UNPKG

@scloud/cdk-patterns

Version:

Serverless CDK patterns for common infrastructure needs

github.com/davidcarboni/scloud

davidcarboni/scloud

83 lines • 12.2 kB

JavaScript

"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.fargate = fargate; const aws_certificatemanager_1 = require("aws-cdk-lib/aws-certificatemanager"); const aws_cdk_lib_1 = require("aws-cdk-lib"); const aws_elasticloadbalancingv2_1 = require("aws-cdk-lib/aws-elasticloadbalancingv2"); const aws_ec2_1 = require("aws-cdk-lib/aws-ec2"); const aws_ecs_patterns_1 = require("aws-cdk-lib/aws-ecs-patterns"); const aws_ecs_1 = require("aws-cdk-lib/aws-ecs"); const aws_logs_1 = require("aws-cdk-lib/aws-logs"); const EcrRepository_1 = require("../EcrRepository"); /** * @deprecated Use FargateContainer instead * * Builds an ApplicationLoadBalancedFargateService * @param stack Parent CDK stack * @param name Base name for resources / resource IDs * @param zone DNS zone * @param environment Any environment variables * @param zeroTasks Sets task count to zero - useful if you don't have an image in ECR yet. * @param vpc Optional VPC to host the cluster in * @returns Deplyment detais */ function fargate(stack, name, serviceName, zone, domainName, environment = {}, repository = undefined, tag = 'latest', zeroTasks = false, vpc = undefined) { const result = {}; // Container repository result.repository = repository || new EcrRepository_1.EcrRepository(stack, name); // It seems like NAT gateways are costly, so I've set this up to avoid that - only creating one. // At some point we may want to figure out a privte endpoint so that we can retire the NAT. // Based on: https://www.binarythinktank.com/blog/truly-serverless-container // and https://stackoverflow.com/questions/64299664/how-to-configure-aws-cdk-applicationloadbalancedfargateservice-to-log-parsed-jso result.vpc = vpc || new aws_ec2_1.Vpc(stack, `${name}Vpc`, { natGateways: 1, subnetConfiguration: [{ name, subnetType: aws_ec2_1.SubnetType.PUBLIC, }], }); // Fargate result.albFargateService = new aws_ecs_patterns_1.ApplicationLoadBalancedFargateService(stack, `${name}AlbFargateService`, { loadBalancerName: name, serviceName, domainZone: zone, domainName: domainName || zone.zoneName, certificate: new aws_certificatemanager_1.DnsValidatedCertificate(stack, name, { domainName: domainName || zone.zoneName, hostedZone: zone, }), protocol: aws_elasticloadbalancingv2_1.ApplicationProtocol.HTTPS, cpu: 512, memoryLimitMiB: 1024, taskImageOptions: { containerName: name, image: aws_ecs_1.ContainerImage.fromEcrRepository(result.repository, tag), containerPort: 3000, environment, logDriver: aws_ecs_1.LogDrivers.awsLogs({ streamPrefix: name, logGroup: new aws_logs_1.LogGroup(stack, `${name}LogGroup`, { // Ensure the log group is deleted when the stack is deleted // and that logs aren't retained indefinitely logGroupName: `/${stack.stackName}/ecs/${name}`, removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY, retention: aws_logs_1.RetentionDays.THREE_MONTHS, }), }), }, desiredCount: 2, vpc: result.vpc, // ? https://stackoverflow.com/questions/67301268/aws-fargate-resourceinitializationerror-unable-to-pull-secrets-or-registry-auth assignPublicIp: true, }); result.albFargateService.loadBalancer.addRedirect(); // http -> https if (zeroTasks) { // On the first deploy, when there's no image in the repository: // https://github.com/aws/aws-cdk/issues/3646#issuecomment-623919242 const { node } = result.albFargateService.service; const cfnService = node.findChild('Service'); cfnService.desiredCount = 0; } return result; } //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZmFyZ2F0ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9kZXByZWNhdGVkL2ZhcmdhdGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUE2QkEsMEJBNkVDO0FBMUdELCtFQUE2RTtBQUM3RSw2Q0FBbUQ7QUFDbkQsdUZBQTZFO0FBQzdFLGlEQUFzRDtBQUN0RCxtRUFBcUY7QUFHckYsaURBQTZFO0FBQzdFLG1EQUErRDtBQUMvRCxvREFBaUQ7QUFRakQ7Ozs7Ozs7Ozs7O0dBV0c7QUFDSCxTQUFnQixPQUFPLENBQ3JCLEtBQVksRUFDWixJQUFZLEVBQ1osV0FBbUIsRUFDbkIsSUFBaUIsRUFDakIsVUFBbUIsRUFDbkIsY0FBMEMsRUFBRSxFQUM1QyxhQUFxQyxTQUFTLEVBQzlDLE1BQWMsUUFBUSxFQUN0QixZQUFxQixLQUFLLEVBQzFCLE1BQXVCLFNBQVM7SUFFaEMsTUFBTSxNQUFNLEdBQTJCLEVBQUUsQ0FBQztJQUUxQyx1QkFBdUI7SUFDdkIsTUFBTSxDQUFDLFVBQVUsR0FBRyxVQUFVLElBQUksSUFBSSw2QkFBYSxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQztJQUNqRSxnR0FBZ0c7SUFDaEcsMkZBQTJGO0lBQzNGLDRFQUE0RTtJQUM1RSxvSUFBb0k7SUFDcEksTUFBTSxDQUFDLEdBQUcsR0FBRyxHQUFHLElBQUksSUFBSSxhQUFHLENBQUMsS0FBSyxFQUFFLEdBQUcsSUFBSSxLQUFLLEVBQUU7UUFDL0MsV0FBVyxFQUFFLENBQUM7UUFDZCxtQkFBbUIsRUFBRSxDQUFDO2dCQUNwQixJQUFJO2dCQUNKLFVBQVUsRUFBRSxvQkFBVSxDQUFDLE1BQU07YUFDOUIsQ0FBQztLQUNILENBQUMsQ0FBQztJQUVILFVBQVU7SUFDVixNQUFNLENBQUMsaUJBQWlCLEdBQUcsSUFBSSx3REFBcUMsQ0FDbEUsS0FBSyxFQUNMLEdBQUcsSUFBSSxtQkFBbUIsRUFDMUI7UUFDRSxnQkFBZ0IsRUFBRSxJQUFJO1FBQ3RCLFdBQVc7UUFDWCxVQUFVLEVBQUUsSUFBSTtRQUNoQixVQUFVLEVBQUUsVUFBVSxJQUFJLElBQUksQ0FBQyxRQUFRO1FBQ3ZDLFdBQVcsRUFBRSxJQUFJLGdEQUF1QixDQUFDLEtBQUssRUFBRSxJQUFJLEVBQUU7WUFDcEQsVUFBVSxFQUFFLFVBQVUsSUFBSSxJQUFJLENBQUMsUUFBUTtZQUN2QyxVQUFVLEVBQUUsSUFBSTtTQUNqQixDQUFDO1FBQ0YsUUFBUSxFQUFFLGdEQUFtQixDQUFDLEtBQUs7UUFDbkMsR0FBRyxFQUFFLEdBQUc7UUFDUixjQUFjLEVBQUUsSUFBSTtRQUNwQixnQkFBZ0IsRUFBRTtZQUNoQixhQUFhLEVBQUUsSUFBSTtZQUNuQixLQUFLLEVBQUUsd0JBQWMsQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsVUFBVSxFQUFFLEdBQUcsQ0FBQztZQUMvRCxhQUFhLEVBQUUsSUFBSTtZQUNuQixXQUFXO1lBQ1gsU0FBUyxFQUFFLG9CQUFVLENBQUMsT0FBTyxDQUFDO2dCQUM1QixZQUFZLEVBQUUsSUFBSTtnQkFDbEIsUUFBUSxFQUFFLElBQUksbUJBQVEsQ0FBQyxLQUFLLEVBQUUsR0FBRyxJQUFJLFVBQVUsRUFBRTtvQkFDL0MsNERBQTREO29CQUM1RCw2Q0FBNkM7b0JBQzdDLFlBQVksRUFBRSxJQUFJLEtBQUssQ0FBQyxTQUFTLFFBQVEsSUFBSSxFQUFFO29CQUMvQyxhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO29CQUNwQyxTQUFTLEVBQUUsd0JBQWEsQ0FBQyxZQUFZO2lCQUN0QyxDQUFDO2FBQ0gsQ0FBQztTQUNIO1FBQ0QsWUFBWSxFQUFFLENBQUM7UUFDZixHQUFHLEVBQUUsTUFBTSxDQUFDLEdBQUc7UUFDZixpSUFBaUk7UUFDakksY0FBYyxFQUFFLElBQUk7S0FDckIsQ0FDRixDQUFDO0lBQ0YsTUFBTSxDQUFDLGlCQUFpQixDQUFDLFlBQVksQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFDLGdCQUFnQjtJQUVyRSxJQUFJLFNBQVMsRUFBRSxDQUFDO1FBQ2QsZ0VBQWdFO1FBQ2hFLG9FQUFvRTtRQUNwRSxNQUFNLEVBQUUsSUFBSSxFQUFFLEdBQUcsTUFBTSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQztRQUNsRCxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBZSxDQUFDO1FBQzNELFVBQVUsQ0FBQyxZQUFZLEdBQUcsQ0FBQyxDQUFDO0lBQzlCLENBQUM7SUFFRCxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgRG5zVmFsaWRhdGVkQ2VydGlmaWNhdGUgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtY2VydGlmaWNhdGVtYW5hZ2VyJztcbmltcG9ydCB7IFJlbW92YWxQb2xpY3ksIFN0YWNrIH0gZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0IHsgQXBwbGljYXRpb25Qcm90b2NvbCB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1lbGFzdGljbG9hZGJhbGFuY2luZ3YyJztcbmltcG9ydCB7IFN1Ym5ldFR5cGUsIFZwYyB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1lYzInO1xuaW1wb3J0IHsgQXBwbGljYXRpb25Mb2FkQmFsYW5jZWRGYXJnYXRlU2VydmljZSB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1lY3MtcGF0dGVybnMnO1xuaW1wb3J0IHsgUmVwb3NpdG9yeSB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1lY3InO1xuaW1wb3J0IHsgSUhvc3RlZFpvbmUgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3Mtcm91dGU1Myc7XG5pbXBvcnQgeyBDZm5TZXJ2aWNlLCBDb250YWluZXJJbWFnZSwgTG9nRHJpdmVycyB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1lY3MnO1xuaW1wb3J0IHsgTG9nR3JvdXAsIFJldGVudGlvbkRheXMgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtbG9ncyc7XG5pbXBvcnQgeyBFY3JSZXBvc2l0b3J5IH0gZnJvbSAnLi4vRWNyUmVwb3NpdG9yeSc7XG5cbmludGVyZmFjZSBEZXBsb3ltZW50IHtcbiAgcmVwb3NpdG9yeTogUmVwb3NpdG9yeSxcbiAgYWxiRmFyZ2F0ZVNlcnZpY2U6IEFwcGxpY2F0aW9uTG9hZEJhbGFuY2VkRmFyZ2F0ZVNlcnZpY2UsXG4gIHZwYzogVnBjLFxuIH1cblxuLyoqXG4gKiBAZGVwcmVjYXRlZCBVc2UgRmFyZ2F0ZUNvbnRhaW5lciBpbnN0ZWFkXG4gKlxuICogQnVpbGRzIGFuIEFwcGxpY2F0aW9uTG9hZEJhbGFuY2VkRmFyZ2F0ZVNlcnZpY2VcbiAqIEBwYXJhbSBzdGFjayBQYXJlbnQgQ0RLIHN0YWNrXG4gKiBAcGFyYW0gbmFtZSBCYXNlIG5hbWUgZm9yIHJlc291cmNlcyAvIHJlc291cmNlIElEc1xuICogQHBhcmFtIHpvbmUgRE5TIHpvbmVcbiAqIEBwYXJhbSBlbnZpcm9ubWVudCBBbnkgZW52aXJvbm1lbnQgdmFyaWFibGVzXG4gKiBAcGFyYW0gemVyb1Rhc2tzIFNldHMgdGFzayBjb3VudCB0byB6ZXJvIC0gdXNlZnVsIGlmIHlvdSBkb24ndCBoYXZlIGFuIGltYWdlIGluIEVDUiB5ZXQuXG4gKiBAcGFyYW0gdnBjIE9wdGlvbmFsIFZQQyB0byBob3N0IHRoZSBjbHVzdGVyIGluXG4gKiBAcmV0dXJucyBEZXBseW1lbnQgZGV0YWlzXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBmYXJnYXRlKFxuICBzdGFjazogU3RhY2ssXG4gIG5hbWU6IHN0cmluZyxcbiAgc2VydmljZU5hbWU6IHN0cmluZyxcbiAgem9uZTogSUhvc3RlZFpvbmUsXG4gIGRvbWFpbk5hbWU/OiBzdHJpbmcsXG4gIGVudmlyb25tZW50OiB7IFtrZXk6IHN0cmluZ106IHN0cmluZzsgfSA9IHt9LFxuICByZXBvc2l0b3J5OiBSZXBvc2l0b3J5IHwgdW5kZWZpbmVkID0gdW5kZWZpbmVkLFxuICB0YWc6IHN0cmluZyA9ICdsYXRlc3QnLFxuICB6ZXJvVGFza3M6IGJvb2xlYW4gPSBmYWxzZSxcbiAgdnBjOiBWcGMgfCB1bmRlZmluZWQgPSB1bmRlZmluZWQsXG4pOiBEZXBsb3ltZW50IHtcbiAgY29uc3QgcmVzdWx0OiBEZXBsb3ltZW50ID0gPERlcGxveW1lbnQ+e307XG5cbiAgLy8gQ29udGFpbmVyIHJlcG9zaXRvcnlcbiAgcmVzdWx0LnJlcG9zaXRvcnkgPSByZXBvc2l0b3J5IHx8IG5ldyBFY3JSZXBvc2l0b3J5KHN0YWNrLCBuYW1lKTtcbiAgLy8gSXQgc2VlbXMgbGlrZSBOQVQgZ2F0ZXdheXMgYXJlIGNvc3RseSwgc28gSSd2ZSBzZXQgdGhpcyB1cCB0byBhdm9pZCB0aGF0IC0gb25seSBjcmVhdGluZyBvbmUuXG4gIC8vIEF0IHNvbWUgcG9pbnQgd2UgbWF5IHdhbnQgdG8gZmlndXJlIG91dCBhIHByaXZ0ZSBlbmRwb2ludCBzbyB0aGF0IHdlIGNhbiByZXRpcmUgdGhlIE5BVC5cbiAgLy8gQmFzZWQgb246IGh0dHBzOi8vd3d3LmJpbmFyeXRoaW5rdGFuay5jb20vYmxvZy90cnVseS1zZXJ2ZXJsZXNzLWNvbnRhaW5lclxuICAvLyBhbmQgaHR0cHM6Ly9zdGFja292ZXJmbG93LmNvbS9xdWVzdGlvbnMvNjQyOTk2NjQvaG93LXRvLWNvbmZpZ3VyZS1hd3MtY2RrLWFwcGxpY2F0aW9ubG9hZGJhbGFuY2VkZmFyZ2F0ZXNlcnZpY2UtdG8tbG9nLXBhcnNlZC1qc29cbiAgcmVzdWx0LnZwYyA9IHZwYyB8fCBuZXcgVnBjKHN0YWNrLCBgJHtuYW1lfVZwY2AsIHtcbiAgICBuYXRHYXRld2F5czogMSxcbiAgICBzdWJuZXRDb25maWd1cmF0aW9uOiBbe1xuICAgICAgbmFtZSxcbiAgICAgIHN1Ym5ldFR5cGU6IFN1Ym5ldFR5cGUuUFVCTElDLFxuICAgIH1dLFxuICB9KTtcblxuICAvLyBGYXJnYXRlXG4gIHJlc3VsdC5hbGJGYXJnYXRlU2VydmljZSA9IG5ldyBBcHBsaWNhdGlvbkxvYWRCYWxhbmNlZEZhcmdhdGVTZXJ2aWNlKFxuICAgIHN0YWNrLFxuICAgIGAke25hbWV9QWxiRmFyZ2F0ZVNlcnZpY2VgLFxuICAgIHtcbiAgICAgIGxvYWRCYWxhbmNlck5hbWU6IG5hbWUsXG4gICAgICBzZXJ2aWNlTmFtZSxcbiAgICAgIGRvbWFpblpvbmU6IHpvbmUsXG4gICAgICBkb21haW5OYW1lOiBkb21haW5OYW1lIHx8IHpvbmUuem9uZU5hbWUsXG4gICAgICBjZXJ0aWZpY2F0ZTogbmV3IERuc1ZhbGlkYXRlZENlcnRpZmljYXRlKHN0YWNrLCBuYW1lLCB7XG4gICAgICAgIGRvbWFpbk5hbWU6IGRvbWFpbk5hbWUgfHwgem9uZS56b25lTmFtZSxcbiAgICAgICAgaG9zdGVkWm9uZTogem9uZSxcbiAgICAgIH0pLFxuICAgICAgcHJvdG9jb2w6IEFwcGxpY2F0aW9uUHJvdG9jb2wuSFRUUFMsXG4gICAgICBjcHU6IDUxMixcbiAgICAgIG1lbW9yeUxpbWl0TWlCOiAxMDI0LFxuICAgICAgdGFza0ltYWdlT3B0aW9uczoge1xuICAgICAgICBjb250YWluZXJOYW1lOiBuYW1lLFxuICAgICAgICBpbWFnZTogQ29udGFpbmVySW1hZ2UuZnJvbUVjclJlcG9zaXRvcnkocmVzdWx0LnJlcG9zaXRvcnksIHRhZyksXG4gICAgICAgIGNvbnRhaW5lclBvcnQ6IDMwMDAsXG4gICAgICAgIGVudmlyb25tZW50LFxuICAgICAgICBsb2dEcml2ZXI6IExvZ0RyaXZlcnMuYXdzTG9ncyh7XG4gICAgICAgICAgc3RyZWFtUHJlZml4OiBuYW1lLFxuICAgICAgICAgIGxvZ0dyb3VwOiBuZXcgTG9nR3JvdXAoc3RhY2ssIGAke25hbWV9TG9nR3JvdXBgLCB7XG4gICAgICAgICAgICAvLyBFbnN1cmUgdGhlIGxvZyBncm91cCBpcyBkZWxldGVkIHdoZW4gdGhlIHN0YWNrIGlzIGRlbGV0ZWRcbiAgICAgICAgICAgIC8vIGFuZCB0aGF0IGxvZ3MgYXJlbid0IHJldGFpbmVkIGluZGVmaW5pdGVseVxuICAgICAgICAgICAgbG9nR3JvdXBOYW1lOiBgLyR7c3RhY2suc3RhY2tOYW1lfS9lY3MvJHtuYW1lfWAsXG4gICAgICAgICAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgICAgICAgICByZXRlbnRpb246IFJldGVudGlvbkRheXMuVEhSRUVfTU9OVEhTLFxuICAgICAgICAgIH0pLFxuICAgICAgICB9KSxcbiAgICAgIH0sXG4gICAgICBkZXNpcmVkQ291bnQ6IDIsXG4gICAgICB2cGM6IHJlc3VsdC52cGMsXG4gICAgICAvLyA/IGh0dHBzOi8vc3RhY2tvdmVyZmxvdy5jb20vcXVlc3Rpb25zLzY3MzAxMjY4L2F3cy1mYXJnYXRlLXJlc291cmNlaW5pdGlhbGl6YXRpb25lcnJvci11bmFibGUtdG8tcHVsbC1zZWNyZXRzLW9yLXJlZ2lzdHJ5LWF1dGhcbiAgICAgIGFzc2lnblB1YmxpY0lwOiB0cnVlLFxuICAgIH0sXG4gICk7XG4gIHJlc3VsdC5hbGJGYXJnYXRlU2VydmljZS5sb2FkQmFsYW5jZXIuYWRkUmVkaXJlY3QoKTsgLy8gaHR0cCAtPiBodHRwc1xuXG4gIGlmICh6ZXJvVGFza3MpIHtcbiAgICAvLyBPbiB0aGUgZmlyc3QgZGVwbG95LCB3aGVuIHRoZXJlJ3Mgbm8gaW1hZ2UgaW4gdGhlIHJlcG9zaXRvcnk6XG4gICAgLy8gaHR0cHM6Ly9naXRodWIuY29tL2F3cy9hd3MtY2RrL2lzc3Vlcy8zNjQ2I2lzc3VlY29tbWVudC02MjM5MTkyNDJcbiAgICBjb25zdCB7IG5vZGUgfSA9IHJlc3VsdC5hbGJGYXJnYXRlU2VydmljZS5zZXJ2aWNlO1xuICAgIGNvbnN0IGNmblNlcnZpY2UgPSBub2RlLmZpbmRDaGlsZCgnU2VydmljZScpIGFzIENmblNlcnZpY2U7XG4gICAgY2ZuU2VydmljZS5kZXNpcmVkQ291bnQgPSAwO1xuICB9XG5cbiAgcmV0dXJuIHJlc3VsdDtcbn1cbiJdfQ==