make sg

nomi3 · Jan 14, 2020 · b6cdd48 · b6cdd48
1 parent a6424bb
commit b6cdd48
Show file tree

Hide file tree

Showing 13 changed files with 472 additions and 489 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,13 @@
+# editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+trim_trailing_whitespace = false
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,7 @@
 *.js
 !jest.config.js
 *.d.ts
+!types/*.d.ts
 node_modules
 
 # CDK asset staging directory

diff --git a/bin/cdk-workshop.ts b/bin/cdk-workshop.ts
@@ -1,7 +1,5 @@
 #!/usr/bin/env node
 import { CdkWorkshopStack } from '../lib/cdk-workshop-stack'
-import cdk = require('@aws-cdk/core');
-
+import * as cdk from '@aws-cdk/core'
 const app = new cdk.App()
-
 ;(() => new CdkWorkshopStack(app, 'CdkWorkshopStack'))()
diff --git a/cdk-synth-result.yml b/cdk-synth-result.yml
@@ -1,70 +1,179 @@
-  VPCB9E5F0B4:
+Resources:
+  VPC:
     Type: AWS::EC2::VPC
     Properties:
       CidrBlock: 10.0.0.0/16
       EnableDnsHostnames: true
       EnableDnsSupport: true
       InstanceTenancy: default
       Tags:
+        - Key: Application
+          Value: CdkWorkshopStack
         - Key: Name
-          Value: CdkWorkshopStack/VPC
+          Value: VPC
+    Metadata:
+      aws:cdk:path: CdkWorkshopStack/VPC
+  igw:
+    Type: AWS::EC2::InternetGateway
+    Properties:
+      Tags:
         - Key: Application
           Value: CdkWorkshopStack
+        - Key: Name
+          Value: igw
     Metadata:
-      aws:cdk:path: CdkWorkshopStack/VPC/Resource
-  PublicSubnet1Subnet03067927:
+      aws:cdk:path: CdkWorkshopStack/igw
+  igwAttachment:
+    Type: AWS::EC2::VPCGatewayAttachment
+    Properties:
+      VpcId:
+        Ref: VPC
+      InternetGatewayId:
+        Ref: igw
+    Metadata:
+      aws:cdk:path: CdkWorkshopStack/igwAttachment
+  PublicSubnet1:
     Type: AWS::EC2::Subnet
     Properties:
       CidrBlock: 10.0.1.0/24
       VpcId:
-        Ref: VPCB9E5F0B4
+        Ref: VPC
       AvailabilityZone:
         Fn::Select:
           - 0
           - Fn::GetAZs: ""
       Tags:
+        - Key: Application
+          Value: CdkWorkshopStack
         - Key: Name
-          Value: CdkWorkshopStack/PublicSubnet1
+          Value: PublicSubnet1
+    Metadata:
+      aws:cdk:path: CdkWorkshopStack/PublicSubnet1
+  PublicSubnet2:
+    Type: AWS::EC2::Subnet
+    Properties:
+      CidrBlock: 10.0.2.0/24
+      VpcId:
+        Ref: VPC
+      AvailabilityZone:
+        Fn::Select:
+          - 1
+          - Fn::GetAZs: ""
+      Tags:
         - Key: Application
           Value: CdkWorkshopStack
+        - Key: Name
+          Value: PublicSubnet2
     Metadata:
-      aws:cdk:path: CdkWorkshopStack/PublicSubnet1/Subnet
-  PublicSubnet1RouteTable57E60591:
+      aws:cdk:path: CdkWorkshopStack/PublicSubnet2
+  PublicRouteTable:
     Type: AWS::EC2::RouteTable
     Properties:
       VpcId:
-        Ref: VPCB9E5F0B4
+        Ref: VPC
       Tags:
-        - Key: Name
-          Value: CdkWorkshopStack/PublicSubnet1
         - Key: Application
           Value: CdkWorkshopStack
+        - Key: Name
+          Value: PublicRouteTable
     Metadata:
-      aws:cdk:path: CdkWorkshopStack/PublicSubnet1/RouteTable
-  PublicSubnet1RouteTableAssociation0E73B917:
+      aws:cdk:path: CdkWorkshopStack/PublicRouteTable
+  PublicRoute:
+    Type: AWS::EC2::Route
+    Properties:
+      RouteTableId:
+        Ref: PublicRouteTable
+      DestinationCidrBlock: 0.0.0.0/0
+      GatewayId:
+        Ref: igw
+    Metadata:
+      aws:cdk:path: CdkWorkshopStack/PublicRoute
+  PublicSubnet1RouteTableAssociation:
     Type: AWS::EC2::SubnetRouteTableAssociation
     Properties:
       RouteTableId:
-        Ref: PublicSubnet1RouteTable57E60591
+        Ref: PublicRouteTable
       SubnetId:
-        Ref: PublicSubnet1Subnet03067927
+        Ref: PublicSubnet1
     Metadata:
-      aws:cdk:path: CdkWorkshopStack/PublicSubnet1/RouteTableAssociation
-  PublicSubnet1DefaultRoute3017635C:
-    Type: AWS::EC2::Route
+      aws:cdk:path: CdkWorkshopStack/PublicSubnet1RouteTableAssociation
+  PublicSubnet2RouteTableAssociation:
+    Type: AWS::EC2::SubnetRouteTableAssociation
     Properties:
       RouteTableId:
-        Ref: PublicSubnet1RouteTable57E60591
-      DestinationCidrBlock: 0.0.0.0/0
-      GatewayId: InternetGW
-    DependsOn:
-      - VPCB9E5F0B4
+        Ref: PublicRouteTable
+      SubnetId:
+        Ref: PublicSubnet2
+    Metadata:
+      aws:cdk:path: CdkWorkshopStack/PublicSubnet2RouteTableAssociation
+  publicAlbSg:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: SecurityGroup for Public ALB
+      SecurityGroupIngress:
+        - CidrIp: 0.0.0.0/0
+          Description: Enable HTTP access via port 80
+          FromPort: 80
+          IpProtocol: tcp
+          ToPort: 80
+      VpcId:
+        Ref: VPC
+    Metadata:
+      aws:cdk:path: CdkWorkshopStack/publicAlbSg
+  targetFleetSg:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: SecurityGroup for Target Fleet
+      SecurityGroupIngress:
+        - CidrIp: 0.0.0.0/0
+          Description: Enable SSH access via port 22
+          FromPort: 22
+          IpProtocol: tcp
+          ToPort: 22
+      VpcId:
+        Ref: VPC
+    Metadata:
+      aws:cdk:path: CdkWorkshopStack/targetFleetSg
+  targetFleetSgIngress1:
+    Type: AWS::EC2::SecurityGroupIngress
+    Properties:
+      IpProtocol: tcp
+      Description: Rule For HTTP Access From Public ALB
+      FromPort: 80
+      GroupId:
+        Ref: targetFleetSg
+      SourceSecurityGroupId:
+        Ref: publicAlbSg
+      ToPort: 80
+    Metadata:
+      aws:cdk:path: CdkWorkshopStack/targetFleetSgIngress1
+  alb:
+    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
+    Properties:
+      LoadBalancerAttributes:
+        - Key: idle_timeout.timeout_seconds
+          Value: "60"
+      Scheme: internet-facing
+      Subnets:
+        - 10.0.1.0/24
+        - 10.0.2.0/24
+    Metadata:
+      aws:cdk:path: CdkWorkshopStack/alb
+  listener:
+    Type: AWS::ElasticLoadBalancingV2::Listener
+    Properties:
+      DefaultActions:
+        - Type: forward
+      LoadBalancerArn:
+        Ref: alb
+      Port: 80
+      Protocol: HTTP
     Metadata:
-      aws:cdk:path: CdkWorkshopStack/PublicSubnet1/DefaultRoute
+      aws:cdk:path: CdkWorkshopStack/listener
   CDKMetadata:
     Type: AWS::CDK::Metadata
     Properties:
-      Modules: aws-cdk=1.18.0,@aws-cdk/aws-cloudwatch=1.18.0,@aws-cdk/aws-ec2=1.18.0,@aws-cdk/aws-iam=1.18.0,@aws-cdk/aws-ssm=1.18.0,@aws-cdk/core=1.18.0,@aws-cdk/cx-api=1.18.0,@aws-cdk/region-info=1.18.0,jsii-runtime=node.js/v11.15.0
+      Modules: aws-cdk=1.18.0,@aws-cdk/aws-cloudwatch=1.18.0,@aws-cdk/aws-ec2=1.18.0,@aws-cdk/aws-elasticloadbalancingv2=1.18.0,@aws-cdk/aws-iam=1.18.0,@aws-cdk/aws-ssm=1.18.0,@aws-cdk/core=1.18.0,@aws-cdk/cx-api=1.18.0,@aws-cdk/region-info=1.18.0,jsii-runtime=node.js/v11.15.0
     Condition: CDKMetadataAvailable
 Conditions:
   CDKMetadataAvailable:
@@ -130,4 +239,4 @@ Conditions:
               - us-west-1
           - Fn::Equals:
               - Ref: AWS::Region
-              - us-west-2
+              - us-west-2
diff --git a/jest.config.js b/jest.config.js
@@ -1,9 +1,9 @@
 module.exports = {
-    "roots": [
-      "<rootDir>/test"
-    ],
-    testMatch: [ '**/*.test.ts'],
-    "transform": {
-      "^.+\\.tsx?$": "ts-jest"
-    },
+  roots: [
+    '<rootDir>/test'
+  ],
+  testMatch: ['**/*.test.ts'],
+  transform: {
+    '^.+\\.tsx?$': 'ts-jest'
   }
+}
diff --git a/lib/cdk-workshop-stack.ts b/lib/cdk-workshop-stack.ts
@@ -1,7 +1,6 @@
 import { App, Stack, StackProps } from '@aws-cdk/core'
-
-import '..index/types/index'
 import genVpc from './constructs/vpc'
+import genSg from './constructs/sg'
 
 export class CdkWorkshopStack extends Stack {
   constructor (scope: App, id: string, props?: StackProps) {
@@ -13,5 +12,14 @@ export class CdkWorkshopStack extends Stack {
       id,
       props
     })
+
+    genSg({
+      stack: this,
+      scope,
+      id,
+      props
+    },
+    vpc
+    )
   }
 }
diff --git a/lib/constructs/elb.ts b/lib/constructs/elb.ts
@@ -0,0 +1,33 @@
+import { CfnLoadBalancer, CfnListener } from '@aws-cdk/aws-elasticloadbalancingv2'
+import { ConstructProps } from '../../types/index'
+
+export default function ({ stack, scope, id, props }: ConstructProps, vpc: any, sg: any): void {
+  // Alb
+  const alb = new CfnLoadBalancer(stack, 'alb', {
+    loadBalancerAttributes: [
+      {
+        key: 'idle_timeout.timeout_seconds',
+        value: '60'
+      }
+    ],
+    scheme: 'internet-facing',
+    // securityGroups: ,
+    subnets: [ // vpc.tsで定義したものを参照したい
+      vpc.,
+      '10.0.2.0/24'
+    ]
+  })
+
+  // Listener
+  new CfnListener(stack, 'listener', {
+    defaultActions: [
+      {
+        type: 'forward'
+        // targetGroupArn:
+      }
+    ],
+    loadBalancerArn: alb.ref,
+    port: 80,
+    protocol: 'HTTP'
+  })
+}
diff --git a/lib/constructs/sg.ts b/lib/constructs/sg.ts
@@ -0,0 +1,44 @@
+import { CfnSecurityGroup, CfnSecurityGroupIngress } from '@aws-cdk/aws-ec2'
+import { ConstructProps } from '../../types/index'
+// import genVpc from './vpc'
+
+export default function ({ stack, scope, id, props }: ConstructProps, vpc: any): void {
+  // PublicAlbSg
+  const publicAlbSg = new CfnSecurityGroup(stack, 'publicAlbSg', {
+    groupDescription: 'SecurityGroup for Public ALB',
+    securityGroupIngress: [
+      {
+        ipProtocol: 'tcp',
+        cidrIp: '0.0.0.0/0',
+        description: 'Enable HTTP access via port 80',
+        fromPort: 80,
+        toPort: 80
+      }
+    ],
+    vpcId: vpc.ref
+  })
+
+  // TargetFleetSg
+  const targetFleetSg = new CfnSecurityGroup(stack, 'targetFleetSg', {
+    groupDescription: 'SecurityGroup for Target Fleet',
+    securityGroupIngress: [
+      {
+        ipProtocol: 'tcp',
+        cidrIp: '0.0.0.0/0',
+        description: 'Enable SSH access via port 22',
+        fromPort: 22,
+        toPort: 22
+      }
+    ],
+    vpcId: vpc.ref
+  })
+
+  new CfnSecurityGroupIngress(stack, 'targetFleetSgIngress1', {
+    sourceSecurityGroupId: publicAlbSg.ref,
+    description: 'Rule For HTTP Access From Public ALB',
+    ipProtocol: 'tcp',
+    fromPort: 80,
+    toPort: 80,
+    groupId: targetFleetSg.ref
+  })
+}
diff --git a/lib/constructs/vpc.ts b/lib/constructs/vpc.ts
@@ -1,8 +1,22 @@
-import { Stack, Tag } from '@aws-cdk/core'
-import { CfnVPC, CfnInternetGateway, CfnVPCGatewayAttachment, CfnSubnet, CfnRouteTable, CfnRoute, CfnSubnetRouteTableAssociation } from '@aws-cdk/aws-ec2'
-import { ConstructProps } from '../../types/index'
+import {
+  Tag
+} from '@aws-cdk/core'
 
-export default function ({ stack, scope, id, props }: ConstructProps) {
+import {
+  CfnVPC,
+  CfnInternetGateway,
+  CfnVPCGatewayAttachment,
+  CfnSubnet,
+  CfnRouteTable,
+  CfnRoute,
+  CfnSubnetRouteTableAssociation
+} from '@aws-cdk/aws-ec2'
+
+import {
+  ConstructProps
+} from '../../types/index'
+
+export default function ({ stack, scope, id, props }: ConstructProps): any {
   // VPC
   const vpc = new CfnVPC(stack, 'VPC', {
     cidrBlock: '10.0.0.0/16',
@@ -30,7 +44,7 @@ export default function ({ stack, scope, id, props }: ConstructProps) {
     availabilityZone: stack.availabilityZones[1]
   })
 
-  //RouteTable
+  // RouteTable
   const publicRouteTable = new CfnRouteTable(stack, 'PublicRouteTable', {
     vpcId: vpc.ref
   })