-
Notifications
You must be signed in to change notification settings - Fork 3
/
stack-digital-ocean-aws-ec2.ts
62 lines (52 loc) · 3.04 KB
/
stack-digital-ocean-aws-ec2.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
import { AwsProvider, DataAwsAmi, Instance, KeyPair, SecurityGroup } from "@cdktf/provider-aws";
import { TerraformOutput, TerraformStack } from "cdktf";
import { Construct } from "constructs";
import { DatabaseCluster as BaseDatabaseCluster, DatabaseFirewall, DigitaloceanProvider } from "./.gen/providers/digitalocean";
import { Grantor, GrantStrategy } from "./lib/grants";
const DatabaseCluster = Grantor(BaseDatabaseCluster);
export class DigitalOceanAwsEc2Stack extends TerraformStack {
constructor(scope: Construct, name: string) {
super(scope, name);
new DigitaloceanProvider(this, 'do-provider');
new AwsProvider(this, 'aws-provider', { region: 'eu-central-1' });
const db = new DatabaseCluster(this, 'db', {
name: 'demo-postgres-cluster-ec2',
engine: 'pg',
version: '11',
nodeCount: 1,
size: 'db-s-1vcpu-1gb',
region: 'fra1',
})
const latestUbuntu = new DataAwsAmi(this, 'ami', {
owners: ['099720109477'], // Canonical
mostRecent: true,
filter: [{
name: 'name',
values: ['ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*'],
}, {
name: 'virtualization-type',
values: ['hvm']
}]
});
const keyPair = new KeyPair(this, 'ssh-key', {
keyName: 'ansgar-cdk-demo',
publicKey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkJq0a9H8zRZQHZQop9vbADw/UNUxSDxntWWPRAVpf0iky4h3a7FkaWMPMc0nN6C1QAy6P3qfx4z3En0RsfJ0V02+9oBTkN9oxMe+vWfFL44zdiSYBA7b6Y5QXHWcEI0HYxxxYyOGK7TfG7X/wlLodM4IAnd4zOj8X7Y8+CoKkctg9YywM75ZFU//dZRHv4BwDdcw96K2ybhmhfDEbSvYICPwrzbJzpPFKFk5j8NlPNxENKASQGHghdx25Dk22j+JvtvEKEIzNYpTts++9fpzYnfh2ifDftG/vDpvVf3jB4mk277G3Hje8iDnUXTtxta1crJrSc/UrK8wyW+9Gukut0U+RPRnjQfJPFl3AD2kDjQPpnsKs/Lwp4/cQurvK4thQ6MZlojggi6mYHbtVBN/udV0uNVFOBg6lVsWRZoWKTDOj9wTZqryugtK+pzOI/I8C13YM0AP+9qhVOl81fgKy8uroOk81TNYDAbF0TWOz3K9mlGzUgyCIbufGVV72qvM= ansgar@hashicorp.com',
});
const securityGroup = new SecurityGroup(this, 'sg-ec2-instance', {
ingress: [{ fromPort: 22, toPort: 22, protocol: 'tcp', description: 'Allow SSH access', cidrBlocks: ["0.0.0.0/0"] }],
egress: [{ fromPort: 0, toPort: 0, protocol: "-1", cidrBlocks: ["0.0.0.0/0"], description: 'Allow all egress' }]
});
const ec2 = new Instance(this, 'ec2', {
ami: latestUbuntu.id,
instanceType: 't3.micro',
tags: { Name: 'cdk-day-example' },
keyName: keyPair.keyName,
securityGroups: [securityGroup.name],
});
db.grantAccess(ec2);
new TerraformOutput(this, 'database_url_local', { value: 'overriden', sensitive: true })
.addOverride('value', `postgresql://${db.user}:${db.password}@localhost:11111/${db.database}`);
new TerraformOutput(this, 'database_host_port', { value: `${db.host}:${db.getStringAttribute('port')}` });
new TerraformOutput(this, 'instance_ip', { value: ec2.publicIp });
}
}