diff --git a/Makefile b/Makefile index d514fb5..e8875fa 100644 --- a/Makefile +++ b/Makefile @@ -1,16 +1,35 @@ ## ad hoc base cdk commands ad-hoc-base-synth: - cdk synth --app='lib/examples/ad-hoc/base/index.js' -e TestAdHocBaseStack + cdk synth --app='lib/examples/ad-hoc/base/index.js' -e ExampleAdHocBaseStack ad-hoc-base-diff: - cdk diff --app='./lib/examples/ad-hoc/base/index.js' -e TestAdHocBaseStack + cdk diff --app='./lib/examples/ad-hoc/base/index.js' -e ExampleAdHocBaseStack ad-hoc-base-deploy: - cdk deploy --app='./lib/examples/ad-hoc/base/index.js' --require-approval never -e TestAdHocBaseStack + cdk deploy --app='./lib/examples/ad-hoc/base/index.js' -e ExampleAdHocBaseStack + +ad-hoc-base-deploy-approve: + cdk deploy --app='./lib/examples/ad-hoc/base/index.js' --require-approval never -e ExampleAdHocBaseStack ad-hoc-base-destroy: - cdk destroy --app='./lib/examples/ad-hoc/base/index.js' --require-approval never TestAdHocBaseStack + cdk destroy --app='./lib/examples/ad-hoc/base/index.js' --require-approval never -e ExampleAdHocBaseStack ## ad hoc app cdk commands ad-hoc-app-synth: - cdk synth --app='./lib/examples/ad-hoc/app/index.js' TestAdHocAppStack + cdk synth --app='./lib/examples/ad-hoc/base/index.js' -e ExampleAdHocAppStack + +ad-hoc-app-diff: + cdk diff --app='./lib/examples/ad-hoc/base/index.js' -e ExampleAdHocAppStack + +ad-hoc-app-deploy: + cdk deploy --app='./lib/examples/ad-hoc/base/index.js' -e ExampleAdHocAppStack + +ad-hoc-app-delete-services: + export AWS_PAGER='' + aws ecs delete-service --cluster alpha-cluster --service alpha-web-ui --force + aws ecs delete-service --cluster alpha-cluster --service alpha-default-worker --force + aws ecs delete-service --cluster alpha-cluster --service alpha-redis --force + aws ecs delete-service --cluster alpha-cluster --service alpha-gunicorn --force + +ad-hoc-app-destroy: ad-hoc-app-delete-services + cdk destroy --app='./lib/examples/ad-hoc/base/index.js' -e ExampleAdHocAppStack diff --git a/src/constructs/ad-hoc/app/index.ts b/src/constructs/ad-hoc/app/index.ts index 4b580df..c501d37 100644 --- a/src/constructs/ad-hoc/app/index.ts +++ b/src/constructs/ad-hoc/app/index.ts @@ -25,11 +25,6 @@ export interface AdHocAppProps { readonly assetsBucket: Bucket; readonly domainName: string; readonly listener: ApplicationListener; - - // application specific props - readonly backendVersion?: string; - readonly frontendVersion?: string; - readonly djangoSettingsModule?: string; } export class AdHocApp extends Construct { @@ -46,11 +41,11 @@ export class AdHocApp extends Construct { // const highestPriorityRule = new HighestPriorityRule(this, 'HighestPriorityRule', { listener: props.listener }); const backendEcrRepo = Repository.fromRepositoryName(this, 'BackendRepo', 'backend'); - const backendVersion = props.frontendVersion ?? 'latest'; + const backendVersion = 'latest'; const backendImage = new EcrImage(backendEcrRepo, backendVersion); const frontendEcrRepo = Repository.fromRepositoryName(this, 'FrontendRepo', 'frontend'); - const frontendVersion = props.frontendVersion ?? 'latest'; + const frontendVersion = 'latest'; const frontendImage = new EcrImage(frontendEcrRepo, frontendVersion); const cluster = new Cluster(this, 'Cluster', { @@ -61,19 +56,26 @@ export class AdHocApp extends Construct { const serviceDiscoveryNamespace = props.serviceDiscoveryNamespace.namespaceName; + const settingsModule = this.node.tryGetContext('config').settingsModule ?? 'backend.settings.production'; // shared environment variables - const environmentVariables: { [key: string]: string }= { + let environmentVariables: { [key: string]: string } = { S3_BUCKET_NAME: props.assetsBucket.bucketName, REDIS_SERVICE_HOST: `${stackName}-redis.${serviceDiscoveryNamespace}`, POSTGRES_SERVICE_HOST: props.rdsInstance.dbInstanceEndpointAddress, POSTGRES_NAME: `${stackName}-db`, - DJANGO_SETTINGS_MODULE: props.djangoSettingsModule ?? 'backend.settings.production', + DJANGO_SETTINGS_MODULE: settingsModule, FRONTEND_URL: `https://${stackName}.${props.domainName}`, DOMAIN_NAME: props.domainName, // TODO: read this from ad hoc base stack DB_SECRET_NAME: 'DB_SECRET_NAME', }; + const extraEnvVars = this.node.tryGetContext('config').extraEnvVars; + + if (extraEnvVars) { + environmentVariables = { ...extraEnvVars, ...environmentVariables }; + } + // define ecsTaskRole and taskExecutionRole for ECS const ecsRoles = new EcsRoles(scope, 'EcsRoles'); @@ -109,12 +111,10 @@ export class AdHocApp extends Construct { image: backendImage, listener: props.listener, command: ['gunicorn', '-t', '1000', '-b', '0.0.0.0:8000', '--log-level', 'info', 'backend.wsgi'], - containerName: 'api', - family: 'api', + name: 'gunicorn', port: 8000, domainName: props.domainName, pathPatterns: ['/api/*', '/admin/*', '/mtv/*', '/graphql/*'], - hostHeaders: ['*'], priority: 2, //highestPriorityRule.priority + 1, healthCheckPath: '/api/health-check/', }); @@ -131,12 +131,10 @@ export class AdHocApp extends Construct { image: frontendImage, listener: props.listener, command: ['nginx', '-g', 'daemon off;'], - containerName: 'web-ui', - family: `${stackName}-web-ui`, + name: 'web-ui', port: 80, domainName: props.domainName, pathPatterns: ['/*'], - hostHeaders: ['*'], priority: 3, // highestPriorityRule.priority + 2, healthCheckPath: '/', }); @@ -151,8 +149,7 @@ export class AdHocApp extends Construct { executionRole: ecsRoles.taskExecutionRole, image: backendImage, command: ['celery', '--app=backend.celery_app:app', 'worker', '--loglevel=INFO', '-Q', 'default'], - containerName: 'default-worker', - family: 'default-worker', + name: 'default-worker', }); // scheduler service @@ -167,8 +164,7 @@ export class AdHocApp extends Construct { executionRole: ecsRoles.taskExecutionRole, image: backendImage, command: ['python', 'manage.py', 'pre_update'], - containerName: 'backendUpdate', - family: 'backendUpdate', + name: 'backendUpdate', }); // define stack output use for running the management command diff --git a/src/constructs/ad-hoc/base/index.ts b/src/constructs/ad-hoc/base/index.ts index 26e2c0e..199d66b 100644 --- a/src/constructs/ad-hoc/base/index.ts +++ b/src/constructs/ad-hoc/base/index.ts @@ -31,10 +31,6 @@ export class AdHocBase extends Construct { constructor(scope: Construct, id: string, props: AdHocBaseProps) { super(scope, id); - const foo = this.node.tryGetContext('config').extraEnvVars; - - console.log(foo); - const stackName = Stack.of(this).stackName; this.domainName = props.domainName; @@ -72,7 +68,7 @@ export class AdHocBase extends Construct { const rdsInstance = new RdsInstance(this, 'RdsInstance', { vpc: this.vpc, appSecurityGroup: appSecurityGroup, - dbSecretName: 'DB_SECRET_NAME', + dbSecretName: this.node.tryGetContext('config')?.dbSecretName ?? 'DB_SECRET_NAME', }); this.databaseInstance = rdsInstance.rdsInstance; const { dbInstanceEndpointAddress } = rdsInstance.rdsInstance; @@ -81,6 +77,8 @@ export class AdHocBase extends Construct { appSecurityGroup, vpc: this.vpc, rdsAddress: dbInstanceEndpointAddress, + instanceClass: this.node.tryGetContext('config').instanceClass, + // instanceType: this.node.tryGetContext('config').instanceType, }); } } diff --git a/src/constructs/internal/ecs/management-command/index.ts b/src/constructs/internal/ecs/management-command/index.ts index 1698fa9..91a3836 100644 --- a/src/constructs/internal/ecs/management-command/index.ts +++ b/src/constructs/internal/ecs/management-command/index.ts @@ -23,10 +23,9 @@ export interface ManagementCommandTaskProps { readonly appSecurityGroup: ISecurityGroup; readonly image: ContainerImage; readonly command: string[]; - readonly containerName: string; + readonly name: string; readonly taskRole: Role; readonly executionRole: Role; - readonly family: string; readonly environmentVariables: { [key: string]: string }; }; @@ -43,8 +42,8 @@ export class ManagementCommandTask extends Construct { const stackName = Stack.of(this).stackName; // define log group and logstream - const logGroupName = `/ecs/${stackName}/${props.containerName}/`; - const streamPrefix = props.containerName; + const logGroupName = `/ecs/${stackName}/${props.name}/`; + const streamPrefix = props.name; const logGroup = new LogGroup(this, 'LogGroup', { logGroupName, retention: RetentionDays.ONE_DAY, @@ -53,7 +52,7 @@ export class ManagementCommandTask extends Construct { new LogStream(this, 'LogStream', { logGroup, - logStreamName: props.containerName, + logStreamName: props.name, }); // task definition @@ -61,13 +60,13 @@ export class ManagementCommandTask extends Construct { cpu: props.cpu ?? 256, executionRole: props.executionRole, taskRole: props.taskRole, - family: props.family, + family: props.name, }); - taskDefinition.addContainer(props.containerName, { + taskDefinition.addContainer(props.name, { image: props.image, command: props.command, - containerName: props.containerName, + containerName: props.name, environment: props.environmentVariables, essential: true, logging: LogDriver.awsLogs({ @@ -88,7 +87,7 @@ aws ecs wait tasks-stopped --tasks $TASK_ID --cluster ${props.cluster.clusterArn END_TIME=$(date +%s000) -aws logs get-log-events --log-group-name ${logGroupName} --log-stream-name ${streamPrefix}/${props.containerName}/\${TASK_ID##*/} --start-time $START_TIME --end-time $END_TIME | jq -r '.events[].message' +aws logs get-log-events --log-group-name ${logGroupName} --log-stream-name ${streamPrefix}/${props.name}/\${TASK_ID##*/} --start-time $START_TIME --end-time $END_TIME | jq -r '.events[].message' `; this.executionScript = executionScript; diff --git a/src/constructs/internal/ecs/web/index.ts b/src/constructs/internal/ecs/web/index.ts index 723a70c..04a4cb5 100644 --- a/src/constructs/internal/ecs/web/index.ts +++ b/src/constructs/internal/ecs/web/index.ts @@ -26,6 +26,7 @@ import { Construct } from 'constructs'; export interface WebProps { + readonly name: string; readonly cluster: Cluster; readonly vpc: IVpc; readonly listener: ApplicationListener; @@ -35,14 +36,11 @@ export interface WebProps { readonly image: ContainerImage; readonly command: string[]; readonly useSpot?: boolean; - readonly containerName: string; readonly taskRole: Role; readonly executionRole: Role; - readonly family: string; readonly environmentVariables: { [key: string]: string }; readonly domainName: string; readonly pathPatterns: string[]; - readonly hostHeaders: string[]; readonly port: number; readonly priority: number; readonly healthCheckPath: string; @@ -55,8 +53,8 @@ export class WebService extends Construct { const stackName = Stack.of(this).stackName; // define log group and logstream - const logGroupName = `/ecs/${stackName}/${props.containerName}/`; - const streamPrefix = props.containerName; + const logGroupName = `/ecs/${stackName}/${props.name}/`; + const streamPrefix = props.name; // define log group and logstream const logGroup = new LogGroup(this, 'LogGroup', { @@ -67,7 +65,7 @@ export class WebService extends Construct { new LogStream(this, 'LogStream', { logGroup, - logStreamName: props.containerName, + logStreamName: props.name, }); // task definition @@ -75,13 +73,13 @@ export class WebService extends Construct { cpu: props.cpu ?? 256, executionRole: props.executionRole, taskRole: props.taskRole, - family: props.family, + family: props.name, }); - taskDefinition.addContainer(props.containerName, { + taskDefinition.addContainer(props.name, { image: props.image, command: props.command, - containerName: props.containerName, + containerName: props.name, environment: props.environmentVariables, essential: true, logging: LogDriver.awsLogs({ @@ -113,7 +111,7 @@ export class WebService extends Construct { desiredCount: 1, enableExecuteCommand: true, securityGroups: [props.appSecurityGroup], - serviceName: `${stackName}-${props.containerName}`, + serviceName: `${stackName}-${props.name}`, vpcSubnets: { subnets: props.vpc.privateSubnets, }, diff --git a/src/constructs/internal/ecs/worker/index.ts b/src/constructs/internal/ecs/worker/index.ts index 32b9e5e..04a7604 100644 --- a/src/constructs/internal/ecs/worker/index.ts +++ b/src/constructs/internal/ecs/worker/index.ts @@ -17,6 +17,7 @@ import { Construct } from 'constructs'; export interface WorkerProps { + readonly name: string; readonly cluster: Cluster; readonly vpc: IVpc; readonly cpu?: number; @@ -25,10 +26,8 @@ export interface WorkerProps { readonly image: ContainerImage; readonly command: string[]; readonly useSpot?: boolean; - readonly containerName: string; readonly taskRole: Role; readonly executionRole: Role; - readonly family: string; readonly environmentVariables: { [key: string]: string }; }; @@ -39,8 +38,8 @@ export class WorkerService extends Construct { const stackName = Stack.of(this).stackName; // define log group and logstream - const logGroupName = `/ecs/${stackName}/${props.containerName}/`; - const streamPrefix = props.containerName; + const logGroupName = `/ecs/${stackName}/${props.name}/`; + const streamPrefix = props.name; // define log group and logstream const logGroup = new LogGroup(this, 'LogGroup', { @@ -51,7 +50,7 @@ export class WorkerService extends Construct { new LogStream(this, 'LogStream', { logGroup, - logStreamName: props.containerName, + logStreamName: props.name, }); // task definition @@ -59,13 +58,13 @@ export class WorkerService extends Construct { cpu: props.cpu ?? 256, executionRole: props.executionRole, taskRole: props.taskRole, - family: props.family, + family: props.name, }); - taskDefinition.addContainer(props.containerName, { + taskDefinition.addContainer(props.name, { image: props.image, command: props.command, - containerName: props.containerName, + containerName: props.name, environment: props.environmentVariables, essential: true, logging: LogDriver.awsLogs({ @@ -96,7 +95,7 @@ export class WorkerService extends Construct { desiredCount: 1, enableExecuteCommand: true, securityGroups: [props.appSecurityGroup], - serviceName: `${stackName}-${props.containerName}`, + serviceName: `${stackName}-${props.name}`, vpcSubnets: { subnets: props.vpc.privateSubnets, }, diff --git a/src/constructs/internal/rds/index.ts b/src/constructs/internal/rds/index.ts index 6fcb78c..1bcbcbe 100644 --- a/src/constructs/internal/rds/index.ts +++ b/src/constructs/internal/rds/index.ts @@ -1,6 +1,6 @@ // import { Stack } from 'aws-cdk-lib'; import { Stack } from 'aws-cdk-lib'; -import { InstanceClass, InstanceType, InstanceSize, IVpc, Peer, Port, SecurityGroup, SubnetType } from 'aws-cdk-lib/aws-ec2'; +import { InstanceType, IVpc, Peer, Port, SecurityGroup, SubnetType } from 'aws-cdk-lib/aws-ec2'; import { Credentials, DatabaseInstance, DatabaseInstanceEngine, PostgresEngineVersion } from 'aws-cdk-lib/aws-rds'; import { Secret } from 'aws-cdk-lib/aws-secretsmanager'; import { Construct } from 'constructs'; @@ -10,15 +10,27 @@ interface RdsInstanceProps { readonly vpc: IVpc; readonly appSecurityGroup: SecurityGroup; readonly dbSecretName: string; + readonly instanceClass?: string; + readonly instanceSize?: string; } export class RdsInstance extends Construct { public rdsInstance: DatabaseInstance; + private instanceClass: string; + private instanceSize: string; + + constructor(scope: Construct, id: string, props: RdsInstanceProps) { super(scope, id); const stackName = Stack.of(this).stackName; + // set instance type from props + this.instanceClass = props.instanceClass ?? 't3'; + this.instanceSize = props.instanceSize ?? 'micro'; + const instanceType = new InstanceType(`${this.instanceClass}.${this.instanceSize}`); + + const secret = new Secret(scope, 'dbSecret', { secretName: props.dbSecretName, description: 'secret for rds', @@ -43,7 +55,7 @@ export class RdsInstance extends Construct { vpc: props.vpc, engine: DatabaseInstanceEngine.postgres({ version: PostgresEngineVersion.VER_13_4 }), credentials: Credentials.fromSecret(secret), - instanceType: InstanceType.of(InstanceClass.T3, InstanceSize.MICRO), + instanceType, port: 5432, securityGroups: [rdsSecurityGroup], vpcSubnets: { diff --git a/src/constructs/internal/sg/index.ts b/src/constructs/internal/sg/index.ts index c2141a8..841b518 100644 --- a/src/constructs/internal/sg/index.ts +++ b/src/constructs/internal/sg/index.ts @@ -30,7 +30,6 @@ export class SecurityGroupResources extends Construct { vpc: props.vpc, }); appSecurityGroup.connections.allowFrom(appSecurityGroup, Port.allTcp()); - appSecurityGroup.connections.allowTo(appSecurityGroup, Port.allTcp()); this.appSecurityGroup = appSecurityGroup; diff --git a/src/examples/ad-hoc/app/config/alpha.json b/src/examples/ad-hoc/app/config/alpha.json new file mode 100644 index 0000000..806c714 --- /dev/null +++ b/src/examples/ad-hoc/app/config/alpha.json @@ -0,0 +1,6 @@ +{ + "settingsModule": "backend.settings.aws", + "extraEnvVars": { + "FOO": "BAR" + } +} \ No newline at end of file diff --git a/src/examples/ad-hoc/base/index.ts b/src/examples/ad-hoc/base/index.ts index 5705ee3..2d9cbd3 100644 --- a/src/examples/ad-hoc/base/index.ts +++ b/src/examples/ad-hoc/base/index.ts @@ -6,14 +6,9 @@ import { AdHocBase } from '../../../constructs/ad-hoc/base'; const adHocBaseEnvName = process.env.AD_HOC_BASE_NAME || 'dev'; const adHocAppEnvName = process.env.AD_HOC_APP_NAME || 'alpha'; - -// interface contextInterface { -// foo: string; -// biz: number; -// bar: number[]; -// } -var context = JSON.parse(fs.readFileSync(`src/examples/ad-hoc/base/config/${adHocBaseEnvName}.json`, 'utf8')); - +// TODO: define interfaces for these config and type check them +var adHocBaseEnvConfig = JSON.parse(fs.readFileSync(`src/examples/ad-hoc/base/config/${adHocBaseEnvName}.json`, 'utf8')); +var adHocAppEnvConfig = JSON.parse(fs.readFileSync(`src/examples/ad-hoc/app/config/${adHocAppEnvName}.json`, 'utf8')); // https://docs.aws.amazon.com/cdk/v2/guide/stack_how_to_create_multiple_stacks.html const app = new App(); @@ -23,10 +18,11 @@ const env = { region: process.env.CDK_DEFAULT_REGION, }; -const baseStack = new Stack(app, 'TestAdHocBaseStack', { env, stackName: adHocBaseEnvName }); -baseStack.node.setContext('config', context); +const baseStack = new Stack(app, 'ExampleAdHocBaseStack', { env, stackName: adHocBaseEnvName }); +baseStack.node.setContext('config', adHocBaseEnvConfig); -const appStack = new Stack(app, 'TestAdHocAppStack', { env, stackName: adHocAppEnvName }); +const appStack = new Stack(app, 'ExampleAdHocAppStack', { env, stackName: adHocAppEnvName }); +appStack.node.setContext('config', adHocAppEnvConfig); const certificateArn = process.env.ACM_CERTIFICATE_ARN || 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012'; const domainName = process.env.DOMAIN_NAME || 'example.com'; @@ -43,15 +39,10 @@ const addHocApp = new AdHocApp(appStack, 'AdHocApp', { assetsBucket: adHocBase.assetsBucket, domainName: adHocBase.domainName, listener: adHocBase.listener, - - djangoSettingsModule: process.env.DJANGO_SETTINGS_MODULE || 'backend.settings.production', - backendVersion: process.env.BACKEND_VERSION || 'latest', - frontendVersion: process.env.FRONTEND_VERSION || 'latest', }); /** * Add tagging for this construct and all child constructs */ -Tags.of(adHocBase).add('stack', 'AdHocBaseStack'); - -Tags.of(addHocApp).add('stack', 'AdHocAppStack'); \ No newline at end of file +Tags.of(adHocBase).add('env', adHocBaseEnvName); +Tags.of(addHocApp).add('env', adHocAppEnvName); \ No newline at end of file diff --git a/test.txt b/test.txt deleted file mode 100644 index 1324fdb..0000000 --- a/test.txt +++ /dev/null @@ -1,876 +0,0 @@ -cdk synth --app='lib/examples/ad-hoc/base/index.js' -e TestAdHocBaseStack -{ alpha: '1', beta: '2' } -Resources: - AdHocBaseAlbSecurityGroupFBDF6CD4: - Type: AWS::EC2::SecurityGroup - Properties: - GroupDescription: TestAdHocBaseStack/AdHocBase/AlbSecurityGroup - SecurityGroupEgress: - - CidrIp: 0.0.0.0/0 - Description: Allow all outbound traffic by default - IpProtocol: "-1" - SecurityGroupIngress: - - CidrIp: 0.0.0.0/0 - Description: HTTPS - FromPort: 443 - IpProtocol: tcp - ToPort: 443 - - CidrIp: 0.0.0.0/0 - Description: HTTP - FromPort: 80 - IpProtocol: tcp - ToPort: 80 - Tags: - - Key: stack - Value: AdHocBaseStack - VpcId: - Ref: VpcC3027511 - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/AlbSecurityGroup/Resource - AdHocBaseAppSecurityGroup4C5C61DC: - Type: AWS::EC2::SecurityGroup - Properties: - GroupDescription: TestAdHocBaseStack/AdHocBase/AppSecurityGroup - SecurityGroupEgress: - - CidrIp: 0.0.0.0/0 - Description: Allow all outbound traffic by default - IpProtocol: "-1" - Tags: - - Key: stack - Value: AdHocBaseStack - VpcId: - Ref: VpcC3027511 - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/AppSecurityGroup/Resource - AdHocBaseAppSecurityGroupfromTestAdHocBaseStackAdHocBaseAppSecurityGroup4979D05BALLPORTS8036C3A1: - Type: AWS::EC2::SecurityGroupIngress - Properties: - IpProtocol: tcp - Description: from TestAdHocBaseStackAdHocBaseAppSecurityGroup4979D05B:ALL PORTS - FromPort: 0 - GroupId: - Fn::GetAtt: - - AdHocBaseAppSecurityGroup4C5C61DC - - GroupId - SourceSecurityGroupId: - Fn::GetAtt: - - AdHocBaseAppSecurityGroup4C5C61DC - - GroupId - ToPort: 65535 - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/AppSecurityGroup/from TestAdHocBaseStackAdHocBaseAppSecurityGroup4979D05B:ALL PORTS - AdHocBaseAppSecurityGroupfromTestAdHocBaseStackAdHocBaseAlbSecurityGroup2D3FD034ALLPORTSA66A6E11: - Type: AWS::EC2::SecurityGroupIngress - Properties: - IpProtocol: tcp - Description: ALB - FromPort: 0 - GroupId: - Fn::GetAtt: - - AdHocBaseAppSecurityGroup4C5C61DC - - GroupId - SourceSecurityGroupId: - Fn::GetAtt: - - AdHocBaseAlbSecurityGroupFBDF6CD4 - - GroupId - ToPort: 65535 - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/AppSecurityGroup/from TestAdHocBaseStackAdHocBaseAlbSecurityGroup2D3FD034:ALL PORTS - AdHocBaseAppSecurityGroupfromTestAdHocBaseStackAdHocBaseAlbSecurityGroup2D3FD03480001C2B23DB: - Type: AWS::EC2::SecurityGroupIngress - Properties: - IpProtocol: tcp - Description: Load balancer to target - FromPort: 8000 - GroupId: - Fn::GetAtt: - - AdHocBaseAppSecurityGroup4C5C61DC - - GroupId - SourceSecurityGroupId: - Fn::GetAtt: - - AdHocBaseAlbSecurityGroupFBDF6CD4 - - GroupId - ToPort: 8000 - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/AppSecurityGroup/from TestAdHocBaseStackAdHocBaseAlbSecurityGroup2D3FD034:8000 - AdHocBaseAppSecurityGroupfromTestAdHocBaseStackAdHocBaseAlbSecurityGroup2D3FD034806B5B3801: - Type: AWS::EC2::SecurityGroupIngress - Properties: - IpProtocol: tcp - Description: Load balancer to target - FromPort: 80 - GroupId: - Fn::GetAtt: - - AdHocBaseAppSecurityGroup4C5C61DC - - GroupId - SourceSecurityGroupId: - Fn::GetAtt: - - AdHocBaseAlbSecurityGroupFBDF6CD4 - - GroupId - ToPort: 80 - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/AppSecurityGroup/from TestAdHocBaseStackAdHocBaseAlbSecurityGroup2D3FD034:80 - AdHocBaseAlbResourcesdefaulttargetgroup9E94F880: - Type: AWS::ElasticLoadBalancingV2::TargetGroup - Properties: - HealthCheckIntervalSeconds: 300 - HealthCheckPath: /api/health-check/ - HealthCheckPort: "80" - HealthCheckTimeoutSeconds: 120 - HealthyThresholdCount: 2 - Port: 80 - Protocol: HTTP - Tags: - - Key: stack - Value: AdHocBaseStack - TargetGroupAttributes: - - Key: stickiness.enabled - Value: "true" - - Key: stickiness.type - Value: lb_cookie - - Key: stickiness.lb_cookie.duration_seconds - Value: "300" - TargetType: instance - UnhealthyThresholdCount: 3 - VpcId: - Ref: VpcC3027511 - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/AlbResources/default-target-group/Resource - AdHocBaseAlbResourceshttplistenerDC17C921: - Type: AWS::ElasticLoadBalancingV2::Listener - Properties: - DefaultActions: - - RedirectConfig: - Port: "443" - Protocol: HTTPS - StatusCode: HTTP_302 - Type: redirect - LoadBalancerArn: - Ref: AdHocBaseLoadBalancerBB0B50C8 - Port: 80 - Protocol: HTTP - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/AlbResources/http-listener/Resource - AdHocBaseAlbResourceshttpslistener0881D48F: - Type: AWS::ElasticLoadBalancingV2::Listener - Properties: - DefaultActions: - - FixedResponseConfig: - ContentType: text/plain - MessageBody: Fixed content response - StatusCode: "200" - Type: fixed-response - LoadBalancerArn: - Ref: AdHocBaseLoadBalancerBB0B50C8 - Certificates: - - CertificateArn: arn:aws:acm:us-east-1:733623710918:certificate/948b8c39-99f0-47b7-b347-fa8fa131d0e1 - Port: 443 - Protocol: HTTPS - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/AlbResources/https-listener/Resource - AdHocBaseLoadBalancerBB0B50C8: - Type: AWS::ElasticLoadBalancingV2::LoadBalancer - Properties: - LoadBalancerAttributes: - - Key: deletion_protection.enabled - Value: "false" - Scheme: internet-facing - SecurityGroups: - - Fn::GetAtt: - - AdHocBaseAlbSecurityGroupFBDF6CD4 - - GroupId - Subnets: - - Ref: VpcingressSubnet1Subnet556A1F96 - - Ref: VpcingressSubnet2Subnet3CAAAA0B - Tags: - - Key: stack - Value: AdHocBaseStack - Type: application - DependsOn: - - VpcingressSubnet1DefaultRoute89ED95C8 - - VpcingressSubnet1RouteTableAssociationB6BAE862 - - VpcingressSubnet2DefaultRouteA7D45F1A - - VpcingressSubnet2RouteTableAssociation19E43D13 - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/LoadBalancer/Resource - AdHocBaseServiceDiscoveryNamespace86737BAB: - Type: AWS::ServiceDiscovery::PrivateDnsNamespace - Properties: - Name: dev-sd-ns - Vpc: - Ref: VpcC3027511 - Tags: - - Key: stack - Value: AdHocBaseStack - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/ServiceDiscoveryNamespace/Resource - AdHocBaseServiceDiscoveryNamespaceServiceEB345BEC: - Type: AWS::ServiceDiscovery::Service - Properties: - DnsConfig: - DnsRecords: - - TTL: 30 - Type: A - NamespaceId: - Fn::GetAtt: - - AdHocBaseServiceDiscoveryNamespace86737BAB - - Id - RoutingPolicy: MULTIVALUE - Name: alpha-redis - NamespaceId: - Fn::GetAtt: - - AdHocBaseServiceDiscoveryNamespace86737BAB - - Id - Tags: - - Key: stack - Value: AdHocBaseStack - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/ServiceDiscoveryNamespace/Service/Resource - AdHocBaseRdsInstanceRdsSecurityGroupC62EF8A4: - Type: AWS::EC2::SecurityGroup - Properties: - GroupDescription: TestAdHocBaseStack/AdHocBase/RdsInstance/RdsSecurityGroup - GroupName: devRdsSecurityGroup - SecurityGroupEgress: - - CidrIp: 0.0.0.0/0 - Description: Allow all outbound traffic by default - IpProtocol: "-1" - SecurityGroupIngress: - - CidrIp: 0.0.0.0/0 - Description: RDS - FromPort: 5432 - IpProtocol: tcp - ToPort: 5432 - Tags: - - Key: stack - Value: AdHocBaseStack - VpcId: - Ref: VpcC3027511 - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/RdsInstance/RdsSecurityGroup/Resource - AdHocBaseRdsInstanceRdsSecurityGroupfromTestAdHocBaseStackAdHocBaseAppSecurityGroup4979D05B543204BC410F: - Type: AWS::EC2::SecurityGroupIngress - Properties: - IpProtocol: tcp - Description: AppSecurityGroup - FromPort: 5432 - GroupId: - Fn::GetAtt: - - AdHocBaseRdsInstanceRdsSecurityGroupC62EF8A4 - - GroupId - SourceSecurityGroupId: - Fn::GetAtt: - - AdHocBaseAppSecurityGroup4C5C61DC - - GroupId - ToPort: 5432 - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/RdsInstance/RdsSecurityGroup/from TestAdHocBaseStackAdHocBaseAppSecurityGroup4979D05B:5432 - AdHocBaseRdsInstanceSubnetGroup6618A74F: - Type: AWS::RDS::DBSubnetGroup - Properties: - DBSubnetGroupDescription: Subnet group for RdsInstance database - SubnetIds: - - Ref: VpcapplicationSubnet1SubnetC8835CB0 - - Ref: VpcapplicationSubnet2SubnetEF05B07F - Tags: - - Key: stack - Value: AdHocBaseStack - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/RdsInstance/RdsInstance/SubnetGroup/Default - AdHocBaseRdsInstance89538199: - Type: AWS::RDS::DBInstance - Properties: - AllocatedStorage: "100" - CopyTagsToSnapshot: true - DBInstanceClass: db.t3.micro - DBInstanceIdentifier: devrdsinstance - DBSubnetGroupName: - Ref: AdHocBaseRdsInstanceSubnetGroup6618A74F - Engine: postgres - EngineVersion: "13.4" - MasterUsername: - Fn::Join: - - "" - - - "{{resolve:secretsmanager:" - - Ref: AdHocBasedbSecretA712D32A - - :SecretString:username::}} - MasterUserPassword: - Fn::Join: - - "" - - - "{{resolve:secretsmanager:" - - Ref: AdHocBasedbSecretA712D32A - - :SecretString:password::}} - Port: "5432" - PubliclyAccessible: false - StorageType: gp2 - Tags: - - Key: stack - Value: AdHocBaseStack - VPCSecurityGroups: - - Fn::GetAtt: - - AdHocBaseRdsInstanceRdsSecurityGroupC62EF8A4 - - GroupId - UpdateReplacePolicy: Snapshot - DeletionPolicy: Snapshot - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/RdsInstance/RdsInstance/Resource - AdHocBasedbSecretA712D32A: - Type: AWS::SecretsManager::Secret - Properties: - Description: secret for rds - GenerateSecretString: - ExcludePunctuation: true - GenerateStringKey: password - IncludeSpace: false - SecretStringTemplate: '{"username":"postgres"}' - Name: DB_SECRET_NAME - Tags: - - Key: stack - Value: AdHocBaseStack - UpdateReplacePolicy: Delete - DeletionPolicy: Delete - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/dbSecret/Resource - AdHocBasedbSecretAttachment9F9E4CE9: - Type: AWS::SecretsManager::SecretTargetAttachment - Properties: - SecretId: - Ref: AdHocBasedbSecretA712D32A - TargetId: - Ref: AdHocBaseRdsInstance89538199 - TargetType: AWS::RDS::DBInstance - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/dbSecret/Attachment/Resource - AdHocBaseBastionHostResourcesBastionHostInstanceRoleA63988C4: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: sts:AssumeRole - Effect: Allow - Principal: - Service: ec2.amazonaws.com - Version: "2012-10-17" - Tags: - - Key: Name - Value: BastionHost - - Key: stack - Value: AdHocBaseStack - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/BastionHostResources/BastionHost/Resource/InstanceRole/Resource - AdHocBaseBastionHostResourcesBastionHostInstanceRoleDefaultPolicyAAA7C61C: - Type: AWS::IAM::Policy - Properties: - PolicyDocument: - Statement: - - Action: - - ssmmessages:* - - ssm:UpdateInstanceInformation - - ec2messages:* - Effect: Allow - Resource: "*" - Version: "2012-10-17" - PolicyName: AdHocBaseBastionHostResourcesBastionHostInstanceRoleDefaultPolicyAAA7C61C - Roles: - - Ref: AdHocBaseBastionHostResourcesBastionHostInstanceRoleA63988C4 - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/BastionHostResources/BastionHost/Resource/InstanceRole/DefaultPolicy/Resource - AdHocBaseBastionHostResourcesBastionHostInstanceProfile15CA1625: - Type: AWS::IAM::InstanceProfile - Properties: - Roles: - - Ref: AdHocBaseBastionHostResourcesBastionHostInstanceRoleA63988C4 - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/BastionHostResources/BastionHost/Resource/InstanceProfile - AdHocBaseBastionHostResourcesBastionHost0BDF523D: - Type: AWS::EC2::Instance - Properties: - AvailabilityZone: us-east-1a - IamInstanceProfile: - Ref: AdHocBaseBastionHostResourcesBastionHostInstanceProfile15CA1625 - ImageId: - Ref: SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter - InstanceType: t3.nano - SecurityGroupIds: - - Fn::GetAtt: - - AdHocBaseAppSecurityGroup4C5C61DC - - GroupId - SubnetId: - Ref: VpcapplicationSubnet1SubnetC8835CB0 - Tags: - - Key: Name - Value: BastionHost - - Key: stack - Value: AdHocBaseStack - UserData: - Fn::Base64: - Fn::Join: - - "" - - - |- - #cloud-config - - package_upgrade: true - packages: - - postgresql - - socat - write_files: - - content: | - # /etc/systemd/system/socat-forwarder.service - [Unit] - Description=socat forwarder service - After=socat-forwarder.service - Requires=socat-forwarder.service - - [Service] - Type=simple - StandardOutput=syslog - StandardError=syslog - SyslogIdentifier=socat-forwarder - - ExecStart=/usr/bin/socat -d -d TCP4-LISTEN:5432,fork TCP4: - - Fn::GetAtt: - - AdHocBaseRdsInstance89538199 - - Endpoint.Address - - | - :5432 - Restart=always - - [Install] - WantedBy=multi-user.target - path: /etc/systemd/system/socat-forwarder.service - - runcmd: - - [ systemctl, daemon-reload ] - - [ systemctl, enable, socat-forwarder.service ] - # https://dustymabe.com/2015/08/03/installingstarting-systemd-services-using-cloud-init/ - - [ systemctl, start, --no-block, socat-forwarder.service ] - DependsOn: - - AdHocBaseBastionHostResourcesBastionHostInstanceRoleDefaultPolicyAAA7C61C - - AdHocBaseBastionHostResourcesBastionHostInstanceRoleA63988C4 - Metadata: - aws:cdk:path: TestAdHocBaseStack/AdHocBase/BastionHostResources/BastionHost/Resource/Resource - VpcC3027511: - Type: AWS::EC2::VPC - Properties: - CidrBlock: 10.0.0.0/16 - EnableDnsHostnames: true - EnableDnsSupport: true - InstanceTenancy: default - Tags: - - Key: Name - Value: dev-vpc - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/Resource - VpcingressSubnet1Subnet556A1F96: - Type: AWS::EC2::Subnet - Properties: - VpcId: - Ref: VpcC3027511 - AvailabilityZone: us-east-1a - CidrBlock: 10.0.0.0/24 - MapPublicIpOnLaunch: true - Tags: - - Key: aws-cdk:subnet-name - Value: ingress - - Key: aws-cdk:subnet-type - Value: Public - - Key: Name - Value: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet1 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet1/Subnet - VpcingressSubnet1RouteTableA12D5868: - Type: AWS::EC2::RouteTable - Properties: - VpcId: - Ref: VpcC3027511 - Tags: - - Key: Name - Value: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet1 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet1/RouteTable - VpcingressSubnet1RouteTableAssociationB6BAE862: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - RouteTableId: - Ref: VpcingressSubnet1RouteTableA12D5868 - SubnetId: - Ref: VpcingressSubnet1Subnet556A1F96 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet1/RouteTableAssociation - VpcingressSubnet1DefaultRoute89ED95C8: - Type: AWS::EC2::Route - Properties: - RouteTableId: - Ref: VpcingressSubnet1RouteTableA12D5868 - DestinationCidrBlock: 0.0.0.0/0 - GatewayId: - Ref: VpcIGW488B0FEB - DependsOn: - - VpcVPCGW42EC8516 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet1/DefaultRoute - VpcingressSubnet1EIPAA060F17: - Type: AWS::EC2::EIP - Properties: - Domain: vpc - Tags: - - Key: Name - Value: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet1 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet1/EIP - VpcingressSubnet1NATGateway3F81BEBE: - Type: AWS::EC2::NatGateway - Properties: - SubnetId: - Ref: VpcingressSubnet1Subnet556A1F96 - AllocationId: - Fn::GetAtt: - - VpcingressSubnet1EIPAA060F17 - - AllocationId - Tags: - - Key: Name - Value: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet1 - DependsOn: - - VpcingressSubnet1DefaultRoute89ED95C8 - - VpcingressSubnet1RouteTableAssociationB6BAE862 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet1/NATGateway - VpcingressSubnet2Subnet3CAAAA0B: - Type: AWS::EC2::Subnet - Properties: - VpcId: - Ref: VpcC3027511 - AvailabilityZone: us-east-1b - CidrBlock: 10.0.1.0/24 - MapPublicIpOnLaunch: true - Tags: - - Key: aws-cdk:subnet-name - Value: ingress - - Key: aws-cdk:subnet-type - Value: Public - - Key: Name - Value: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet2 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet2/Subnet - VpcingressSubnet2RouteTable99284E2B: - Type: AWS::EC2::RouteTable - Properties: - VpcId: - Ref: VpcC3027511 - Tags: - - Key: Name - Value: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet2 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet2/RouteTable - VpcingressSubnet2RouteTableAssociation19E43D13: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - RouteTableId: - Ref: VpcingressSubnet2RouteTable99284E2B - SubnetId: - Ref: VpcingressSubnet2Subnet3CAAAA0B - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet2/RouteTableAssociation - VpcingressSubnet2DefaultRouteA7D45F1A: - Type: AWS::EC2::Route - Properties: - RouteTableId: - Ref: VpcingressSubnet2RouteTable99284E2B - DestinationCidrBlock: 0.0.0.0/0 - GatewayId: - Ref: VpcIGW488B0FEB - DependsOn: - - VpcVPCGW42EC8516 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/ingressSubnet2/DefaultRoute - VpcapplicationSubnet1SubnetC8835CB0: - Type: AWS::EC2::Subnet - Properties: - VpcId: - Ref: VpcC3027511 - AvailabilityZone: us-east-1a - CidrBlock: 10.0.2.0/24 - MapPublicIpOnLaunch: false - Tags: - - Key: aws-cdk:subnet-name - Value: application - - Key: aws-cdk:subnet-type - Value: Private - - Key: Name - Value: TestAdHocBaseStack/Vpc/Vpc/applicationSubnet1 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/applicationSubnet1/Subnet - VpcapplicationSubnet1RouteTable97F01B17: - Type: AWS::EC2::RouteTable - Properties: - VpcId: - Ref: VpcC3027511 - Tags: - - Key: Name - Value: TestAdHocBaseStack/Vpc/Vpc/applicationSubnet1 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/applicationSubnet1/RouteTable - VpcapplicationSubnet1RouteTableAssociationC7CBA21B: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - RouteTableId: - Ref: VpcapplicationSubnet1RouteTable97F01B17 - SubnetId: - Ref: VpcapplicationSubnet1SubnetC8835CB0 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/applicationSubnet1/RouteTableAssociation - VpcapplicationSubnet1DefaultRoute40B46D2E: - Type: AWS::EC2::Route - Properties: - RouteTableId: - Ref: VpcapplicationSubnet1RouteTable97F01B17 - DestinationCidrBlock: 0.0.0.0/0 - NatGatewayId: - Ref: VpcingressSubnet1NATGateway3F81BEBE - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/applicationSubnet1/DefaultRoute - VpcapplicationSubnet2SubnetEF05B07F: - Type: AWS::EC2::Subnet - Properties: - VpcId: - Ref: VpcC3027511 - AvailabilityZone: us-east-1b - CidrBlock: 10.0.3.0/24 - MapPublicIpOnLaunch: false - Tags: - - Key: aws-cdk:subnet-name - Value: application - - Key: aws-cdk:subnet-type - Value: Private - - Key: Name - Value: TestAdHocBaseStack/Vpc/Vpc/applicationSubnet2 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/applicationSubnet2/Subnet - VpcapplicationSubnet2RouteTable4AF03023: - Type: AWS::EC2::RouteTable - Properties: - VpcId: - Ref: VpcC3027511 - Tags: - - Key: Name - Value: TestAdHocBaseStack/Vpc/Vpc/applicationSubnet2 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/applicationSubnet2/RouteTable - VpcapplicationSubnet2RouteTableAssociationB436DB82: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - RouteTableId: - Ref: VpcapplicationSubnet2RouteTable4AF03023 - SubnetId: - Ref: VpcapplicationSubnet2SubnetEF05B07F - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/applicationSubnet2/RouteTableAssociation - VpcapplicationSubnet2DefaultRoute72C531CC: - Type: AWS::EC2::Route - Properties: - RouteTableId: - Ref: VpcapplicationSubnet2RouteTable4AF03023 - DestinationCidrBlock: 0.0.0.0/0 - NatGatewayId: - Ref: VpcingressSubnet1NATGateway3F81BEBE - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/applicationSubnet2/DefaultRoute - VpcIGW488B0FEB: - Type: AWS::EC2::InternetGateway - Properties: - Tags: - - Key: Name - Value: dev-vpc - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/IGW - VpcVPCGW42EC8516: - Type: AWS::EC2::VPCGatewayAttachment - Properties: - VpcId: - Ref: VpcC3027511 - InternetGatewayId: - Ref: VpcIGW488B0FEB - Metadata: - aws:cdk:path: TestAdHocBaseStack/Vpc/Vpc/VPCGW - AssetsBucket5CB76180: - Type: AWS::S3::Bucket - Properties: - BucketName: jamescaffey-com-dev-assets-bucket - Tags: - - Key: aws-cdk:auto-delete-objects - Value: "true" - UpdateReplacePolicy: Delete - DeletionPolicy: Delete - Metadata: - aws:cdk:path: TestAdHocBaseStack/AssetsBucket/Resource - AssetsBucketPolicyFFACF6C4: - Type: AWS::S3::BucketPolicy - Properties: - Bucket: - Ref: AssetsBucket5CB76180 - PolicyDocument: - Statement: - - Action: - - s3:GetBucket* - - s3:List* - - s3:DeleteObject* - Effect: Allow - Principal: - AWS: - Fn::GetAtt: - - CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092 - - Arn - Resource: - - Fn::GetAtt: - - AssetsBucket5CB76180 - - Arn - - Fn::Join: - - "" - - - Fn::GetAtt: - - AssetsBucket5CB76180 - - Arn - - /* - Version: "2012-10-17" - Metadata: - aws:cdk:path: TestAdHocBaseStack/AssetsBucket/Policy/Resource - AssetsBucketAutoDeleteObjectsCustomResource51BA1286: - Type: Custom::S3AutoDeleteObjects - Properties: - ServiceToken: - Fn::GetAtt: - - CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F - - Arn - BucketName: - Ref: AssetsBucket5CB76180 - DependsOn: - - AssetsBucketPolicyFFACF6C4 - UpdateReplacePolicy: Delete - DeletionPolicy: Delete - Metadata: - aws:cdk:path: TestAdHocBaseStack/AssetsBucket/AutoDeleteObjectsCustomResource/Default - CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Version: "2012-10-17" - Statement: - - Action: sts:AssumeRole - Effect: Allow - Principal: - Service: lambda.amazonaws.com - ManagedPolicyArns: - - Fn::Sub: arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - Metadata: - aws:cdk:path: TestAdHocBaseStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role - CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F: - Type: AWS::Lambda::Function - Properties: - Code: - S3Bucket: cdk-hnb659fds-assets-733623710918-us-east-1 - S3Key: 6babbac1f25446ab4660ead0ad5972e3a7742f50c6d8326af98a8bcd5d485335.zip - Timeout: 900 - MemorySize: 128 - Handler: __entrypoint__.handler - Role: - Fn::GetAtt: - - CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092 - - Arn - Runtime: nodejs14.x - Description: - Fn::Join: - - "" - - - "Lambda function for auto-deleting objects in " - - Ref: AssetsBucket5CB76180 - - " S3 bucket." - DependsOn: - - CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092 - Metadata: - aws:cdk:path: TestAdHocBaseStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler - aws:asset:path: asset.6babbac1f25446ab4660ead0ad5972e3a7742f50c6d8326af98a8bcd5d485335 - aws:asset:property: Code - CDKMetadata: - Type: AWS::CDK::Metadata - Properties: - Analytics: v2:deflate64:H4sIAAAAAAAA/31TwW7bMAz9lt0VdW2HFjsmzdAFKFojKXodaJl11diSIVLuAsP/PslybGMrduLjEyU+PUpX8tt3+fULfNBKFcdVpXPZHRjUUQTqV4fqKuSovNN8unfWN+Lu1fyf2JnSIZHYALG25qclftDG/xY7QwxGYdwx4ZdGxfwluxOZzyutDj43yMOpE9pbz/gMeYUzP3NrIqs0xGZTcQQ/dlkMj8D3wPgBJ5E53QY4H7wzjC7gc0FSMmZrDka81Wi4F1jF26jKQpFDFZRrU7bBm3XTBM1D72dwZTjp7MkyXVQ9aGI06GLJhJfrocNm6DDWLPJeELpWKyw0KduiO8luvNLW0CPUSA0kfz+jD2lzGtgAe+EKkt0WGHIgnIaSDJqust38Q5xLoyTlkKkGAyW64bW4cX4JpZDsmC2dC/5e6YWGWnZ7m6Y9xMwGf4bxzOgsIXP2VVdRybXsNl4dU/cRpTDvWuZ9H5knz41nsUey3kV7PLGt5zRI+HwpNG51EcdHhBx+TRkexaARXDCd48CMLVC+00V7eSMvb8NPeyetV84b1jXKfYp/AAl+IjuFAwAA - Metadata: - aws:cdk:path: TestAdHocBaseStack/CDKMetadata/Default -Outputs: - AdHocBaseBastionHostResourcesBastionHostBastionHostId6632FD2E: - Description: Instance ID of the bastion host. Use this to connect via SSM Session Manager - Value: - Ref: AdHocBaseBastionHostResourcesBastionHost0BDF523D - ExportsOutputFnGetAttAdHocBaseLoadBalancerBB0B50C8DNSNameA313B41E: - Value: - Fn::GetAtt: - - AdHocBaseLoadBalancerBB0B50C8 - - DNSName - Export: - Name: dev:ExportsOutputFnGetAttAdHocBaseLoadBalancerBB0B50C8DNSNameA313B41E - ExportsOutputRefVpcapplicationSubnet1SubnetC8835CB09E1D11C0: - Value: - Ref: VpcapplicationSubnet1SubnetC8835CB0 - Export: - Name: dev:ExportsOutputRefVpcapplicationSubnet1SubnetC8835CB09E1D11C0 - ExportsOutputRefVpcapplicationSubnet2SubnetEF05B07F72BAD207: - Value: - Ref: VpcapplicationSubnet2SubnetEF05B07F - Export: - Name: dev:ExportsOutputRefVpcapplicationSubnet2SubnetEF05B07F72BAD207 - ExportsOutputFnGetAttAdHocBaseAppSecurityGroup4C5C61DCGroupIdE7EA3E56: - Value: - Fn::GetAtt: - - AdHocBaseAppSecurityGroup4C5C61DC - - GroupId - Export: - Name: dev:ExportsOutputFnGetAttAdHocBaseAppSecurityGroup4C5C61DCGroupIdE7EA3E56 - ExportsOutputFnGetAttAdHocBaseServiceDiscoveryNamespaceServiceEB345BECArn2676953B: - Value: - Fn::GetAtt: - - AdHocBaseServiceDiscoveryNamespaceServiceEB345BEC - - Arn - Export: - Name: dev:ExportsOutputFnGetAttAdHocBaseServiceDiscoveryNamespaceServiceEB345BECArn2676953B - ExportsOutputRefAssetsBucket5CB761808BF2E271: - Value: - Ref: AssetsBucket5CB76180 - Export: - Name: dev:ExportsOutputRefAssetsBucket5CB761808BF2E271 - ExportsOutputFnGetAttAdHocBaseRdsInstance89538199EndpointAddress23906A25: - Value: - Fn::GetAtt: - - AdHocBaseRdsInstance89538199 - - Endpoint.Address - Export: - Name: dev:ExportsOutputFnGetAttAdHocBaseRdsInstance89538199EndpointAddress23906A25 - ExportsOutputRefVpcC302751171D26A23: - Value: - Ref: VpcC3027511 - Export: - Name: dev:ExportsOutputRefVpcC302751171D26A23 - ExportsOutputRefAdHocBaseAlbResourceshttpslistener0881D48FFF5EA30C: - Value: - Ref: AdHocBaseAlbResourceshttpslistener0881D48F - Export: - Name: dev:ExportsOutputRefAdHocBaseAlbResourceshttpslistener0881D48FFF5EA30C -Parameters: - SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter: - Type: AWS::SSM::Parameter::Value - Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 - BootstrapVersion: - Type: AWS::SSM::Parameter::Value - Default: /cdk-bootstrap/hnb659fds/version - Description: Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip] -Rules: - CheckBootstrapVersion: - Assertions: - - Assert: - Fn::Not: - - Fn::Contains: - - - "1" - - "2" - - "3" - - "4" - - "5" - - Ref: BootstrapVersion - AssertDescription: CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI. -