Created
March 29, 2020 16:14
-
-
Save nonken/7012cbf4710744c31dee93c110b21667 to your computer and use it in GitHub Desktop.
Ghost Blog with CDK - Note: This has some security issues which would need to be addressed on a production environment.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import {App, Duration} from '@aws-cdk/core'; | |
| import { | |
| ApplicationListener, | |
| ApplicationListenerRule, | |
| ApplicationLoadBalancer, | |
| ApplicationProtocol, | |
| ApplicationTargetGroup, | |
| InstanceTarget | |
| } from "@aws-cdk/aws-elasticloadbalancingv2"; | |
| import { | |
| Peer, | |
| GenericLinuxImage, | |
| Instance, | |
| InstanceClass, | |
| InstanceSize, | |
| InstanceType, | |
| Port, | |
| Protocol, | |
| SecurityGroup, | |
| Vpc, SubnetType | |
| } from '@aws-cdk/aws-ec2'; | |
| import {ARecord, PublicHostedZone, RecordTarget} from "@aws-cdk/aws-route53"; | |
| import {LoadBalancerTarget} from "@aws-cdk/aws-route53-targets"; | |
| import {ApplicationProperties, ApplicationStack} from "./application-stack"; | |
| export interface BlogDefinition { | |
| vpc: Vpc, | |
| zone: PublicHostedZone, | |
| loadBalancer: ApplicationLoadBalancer, | |
| httpsListener: ApplicationListener | |
| } | |
| export class Blog extends ApplicationStack { | |
| constructor(scope: App, id: string, props: ApplicationProperties) { | |
| super(scope, id, props); | |
| const { | |
| stages | |
| } = this.node.tryGetContext('blog'); | |
| const securityGroup = new SecurityGroup(this, `${id}-security-group-blog`, { | |
| allowAllOutbound: true, | |
| vpc: props.vpc | |
| }); | |
| securityGroup.addIngressRule(Peer.anyIpv4(), new Port({ | |
| protocol: Protocol.ALL, | |
| stringRepresentation: 'Blog', | |
| fromPort: 80, | |
| toPort: 80 | |
| }), 'allow access from any ipv4 ip'); | |
| securityGroup.addIngressRule(Peer.anyIpv4(), new Port({ | |
| protocol: Protocol.ALL, | |
| stringRepresentation: 'Blog SSH', | |
| fromPort: 22, | |
| toPort: 22 | |
| }), 'allow ssh access from any ipv4 ip'); | |
| const instance = new Instance(this, `${id}-blog`, { | |
| instanceType: InstanceType.of(InstanceClass.T2, InstanceSize.NANO), | |
| vpc: props.vpc, | |
| keyName: 'yourkey', | |
| vpcSubnets: { | |
| subnetType: SubnetType.PUBLIC, | |
| }, | |
| machineImage: new GenericLinuxImage({ | |
| 'us-east-1': 'ami-053267ee7b9216e93' | |
| }) | |
| }); | |
| const targetGroup = new ApplicationTargetGroup(this, `${id}-lb-target-group`, { | |
| port: 80, | |
| protocol: ApplicationProtocol.HTTP, | |
| targets: [new InstanceTarget(instance.instanceId, 80)], | |
| deregistrationDelay: Duration.seconds(60), | |
| vpc: props.vpc, | |
| healthCheck: { | |
| path: '/', | |
| port: '80', | |
| timeout: Duration.seconds(2), | |
| interval: Duration.seconds(5), | |
| unhealthyThresholdCount: 2, | |
| healthyThresholdCount: 2 | |
| } | |
| }); | |
| new ApplicationListenerRule(this, `${id}-production-application-listener-rule`, { | |
| listener: props.httpsListener, | |
| targetGroups: [targetGroup], | |
| hostHeader: stages.production.hostName, | |
| priority: stages.production.priority, | |
| }); | |
| const dnsRecord = new ARecord(this, "ARecord", { | |
| recordName: stages.production.hostName, | |
| zone: props.zone, | |
| target: RecordTarget.fromAlias(new LoadBalancerTarget(props.loadBalancer)) | |
| }); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment