feat(celery): add elasticache, celery worker and celery beat constructs

briancaffey · May 14, 2021 · 634b268 · 634b268
1 parent c1c1a49
commit 634b268
Show file tree

Hide file tree

Showing 5 changed files with 145 additions and 14 deletions.
diff --git a/src/celery/beat/index.ts b/src/celery/beat/index.ts
@@ -0,0 +1,42 @@
+import * as ecs from '@aws-cdk/aws-ecs';
+import * as logs from '@aws-cdk/aws-logs';
+import * as cdk from '@aws-cdk/core';
+
+export interface CeleryBeatProps {
+  readonly image: ecs.ContainerImage;
+  readonly command: string[];
+  readonly environment: { [key: string]: string };
+  readonly cluster: ecs.ICluster;
+}
+
+export class CeleryBeat extends cdk.Construct {
+  constructor(scope: cdk.Construct, id: string, props: CeleryBeatProps) {
+    super(scope, id);
+
+
+    const taskDefinition = new ecs.TaskDefinition(scope, `TaskDefinitionFor${id}`, {
+      compatibility: ecs.Compatibility.FARGATE,
+      cpu: '256',
+      memoryMiB: '512',
+    });
+
+    taskDefinition.addContainer(`TaskContainerFor${id}`, {
+      image: props.image,
+      command: props.command,
+      environment: props.environment,
+      logging: ecs.LogDriver.awsLogs(
+        {
+          logRetention: logs.RetentionDays.ONE_DAY,
+          streamPrefix: `${id}Container`,
+        },
+      ),
+    });
+
+    new ecs.FargateService(scope, `FargateService${id}`, {
+      cluster: props.cluster,
+      taskDefinition,
+      // only run one instance of celery beat
+      desiredCount: 1,
+    });
+  }
+}
diff --git a/src/celery/index.ts b/src/celery/index.ts
@@ -0,0 +1,2 @@
+export * from './beat';
+export * from './worker';
diff --git a/src/celery/worker/index.ts b/src/celery/worker/index.ts
@@ -0,0 +1,43 @@
+import * as ecs from '@aws-cdk/aws-ecs';
+import * as logs from '@aws-cdk/aws-logs';
+import * as cdk from '@aws-cdk/core';
+
+export interface CeleryWorkerProps {
+  readonly image: ecs.ContainerImage;
+  readonly command: string[];
+  readonly environment: { [key: string]: string };
+  readonly cluster: ecs.ICluster;
+}
+
+export class CeleryWorker extends cdk.Construct {
+  constructor(scope: cdk.Construct, id: string, props: CeleryWorkerProps) {
+    super(scope, id);
+
+
+    const taskDefinition = new ecs.TaskDefinition(scope, `TaskDefinitionFor${id}`, {
+      compatibility: ecs.Compatibility.FARGATE,
+      cpu: '256',
+      memoryMiB: '512',
+    });
+
+    taskDefinition.addContainer(`TaskContainerFor${id}`, {
+      image: props.image,
+      command: props.command,
+      environment: props.environment,
+      logging: ecs.LogDriver.awsLogs(
+        {
+          logRetention: logs.RetentionDays.ONE_DAY,
+          streamPrefix: `${id}Container`,
+        },
+      ),
+    });
+
+    new ecs.FargateService(scope, `FargateService${id}`, {
+      cluster: props.cluster,
+      taskDefinition,
+      desiredCount: 1,
+    });
+
+    // TODO: scaling options
+  }
+}
diff --git a/src/django-cdk.ts b/src/django-cdk.ts
@@ -6,6 +6,7 @@ import * as s3 from '@aws-cdk/aws-s3';
 import * as secretsmanager from '@aws-cdk/aws-secretsmanager';
 import * as cdk from '@aws-cdk/core';
 import { RdsPostgresInstance } from './database';
+import { ElastiCacheCluster } from './elasticache';
 import { managementCommandTask } from './tasks';
 import { ApplicationVpc } from './vpc';
 
@@ -86,12 +87,27 @@ export class DjangoCdk extends cdk.Construct {
       secret: this.secret,
     });
 
+
+    /**
+     * A security group in the VPC for our application (ECS Fargate services and tasks)
+     * Allow the application services to access the RDS security group
+     */
+    const appSecurityGroup = new ec2.SecurityGroup(scope, 'appSecurityGroup', {
+      vpc: this.vpc,
+    });
+
+    const elastiCacheRedis = new ElastiCacheCluster(scope, 'ElastiCacheCluster', {
+      vpc: this.vpc,
+      appSecurityGroup,
+    });
+
     const environment: { [key: string]: string } = {
       AWS_STORAGE_BUCKET_NAME: staticFilesBucket.bucketName,
       POSTGRES_SERVICE_HOST: database.rdsPostgresInstance.dbInstanceEndpointAddress,
       POSTGRES_PASSWORD: this.secret.secretValue.toString(),
       DEBUG: '0',
       DJANGO_SETTINGS_MODULE: 'backend.settings.production',
+      REDIS_SERVICE_HOST: elastiCacheRedis.elastiCacheCluster.attrRedisEndpointAddress,
     };
 
     taskDefinition.addContainer('backendContainer', {
@@ -110,19 +126,6 @@ export class DjangoCdk extends cdk.Construct {
       ),
     });
 
-    // container.addPortMappings({
-    //   containerPort: 8000,
-    //   protocol: ecs.Protocol.TCP,
-    // });
-
-    /**
-     * A security group in the VPC for our application (ECS Fargate services and tasks)
-     * Allow the application services to access the RDS security group
-     */
-    const appSecurityGroup = new ec2.SecurityGroup(scope, 'appSecurityGroup', {
-      vpc: this.vpc,
-    });
-
     new managementCommandTask(scope, 'migrate', {
       image: this.image,
       command: ['python3', 'manage.py', 'migrate', '--no-input'],
@@ -160,7 +163,7 @@ export class DjangoCdk extends cdk.Construct {
     });
 
     /**
-     * Allows the app security group to communicate with the database security group
+     * Allows the app security group to communicate with the RDS security group
      */
     database.rdsSecurityGroup.addIngressRule(appSecurityGroup, ec2.Port.tcp(5432));
 

diff --git a/src/elasticache/index.ts b/src/elasticache/index.ts
@@ -0,0 +1,41 @@
+import { Port, SecurityGroup, SubnetType, IVpc } from '@aws-cdk/aws-ec2';
+import { CfnCacheCluster, CfnSubnetGroup } from '@aws-cdk/aws-elasticache';
+import * as cdk from '@aws-cdk/core';
+
+export interface ElastiCacheRedisProps {
+  vpc: IVpc;
+  appSecurityGroup: SecurityGroup;
+}
+
+export class ElastiCacheCluster extends cdk.Construct {
+  readonly elastiCacheCluster: CfnCacheCluster;
+  readonly elastiCacheClusterSecurityGroup: SecurityGroup;
+  constructor(scope: cdk.Construct, id: string, props: ElastiCacheRedisProps) {
+    super(scope, id);
+
+    const elastiCacheClusterSecurityGroup = new SecurityGroup(scope, 'ElastiCacheSecurityGroup', {
+      vpc: props.vpc,
+      description: 'ElastiCache Security Group',
+    });
+    this.elastiCacheClusterSecurityGroup = elastiCacheClusterSecurityGroup;
+
+    const elastiCacheClusterSubnetGroup = new CfnSubnetGroup(scope, 'ElastiCacheRedisSubnetGroup', {
+      subnetIds: props.vpc.selectSubnets({
+        subnetType: SubnetType.ISOLATED,
+      }).subnetIds,
+      description: 'ElastiCache Subnet Group',
+    });
+
+    this.elastiCacheCluster = new CfnCacheCluster(this, 'ElastiCacheCluster', {
+      clusterName: `${id}-elstiCacheCluster`,
+      cacheNodeType: 'cache.t2.micro',
+      engine: 'redis',
+      numCacheNodes: 1,
+      vpcSecurityGroupIds: [elastiCacheClusterSecurityGroup.securityGroupId],
+      cacheSubnetGroupName: elastiCacheClusterSubnetGroup.ref,
+    });
+
+    this.elastiCacheCluster.addDependsOn(elastiCacheClusterSubnetGroup);
+    elastiCacheClusterSecurityGroup.connections.allowFrom(props.appSecurityGroup, Port.tcp(6379));
+  }
+}