cdk-nextjs
Version:
Deploy Next.js apps on AWS with CDK
78 lines • 9.76 kB
JavaScript
;
var _a;
Object.defineProperty(exports, "__esModule", { value: true });
exports.NextjsVpc = void 0;
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
const aws_ec2_1 = require("aws-cdk-lib/aws-ec2");
const constructs_1 = require("constructs");
const constants_1 = require("./constants");
/**
* cdk-nextjs requires a VPC because of the use of EFS but if you're building on
* AWS you probably already need one for other resources (i.e. RDS/Aurora).
* You can provide your own VPC via `overrides.nextjsVpc.vpc` but you'll be
* responsible for creating the VPC. All cdk-nextjs constructs require a
* `SubnetType.PRIVATE_ISOLATED` subnet for EFS and `SubnetType.PRIVATE_WITH_EGRESS`
* for compute. `NextjsRegionalContainers` requires a `SubnetType.PUBLIC`
* subnet for CloudFront to reach the ALB. `NextjsGlobalFunctions` and
* `NextjsGlobalContainers` don't require a `SubnetType.PUBLIC` subnet because
* CloudFront accesses their compute securely through Function URL and VPC
* Origin Access.
*
* Note, if you use `NextjsVpc` then the default CDK VPC will be created
* for you with 2 AZs of all 3 types of subnets with a NAT Gateway in your
* `SubnetType.PUBLIC` subnet to allow for secure internet access from your
* `SubnetType.PRIVATE_WITH_EGRESS` subnet. This is recommended by AWS, but
* it costs $65/month for 2 AZs. See examples/low-cost for alternative.
*
* @see https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2-readme.html#subnet-types
*/
class NextjsVpc extends constructs_1.Construct {
constructor(scope, id, props) {
super(scope, id);
this.props = props;
if (props.vpc) {
this.vpc = props.vpc;
}
else {
this.vpc = props.vpc ?? this.createVpc();
this.createVpcEndpoints();
}
}
createVpc() {
return new aws_ec2_1.Vpc(this, "Vpc", {
maxAzs: 2, // might want 3 in production
subnetConfiguration: [
// NAT Gateway and ALB for NextjsRegionalContainers live in Public subnets
{ name: "Public", subnetType: aws_ec2_1.SubnetType.PUBLIC },
// All compute and ALB for NextjsGlobalContainers lives in PrivateWithEgress subnets
{
name: "PrivateWithEgress",
subnetType: aws_ec2_1.SubnetType.PRIVATE_WITH_EGRESS,
},
// EFS lives in PrivateIsolated subnets
{ name: "PrivateIsolated", subnetType: aws_ec2_1.SubnetType.PRIVATE_ISOLATED },
],
...this.props.overrides?.vpcProps,
});
}
/**
* Best practice is to use VPC endpoints between VPC and serverless resources
* so that traffic does not go over public internet.
*
* While gateway endpoints are free, interface endpoints (use PrivateLink)
* cost ~$7/month/az.
*
* @see https://www.alexdebrie.com/posts/aws-lambda-vpc/#set-up-a-vpc-endpoint-for-your-aws-service
*/
createVpcEndpoints() {
if (this.props.nextjsType === constants_1.NextjsType.GLOBAL_FUNCTIONS) {
this.vpc.addInterfaceEndpoint("SqsInterfaceEndpoint", {
service: aws_ec2_1.InterfaceVpcEndpointAwsService.SQS,
});
}
}
}
exports.NextjsVpc = NextjsVpc;
_a = JSII_RTTI_SYMBOL_1;
NextjsVpc[_a] = { fqn: "cdk-nextjs.NextjsVpc", version: "0.4.14" };
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibmV4dGpzLXZwYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9uZXh0anMtdnBjLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsaURBSzZCO0FBQzdCLDJDQUF1QztBQUN2QywyQ0FBeUM7QUFtQnpDOzs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBbUJHO0FBQ0gsTUFBYSxTQUFVLFNBQVEsc0JBQVM7SUFLdEMsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUFxQjtRQUM3RCxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ2pCLElBQUksQ0FBQyxLQUFLLEdBQUcsS0FBSyxDQUFDO1FBQ25CLElBQUksS0FBSyxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ2QsSUFBSSxDQUFDLEdBQUcsR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDO1FBQ3ZCLENBQUM7YUFBTSxDQUFDO1lBQ04sSUFBSSxDQUFDLEdBQUcsR0FBRyxLQUFLLENBQUMsR0FBRyxJQUFJLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUN6QyxJQUFJLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztRQUM1QixDQUFDO0lBQ0gsQ0FBQztJQUVPLFNBQVM7UUFDZixPQUFPLElBQUksYUFBRyxDQUFDLElBQUksRUFBRSxLQUFLLEVBQUU7WUFDMUIsTUFBTSxFQUFFLENBQUMsRUFBRSw2QkFBNkI7WUFDeEMsbUJBQW1CLEVBQUU7Z0JBQ25CLDBFQUEwRTtnQkFDMUUsRUFBRSxJQUFJLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxvQkFBVSxDQUFDLE1BQU0sRUFBRTtnQkFDakQsb0ZBQW9GO2dCQUNwRjtvQkFDRSxJQUFJLEVBQUUsbUJBQW1CO29CQUN6QixVQUFVLEVBQUUsb0JBQVUsQ0FBQyxtQkFBbUI7aUJBQzNDO2dCQUNELHVDQUF1QztnQkFDdkMsRUFBRSxJQUFJLEVBQUUsaUJBQWlCLEVBQUUsVUFBVSxFQUFFLG9CQUFVLENBQUMsZ0JBQWdCLEVBQUU7YUFDckU7WUFDRCxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxFQUFFLFFBQVE7U0FDbEMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOzs7Ozs7OztPQVFHO0lBQ0ssa0JBQWtCO1FBQ3hCLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLEtBQUssc0JBQVUsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQzFELElBQUksQ0FBQyxHQUFHLENBQUMsb0JBQW9CLENBQUMsc0JBQXNCLEVBQUU7Z0JBQ3BELE9BQU8sRUFBRSx3Q0FBOEIsQ0FBQyxHQUFHO2FBQzVDLENBQUMsQ0FBQztRQUNMLENBQUM7SUFDSCxDQUFDOztBQWpESCw4QkFrREMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQge1xuICBJbnRlcmZhY2VWcGNFbmRwb2ludEF3c1NlcnZpY2UsXG4gIElWcGMsXG4gIFN1Ym5ldFR5cGUsXG4gIFZwYyxcbn0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1lYzJcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyBOZXh0anNUeXBlIH0gZnJvbSBcIi4vY29uc3RhbnRzXCI7XG5pbXBvcnQgeyBPcHRpb25hbFZwY1Byb3BzIH0gZnJvbSBcIi4vZ2VuZXJhdGVkLXN0cnVjdHMvT3B0aW9uYWxWcGNQcm9wc1wiO1xuXG5leHBvcnQgaW50ZXJmYWNlIE5leHRqc1ZwY092ZXJyaWRlcyB7XG4gIHJlYWRvbmx5IHZwY1Byb3BzPzogT3B0aW9uYWxWcGNQcm9wcztcbn1cblxuZXhwb3J0IGludGVyZmFjZSBOZXh0anNWcGNQcm9wcyB7XG4gIHJlYWRvbmx5IG5leHRqc1R5cGU6IE5leHRqc1R5cGU7XG4gIC8qKlxuICAgKiBPdmVycmlkZSBhbnkgY29uc3RydWN0LlxuICAgKi9cbiAgcmVhZG9ubHkgb3ZlcnJpZGVzPzogTmV4dGpzVnBjT3ZlcnJpZGVzO1xuICAvKipcbiAgICogQnJpbmcgeW91ciBvd24gVlBDLlxuICAgKi9cbiAgcmVhZG9ubHkgdnBjPzogSVZwYztcbn1cblxuLyoqXG4gKiBjZGstbmV4dGpzIHJlcXVpcmVzIGEgVlBDIGJlY2F1c2Ugb2YgdGhlIHVzZSBvZiBFRlMgYnV0IGlmIHlvdSdyZSBidWlsZGluZyBvblxuICogQVdTIHlvdSBwcm9iYWJseSBhbHJlYWR5IG5lZWQgb25lIGZvciBvdGhlciByZXNvdXJjZXMgKGkuZS4gUkRTL0F1cm9yYSkuXG4gKiBZb3UgY2FuIHByb3ZpZGUgeW91ciBvd24gVlBDIHZpYSBgb3ZlcnJpZGVzLm5leHRqc1ZwYy52cGNgIGJ1dCB5b3UnbGwgYmVcbiAqIHJlc3BvbnNpYmxlIGZvciBjcmVhdGluZyB0aGUgVlBDLiBBbGwgY2RrLW5leHRqcyBjb25zdHJ1Y3RzIHJlcXVpcmUgYVxuICogYFN1Ym5ldFR5cGUuUFJJVkFURV9JU09MQVRFRGAgc3VibmV0IGZvciBFRlMgYW5kIGBTdWJuZXRUeXBlLlBSSVZBVEVfV0lUSF9FR1JFU1NgXG4gKiBmb3IgY29tcHV0ZS4gYE5leHRqc1JlZ2lvbmFsQ29udGFpbmVyc2AgcmVxdWlyZXMgYSBgU3VibmV0VHlwZS5QVUJMSUNgXG4gKiBzdWJuZXQgZm9yIENsb3VkRnJvbnQgdG8gcmVhY2ggdGhlIEFMQi4gYE5leHRqc0dsb2JhbEZ1bmN0aW9uc2AgYW5kXG4gKiBgTmV4dGpzR2xvYmFsQ29udGFpbmVyc2AgZG9uJ3QgcmVxdWlyZSBhIGBTdWJuZXRUeXBlLlBVQkxJQ2Agc3VibmV0IGJlY2F1c2VcbiAqIENsb3VkRnJvbnQgYWNjZXNzZXMgdGhlaXIgY29tcHV0ZSBzZWN1cmVseSB0aHJvdWdoIEZ1bmN0aW9uIFVSTCBhbmQgVlBDXG4gKiBPcmlnaW4gQWNjZXNzLlxuICpcbiAqIE5vdGUsIGlmIHlvdSB1c2UgYE5leHRqc1ZwY2AgdGhlbiB0aGUgZGVmYXVsdCBDREsgVlBDIHdpbGwgYmUgY3JlYXRlZFxuICogZm9yIHlvdSB3aXRoIDIgQVpzIG9mIGFsbCAzIHR5cGVzIG9mIHN1Ym5ldHMgd2l0aCBhIE5BVCBHYXRld2F5IGluIHlvdXJcbiAqIGBTdWJuZXRUeXBlLlBVQkxJQ2Agc3VibmV0IHRvIGFsbG93IGZvciBzZWN1cmUgaW50ZXJuZXQgYWNjZXNzIGZyb20geW91clxuICogYFN1Ym5ldFR5cGUuUFJJVkFURV9XSVRIX0VHUkVTU2Agc3VibmV0LiBUaGlzIGlzIHJlY29tbWVuZGVkIGJ5IEFXUywgYnV0XG4gKiBpdCBjb3N0cyAkNjUvbW9udGggZm9yIDIgQVpzLiBTZWUgZXhhbXBsZXMvbG93LWNvc3QgZm9yIGFsdGVybmF0aXZlLlxuICpcbiAqIEBzZWUgaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL2Nkay9hcGkvdjIvZG9jcy9hd3MtY2RrLWxpYi5hd3NfZWMyLXJlYWRtZS5odG1sI3N1Ym5ldC10eXBlc1xuICovXG5leHBvcnQgY2xhc3MgTmV4dGpzVnBjIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgdnBjOiBJVnBjO1xuXG4gIHByaXZhdGUgcHJvcHM6IE5leHRqc1ZwY1Byb3BzO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBOZXh0anNWcGNQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG4gICAgdGhpcy5wcm9wcyA9IHByb3BzO1xuICAgIGlmIChwcm9wcy52cGMpIHtcbiAgICAgIHRoaXMudnBjID0gcHJvcHMudnBjO1xuICAgIH0gZWxzZSB7XG4gICAgICB0aGlzLnZwYyA9IHByb3BzLnZwYyA/PyB0aGlzLmNyZWF0ZVZwYygpO1xuICAgICAgdGhpcy5jcmVhdGVWcGNFbmRwb2ludHMoKTtcbiAgICB9XG4gIH1cblxuICBwcml2YXRlIGNyZWF0ZVZwYygpIHtcbiAgICByZXR1cm4gbmV3IFZwYyh0aGlzLCBcIlZwY1wiLCB7XG4gICAgICBtYXhBenM6IDIsIC8vIG1pZ2h0IHdhbnQgMyBpbiBwcm9kdWN0aW9uXG4gICAgICBzdWJuZXRDb25maWd1cmF0aW9uOiBbXG4gICAgICAgIC8vIE5BVCBHYXRld2F5IGFuZCBBTEIgZm9yIE5leHRqc1JlZ2lvbmFsQ29udGFpbmVycyBsaXZlIGluIFB1YmxpYyBzdWJuZXRzXG4gICAgICAgIHsgbmFtZTogXCJQdWJsaWNcIiwgc3VibmV0VHlwZTogU3VibmV0VHlwZS5QVUJMSUMgfSxcbiAgICAgICAgLy8gQWxsIGNvbXB1dGUgYW5kIEFMQiBmb3IgTmV4dGpzR2xvYmFsQ29udGFpbmVycyBsaXZlcyBpbiBQcml2YXRlV2l0aEVncmVzcyBzdWJuZXRzXG4gICAgICAgIHtcbiAgICAgICAgICBuYW1lOiBcIlByaXZhdGVXaXRoRWdyZXNzXCIsXG4gICAgICAgICAgc3VibmV0VHlwZTogU3VibmV0VHlwZS5QUklWQVRFX1dJVEhfRUdSRVNTLFxuICAgICAgICB9LFxuICAgICAgICAvLyBFRlMgbGl2ZXMgaW4gUHJpdmF0ZUlzb2xhdGVkIHN1Ym5ldHNcbiAgICAgICAgeyBuYW1lOiBcIlByaXZhdGVJc29sYXRlZFwiLCBzdWJuZXRUeXBlOiBTdWJuZXRUeXBlLlBSSVZBVEVfSVNPTEFURUQgfSxcbiAgICAgIF0sXG4gICAgICAuLi50aGlzLnByb3BzLm92ZXJyaWRlcz8udnBjUHJvcHMsXG4gICAgfSk7XG4gIH1cblxuICAvKipcbiAgICogQmVzdCBwcmFjdGljZSBpcyB0byB1c2UgVlBDIGVuZHBvaW50cyBiZXR3ZWVuIFZQQyBhbmQgc2VydmVybGVzcyByZXNvdXJjZXNcbiAgICogc28gdGhhdCB0cmFmZmljIGRvZXMgbm90IGdvIG92ZXIgcHVibGljIGludGVybmV0LlxuICAgKlxuICAgKiBXaGlsZSBnYXRld2F5IGVuZHBvaW50cyBhcmUgZnJlZSwgaW50ZXJmYWNlIGVuZHBvaW50cyAodXNlIFByaXZhdGVMaW5rKVxuICAgKiBjb3N0IH4kNy9tb250aC9hei5cbiAgICpcbiAgICogQHNlZSBodHRwczovL3d3dy5hbGV4ZGVicmllLmNvbS9wb3N0cy9hd3MtbGFtYmRhLXZwYy8jc2V0LXVwLWEtdnBjLWVuZHBvaW50LWZvci15b3VyLWF3cy1zZXJ2aWNlXG4gICAqL1xuICBwcml2YXRlIGNyZWF0ZVZwY0VuZHBvaW50cygpIHtcbiAgICBpZiAodGhpcy5wcm9wcy5uZXh0anNUeXBlID09PSBOZXh0anNUeXBlLkdMT0JBTF9GVU5DVElPTlMpIHtcbiAgICAgIHRoaXMudnBjLmFkZEludGVyZmFjZUVuZHBvaW50KFwiU3FzSW50ZXJmYWNlRW5kcG9pbnRcIiwge1xuICAgICAgICBzZXJ2aWNlOiBJbnRlcmZhY2VWcGNFbmRwb2ludEF3c1NlcnZpY2UuU1FTLFxuICAgICAgfSk7XG4gICAgfVxuICB9XG59XG4iXX0=