added stacks for VPC, EncryptionKey, EFS and RDS

sanchita141011 · Jun 24, 2021 · 4b57e31 · 4b57e31
1 parent 3450ebd
commit 4b57e31
Show file tree

Hide file tree

Showing 12 changed files with 17,916 additions and 1,867 deletions.
diff --git a/xwiki-production-cdk/.gitignore b/xwiki-production-cdk/.gitignore
@@ -6,3 +6,4 @@ node_modules
 # CDK asset staging directory
 .cdk.staging
 cdk.out
+.eslintrc.json
diff --git a/xwiki-production-cdk/cdk.context.json b/xwiki-production-cdk/cdk.context.json
@@ -0,0 +1,15 @@
+{
+  "availability-zones:account=656019072197:region=us-east-1": [
+    "us-east-1a",
+    "us-east-1b",
+    "us-east-1c",
+    "us-east-1d",
+    "us-east-1e",
+    "us-east-1f"
+  ],
+  "availability-zones:account=656019072197:region=eu-central-1": [
+    "eu-central-1a",
+    "eu-central-1b",
+    "eu-central-1c"
+  ]
+}
diff --git a/xwiki-production-cdk/lib/models/efs-model.ts b/xwiki-production-cdk/lib/models/efs-model.ts
@@ -0,0 +1,12 @@
+import * as ec2 from '@aws-cdk/aws-ec2'
+import * as cdk from '@aws-cdk/core'
+import { Key } from '@aws-cdk/aws-kms'
+
+// import { XwikiProductionCdkStack } from '../app';
+
+export interface efsprops extends cdk.StackProps{
+
+    vpc: ec2.Vpc;
+    encryptionkey: Key;
+    env: cdk.Environment
+}
diff --git a/xwiki-production-cdk/lib/models/rds-model.ts b/xwiki-production-cdk/lib/models/rds-model.ts
@@ -0,0 +1,9 @@
+import * as ec2 from '@aws-cdk/aws-ec2'
+import * as cdk from '@aws-cdk/core'
+import { Key } from '@aws-cdk/aws-kms'
+
+export interface rdsprops extends cdk.StackProps{
+    vpc:ec2.Vpc,
+    encryptionkey: Key
+    env: cdk.Environment
+}
diff --git a/xwiki-production-cdk/lib/stacks/Efs.ts b/xwiki-production-cdk/lib/stacks/Efs.ts
@@ -0,0 +1,38 @@
+import * as cdk from '@aws-cdk/core';
+import { FileSystem, PerformanceMode } from '@aws-cdk/aws-efs';
+import {SecurityGroup, SubnetType} from  '@aws-cdk/aws-ec2';
+import { efsprops } from '../models/efs-model'
+
+
+export class XwikiEfs extends cdk.Stack{
+
+  public readonly xwikiEfs: FileSystem;
+    constructor(scope: cdk.App, id: string, props: efsprops){
+        super(scope, id, props)
+
+
+
+        const xwikiEfsSg = new SecurityGroup(this, 'trcXWikiEfsSecurityGroup', {
+            vpc: props.vpc,
+            allowAllOutbound: true,
+            description: `Security Group for XWiki EFS`
+          });
+
+          const xwikiEfs = new FileSystem(this, 'trcXWikiFileSystem', {
+            vpc: props.vpc,
+            enableAutomaticBackups: true,
+            encrypted: true,
+            kmsKey: props.encryptionkey,
+            performanceMode: PerformanceMode.GENERAL_PURPOSE,
+            securityGroup: xwikiEfsSg,
+            vpcSubnets: props.vpc.selectSubnets(
+              {
+                subnetType: SubnetType.PRIVATE
+              }
+            )
+          });
+
+          this.xwikiEfs=xwikiEfs;
+
+    }
+}
diff --git a/xwiki-production-cdk/lib/stacks/encryptionKey.ts b/xwiki-production-cdk/lib/stacks/encryptionKey.ts
@@ -0,0 +1,29 @@
+import { Key } from '@aws-cdk/aws-kms'
+import * as cdk from '@aws-cdk/core'
+
+export class XwikiEncryptionKey extends cdk.Stack {
+    public readonly EncryptionKey: Key;
+    public readonly SecretEncryptionKey: Key;
+    constructor (scope: cdk.App, id: string, props?: cdk.StackProps) {
+      super(scope, id, props)
+
+      const EncryptionKey = new Key(this, 'xwiki_encryption_key', {
+        alias: 'xwiki-key',
+        description: 'Encryption Key for XWiki Storage Resources',
+        enableKeyRotation: true,
+        enabled: true,
+        trustAccountIdentities: true
+      })
+
+      const SecretEncryptionKey = new Key(this, 'xwiki_secret_encryption key', {
+        alias: 'xwiki-secret-key',
+        description: 'Encryption Key for XWiki Secrets',
+        enableKeyRotation: true,
+        enabled: true,
+        trustAccountIdentities: true
+      })
+
+      this.EncryptionKey = EncryptionKey
+      this.SecretEncryptionKey = SecretEncryptionKey
+    }
+}
diff --git a/xwiki-production-cdk/lib/stacks/rds.ts b/xwiki-production-cdk/lib/stacks/rds.ts
@@ -0,0 +1,69 @@
+import { AuroraCapacityUnit, AuroraMysqlEngineVersion, DatabaseClusterEngine, ServerlessCluster, SubnetGroup } from '@aws-cdk/aws-rds'
+import { SecurityGroup, SubnetType } from '@aws-cdk/aws-ec2'
+import * as cdk from '@aws-cdk/core'
+import { rdsprops } from '../models/rds-model'
+import { Secret } from '@aws-cdk/aws-secretsmanager'
+
+export class xwikiRds extends cdk.Stack {
+    public readonly xwikiRds : ServerlessCluster;
+    public readonly xwikiRdsPwSecret: Secret;
+    constructor (scope: cdk.App, id: string, props: rdsprops) {
+      super(scope, id, props)
+
+      const xwikiRdsSg = new SecurityGroup(this, 'trcXWikiRdsSecurityGroup', {
+        vpc: props.vpc,
+        allowAllOutbound: true,
+        description: 'Security Group for XWiki RDS'
+      })
+
+      const xwikiRdsDbSubnetGroup = new SubnetGroup(this, 'trcXWikiDbSubnetGroup', {
+        description: 'DB SubnetGroup for XWiki RDS',
+        vpc: props.vpc,
+        vpcSubnets: props.vpc.selectSubnets(
+          {
+            subnetType: SubnetType.PRIVATE
+          }
+        )
+      })
+
+      const xwikiRdsPwSecret = new Secret(this, 'trcXWikiEcsUserPassword', {
+        description: 'RDS UserSecret for XWiki RDS',
+        encryptionKey: props.encryptionkey,
+        generateSecretString: {
+          excludePunctuation: true,
+          passwordLength: 16
+        }
+      })
+
+      const xwikiRds = new ServerlessCluster(this, 'trcXWikiDbCluster', {
+        engine: DatabaseClusterEngine.auroraMysql({
+          version: AuroraMysqlEngineVersion.VER_2_07_1
+        }),
+        vpc: props.vpc,
+        vpcSubnets: props.vpc.selectSubnets(
+          {
+            subnetType: SubnetType.PRIVATE
+          }
+        ),
+        credentials: {
+          username: 'xwikimysql',
+          password: xwikiRdsPwSecret.secretValue
+        },
+        backupRetention: cdk.Duration.days(7),
+        scaling: {
+          autoPause: cdk.Duration.minutes(0), // AutoPause Disabled
+          minCapacity: AuroraCapacityUnit.ACU_1,
+          maxCapacity: AuroraCapacityUnit.ACU_8
+        },
+        securityGroups: [
+          xwikiRdsSg
+        ],
+        defaultDatabaseName: 'xwiki',
+        storageEncryptionKey: props.encryptionkey,
+        subnetGroup: xwikiRdsDbSubnetGroup
+      })
+
+      this.xwikiRds = xwikiRds
+      this.xwikiRdsPwSecret = xwikiRdsPwSecret
+    }
+}
diff --git a/xwiki-production-cdk/lib/stacks/vpc.ts b/xwiki-production-cdk/lib/stacks/vpc.ts
@@ -0,0 +1,31 @@
+import { DefaultInstanceTenancy, NatProvider, SubnetType, Vpc } from '@aws-cdk/aws-ec2'
+import * as cdk from '@aws-cdk/core'
+
+export class XwikiVpc extends cdk.Stack {
+    public readonly xwikivpc: Vpc;
+    constructor (scope: cdk.App, id: string, props?: cdk.StackProps) {
+      super(scope, id, props)
+
+      this.xwikivpc = new Vpc(this, 'xwiki-vpc', {
+        cidr: '10.42.42.0/24',
+        defaultInstanceTenancy: DefaultInstanceTenancy.DEFAULT,
+        maxAzs: 2,
+        natGatewayProvider: NatProvider.gateway(),
+        natGateways: 1,
+        subnetConfiguration: [
+          {
+            name: 'public',
+            subnetType: SubnetType.PUBLIC,
+            cidrMask: 27
+          },
+          {
+            name: 'private-database',
+            subnetType: SubnetType.PRIVATE,
+            cidrMask: 26
+          }
+        ]
+      })
+
+      // this.xwikivpc=xwikivpc;
+    }
+}
diff --git a/xwiki-production-cdk/lib/xwiki-production-cdk-stack.ts b/xwiki-production-cdk/lib/xwiki-production-cdk-stack.ts