
cidr: '10.0.0.0/16'
});
const subnetA = new ec2.Subnet(this, 'SubnetA', {
vpcId: vpc.vpcId,
cidrBlock: '10.0.1.0/24',
availabilityZone: 'us-east-1a'
});
const subnetB = new ec2.Subnet(this, 'SubnetB', {
vpcId: vpc.vpcId,
cidrBlock: '10.0.2.0/24',
availabilityZone: 'us-east-1b'
});
// RDS
const myDBSecurityGroup = new ec2.SecurityGroup(this, 'MyDBSecurityGroup', {
vpc,
description: 'RDS security group',
allowAllOutbound: true
});
myDBSecurityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(3306));
const myDBSubnetGroup = new rds.SubnetGroup(this, 'MyDBSubnetGroup', {
description: 'Subnet group for RDS',
vpc,
vpcSubnets: {
subnets: [subnetA, subnetB]
}
});
const dbInstance = new rds.DatabaseInstance(this, 'MyDBInstance', {
engine: rds.DatabaseInstanceEngine.mysql({ version: rds.MysqlEngineVersion.VER_8_0_19 }),
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.MICRO),
masterUsername: 'admin',
masterUserPassword: cdk.SecretValue.plainText('password'),
vpc,
securityGroups: [myDBSecurityGroup],
subnetGroup: myDBSubnetGroup,
allocatedStorage: 5
});
// Lambda
const myLambdaFunction = new lambda.Function(this, 'MyLambdaFunction', {
runtime: lambda.Runtime.NODEJS_14_X,
handler: 'index.handler',
code: lambda.Code.fromBucket(s3.Bucket.fromBucketName(this, 'LambdaCodeBucket', 'test-lambda-bucket-488266856645'), 'index.zip'),
role: lambda.Role.fromRoleArn(this, 'LambdaExecutionRole', 'arn:aws:iam::488266856645:role/LambdaExecutionRole'),
functionName: 'MyLambdaFunctionName',
memorySize: 256,
timeout: cdk.Duration.seconds(10)
});
// API Gateway
const myApi = new apigateway.RestApi(this, 'MyApi', {
restApiName: 'MyAPI',
description: 'My API',
failOnWarnings: true
});
// WAF
const myWebACL = new wafv2.CfnWebACL(this, 'MyWebACL', {
defaultAction: { allow: {} },
scope: 'REGIONAL',
visibilityConfig: {
sampledRequestsEnabled: true,
cloudWatchMetricsEnabled: true,
metricName: 'myWebAclMetric'
},
name: 'myWebAcl',
description: 'My WAF WebACL'
});
// S3 Bucket for frontend
const frontendBucket = new s3.Bucket(this, 'FrontendBucket', {
bucketName: 'kingkold.tech',
websiteIndexDocument: 'index.html',
websiteErrorDocument: 'error.html',
publicReadAccess: true
});
// Cognito User Pool
const userPool = new cognito.UserPool(this, 'UserPool', {
userPoolName: 'MyUserPool'
});
const userPoolClient = new cognito.UserPoolClient(this, 'UserPoolClient', {
userPool,
clientName: 'MyUserPoolClient'
});
// Route 53
const myHostedZone = new route53.HostedZone(this, 'MyHostedZone', {
zoneName: 'kingkold.tech'
});
const frontendRecordSet = new route53.ARecord(this, 'FrontendRecordSet', {
zone: myHostedZone,
target: route53.RecordTarget.fromAlias(new targets.BucketWebsiteTarget(frontendBucket)),
recordName: 'kingkold.tech'
});
}
}