/
database.ts
79 lines (72 loc) · 2.18 KB
/
database.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
import { NestedStack, NestedStackProps } from "aws-cdk-lib";
import {
IVpc,
Peer,
Port,
SecurityGroup,
SubnetType,
} from "aws-cdk-lib/aws-ec2";
import {
AuroraPostgresEngineVersion,
ClusterInstance,
Credentials,
DatabaseCluster,
DatabaseClusterEngine,
IDatabaseCluster,
} from "aws-cdk-lib/aws-rds";
import { ISecret, Secret } from "aws-cdk-lib/aws-secretsmanager";
import { Construct } from "constructs";
interface DatabaseProps extends NestedStackProps {
vpc: IVpc;
applicationName: string;
}
class Database extends NestedStack {
public readonly dbCluster: IDatabaseCluster;
public readonly dbSecret: ISecret;
public readonly dbName: string;
constructor(scope: Construct, id: string, props?: DatabaseProps) {
super(scope, id, props);
const { vpc, applicationName } = props!;
const dbSecurityGroup = new SecurityGroup(this, "DBClusterSecurityGroup", {
vpc,
});
dbSecurityGroup.addIngressRule(
Peer.ipv4(vpc.privateSubnets[0].ipv4CidrBlock),
Port.tcp(5432)
);
this.dbSecret = new Secret(this, "DBCredentialsSecret", {
secretName: `${applicationName}-credentials`,
generateSecretString: {
secretStringTemplate: JSON.stringify({
username: applicationName,
}),
excludePunctuation: true,
includeSpace: false,
generateStringKey: "password",
},
});
this.dbCluster = new DatabaseCluster(this, "Database", {
engine: DatabaseClusterEngine.auroraPostgres({
version: AuroraPostgresEngineVersion.VER_14_7,
}),
defaultDatabaseName: applicationName,
writer: ClusterInstance.serverlessV2("writer"),
serverlessV2MinCapacity: 0.5,
serverlessV2MaxCapacity: 1,
readers: [
ClusterInstance.serverlessV2("reader", { scaleWithWriter: true }),
],
vpc,
vpcSubnets: vpc.selectSubnets({
subnetType: SubnetType.PRIVATE_ISOLATED,
}),
credentials: Credentials.fromPassword(
this.dbSecret.secretValueFromJson("username").unsafeUnwrap(),
this.dbSecret.secretValueFromJson("password")
),
port: 5432,
securityGroups: [dbSecurityGroup],
});
}
}
export default Database;