Skip to content

Instantly share code, notes, and snippets.

@nonken

nonken/blog.ts

Created March 29, 2020 16:14
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save nonken/7012cbf4710744c31dee93c110b21667 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save nonken/7012cbf4710744c31dee93c110b21667 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. nonken created this gist Mar 29, 2020.
    103 changes: 103 additions & 0 deletions blog.ts
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,103 @@
    import {App, Duration} from '@aws-cdk/core';
    import {
    ApplicationListener,
    ApplicationListenerRule,
    ApplicationLoadBalancer,
    ApplicationProtocol,
    ApplicationTargetGroup,
    InstanceTarget
    } from "@aws-cdk/aws-elasticloadbalancingv2";

    import {
    Peer,
    GenericLinuxImage,
    Instance,
    InstanceClass,
    InstanceSize,
    InstanceType,
    Port,
    Protocol,
    SecurityGroup,
    Vpc, SubnetType
    } from '@aws-cdk/aws-ec2';

    import {ARecord, PublicHostedZone, RecordTarget} from "@aws-cdk/aws-route53";
    import {LoadBalancerTarget} from "@aws-cdk/aws-route53-targets";
    import {ApplicationProperties, ApplicationStack} from "./application-stack";

    export interface BlogDefinition {
    vpc: Vpc,
    zone: PublicHostedZone,
    loadBalancer: ApplicationLoadBalancer,
    httpsListener: ApplicationListener
    }

    export class Blog extends ApplicationStack {
    constructor(scope: App, id: string, props: ApplicationProperties) {
    super(scope, id, props);

    const {
    stages
    } = this.node.tryGetContext('blog');

    const securityGroup = new SecurityGroup(this, `${id}-security-group-blog`, {
    allowAllOutbound: true,
    vpc: props.vpc
    });

    securityGroup.addIngressRule(Peer.anyIpv4(), new Port({
    protocol: Protocol.ALL,
    stringRepresentation: 'Blog',
    fromPort: 80,
    toPort: 80
    }), 'allow access from any ipv4 ip');

    securityGroup.addIngressRule(Peer.anyIpv4(), new Port({
    protocol: Protocol.ALL,
    stringRepresentation: 'Blog SSH',
    fromPort: 22,
    toPort: 22
    }), 'allow ssh access from any ipv4 ip');

    const instance = new Instance(this, `${id}-blog`, {
    instanceType: InstanceType.of(InstanceClass.T2, InstanceSize.NANO),
    vpc: props.vpc,
    keyName: 'yourkey',
    vpcSubnets: {
    subnetType: SubnetType.PUBLIC,
    },
    machineImage: new GenericLinuxImage({
    'us-east-1': 'ami-053267ee7b9216e93'
    })
    });

    const targetGroup = new ApplicationTargetGroup(this, `${id}-lb-target-group`, {
    port: 80,
    protocol: ApplicationProtocol.HTTP,
    targets: [new InstanceTarget(instance.instanceId, 80)],
    deregistrationDelay: Duration.seconds(60),
    vpc: props.vpc,
    healthCheck: {
    path: '/',
    port: '80',
    timeout: Duration.seconds(2),
    interval: Duration.seconds(5),
    unhealthyThresholdCount: 2,
    healthyThresholdCount: 2
    }
    });

    new ApplicationListenerRule(this, `${id}-production-application-listener-rule`, {
    listener: props.httpsListener,
    targetGroups: [targetGroup],
    hostHeader: stages.production.hostName,
    priority: stages.production.priority,
    });

    const dnsRecord = new ARecord(this, "ARecord", {
    recordName: stages.production.hostName,
    zone: props.zone,
    target: RecordTarget.fromAlias(new LoadBalancerTarget(props.loadBalancer))
    });
    }
    }