CDK包
aws-cdk.aws-ec2
aws-cdk.aws-ecs
aws-cdk.aws-autoscaling
aws-cdk.aws-elasticloadbalancingv2
CDK APP
#!/usr/bin/env python3
import os
from aws_cdk import core as cdk
from aws_cdk import core
from liu_cdk.liu_cdk_stack import LiuStack
from liu_cdk.bastion import BastionStack
from liu_cdk.elbasg import Ec2Stack
from ecs.ecs import EcsStack
app core.App()
vpc_stack LiuStack(app, VpcStack ,
)
BastionStack(app, BastionStack1 ,
vpc vpc_stack.vpc,
sg_bastion vpc_stack.sgbastion
)
Ec2Stack(app , Ec2Stack ,
vpc vpc_stack.vpc,
ec2_sg vpc_stack.sgecc,
alb_sg vpc_stack.sgalb,
)
EcsStack(app, EcsStack ,
vpc vpc_stack.vpc,
)
app.synth()
CDK VPC
from aws_cdk import (core,aws_ec2 as ec2)
class LiuStack(core.Stack):
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) - None:
super().__init__(scope, construct_id, **kwargs)
self.vpc ec2.Vpc(self, testvpc ,
#两个可用区
max_azs 2,
#CIDR地址池
cidr 10.10.0.0/16 ,
#创建2个公网子网 两个私网子网 两个隔离子网
subnet_configuration [ec2.SubnetConfiguration(
subnet_type ec2.SubnetType.PUBLIC,
name Public ,
cidr_mask 24
), ec2.SubnetConfiguration(
subnet_type ec2.SubnetType.PRIVATE,
name Private ,
cidr_mask 24
), ec2.SubnetConfiguration(
subnet_type ec2.SubnetType.ISOLATED,
name DB ,
cidr_mask 24
)
],
#两个nat网关
nat_gateways 2,
)
#创建alb安全组
self.sgalb ec2.SecurityGroup(self, sg_alb ,
#选择vpc
vpc self.vpc ,
#自定义安全组名称
security_group_name sg_alb ,
#默认关闭所有出站流量
allow_all_outbound True
)
#alb接收所有地址的80端口访问
self.sgalb.connections.allow_from_any_ipv4(ec2.Port.tcp(80))
#创建堡垒机安全组
self.sgbastion ec2.SecurityGroup(self, sg_bastion ,
vpc self.vpc,
security_group_name sg_bastion ,
allow_all_outbound True
)
#堡垒机接受所有ip地址的22端口访问
self.sgbastion.connections.allow_from_any_ipv4(ec2.Port.tcp(22))
#创建ec2安全组
self.sgecc ec2.SecurityGroup(self, sg_ec2 ,
vpc self.vpc ,
security_group_name sg_ec2 ,
allow_all_outbound True
)
#安全组接收alb的7777端口流量
self.sgecc.connections.allow_from(self.sgalb,ec2.Port.tcp(7777))
#安全组接收堡垒机22端口访问
self.sgecc.connections.allow_from(self.sgbastion,ec2.Port.tcp(22))
#创建rds安全组
self.sgrds ec2.SecurityGroup(self, sg_rds ,
vpc self.vpc ,
security_group_name sg_rds ,
allow_all_outbound True
)
#rds接收ec2 3306端口访问
self.sgrds.connections.allow_from(self.sgecc,ec2.Port.tcp(3306))
#rds接收堡垒机3306端口访问
self.sgrds.connections.allow_from(self.sgbastion,ec2.Port.tcp(3306))
#efs安全组
sgnfs ec2.SecurityGroup(self, sg_efs ,
vpc self.vpc ,
security_group_name sg_efs ,
allow_all_outbound True
)
sgnfs.connections.allow_from(self.sgecc,ec2.Port.tcp(2049))
#Memcached安全组 要接收ec2 11211 流量
sgMche ec2.SecurityGroup(self, sg_che ,
vpc self.vpc,
security_group_name sg_che ,
allow_all_outbound True
)
sgMche.connections.allow_from(self.sgecc,ec2.Port.tcp(11211))
#输出配置
core.CfnOutput(self, Output_vpc ,
value self.vpc.vpc_id)
core.CfnOutput(self, Output_sgalb ,
value self.sgalb.security_group_id)
core.CfnOutput(self, Output_sgec2 ,
value self.sgecc.security_group_id)
core.CfnOutput(self, Output_sgres ,
value self.sgrds.security_group_id)
core.CfnOutput(self, Outpur_sgbastionb ,
value self.sgbastion.security_group_id)
CDK Bastion
from aws_cdk import (core,aws_ec2 as ec2)
key_name bastionkey
#CLI 创建密钥
# aws ec2 create-key-pair --key-name hello --query hello --output text hello.pem
# aws ec2 create-key-pair --key-name Bastion --query Bastion --output text Bastion.pem
# aws ec2 create-key-pair --key-name MyKeyPair --query MyKeyPair --output text MyKeyPair.pem
# aws ec2 delete-key-pair --key-name MyKeyPair
# efs 挂载工具 sudo yum install -y amazon-efs-utils mkdir /efs
class BastionStack(core.Stack):
def __init__(self, scope: core.Construct, construct_id: str,vpc,sg_bastion, **kwargs) - None:
super().__init__(scope, construct_id, **kwargs)
#堡垒机
# bastion ec2.BastionHostLinux(self, myBastion ,
# vpc vpc,
# subnet_selection ec2.SubnetSelection(
# subnet_type ec2.SubnetType.PUBLIC),
# instance_name myBastionHostLinux ,
# instance_type ec2.InstanceType(instance_type_identifier t2.micro ) ,
# security_group sg_bastion
# )
#使用ec2自制堡垒机
bastion ec2.Instance(self, myBastion ,
vpc vpc,
instance_name myBastionHostLinux ,
machine_image ec2.MachineImage.latest_amazon_linux(
generation ec2.AmazonLinuxGeneration.AMAZON_LINUX_2),
vpc_subnets ec2.SubnetSelection(subnet_type ec2.SubnetType.PUBLIC),
key_name key_name,
security_group sg_bastion,
instance_type ec2.InstanceType(instance_type_identifier t2.micro )
)
core.CfnOutput(self, Outpur_bastion ,
value bastion.instance_public_ip)
CDK elb
from aws_cdk import (core,
aws_ec2 as ec2,
aws_elasticloadbalancingv2 as elb,
aws_autoscaling as autoscaling
)
ec2_type t2.micro
#定义密钥
key_name hello
#导入用户数据文件
with open( ../userdata/data.sh ) as f:
user_data f.read()
class Ec2Stack(core.Stack):
def __init__(self, scope: core.Construct, construct_id: str,vpc,ec2_sg,alb_sg, **kwargs) - None:
super().__init__(scope, construct_id, **kwargs)
#选择AMI镜像
ami_linux ec2.MachineImage.latest_amazon_linux(
#选择第2代亚马逊linux
generation ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
#选择linux版本有 minimal 和 standard 两种
edition ec2.AmazonLinuxEdition.STANDARD,
#选择虚拟化类型 有 HVM 和 PV 可不配置默认HVM
virtualization ec2.AmazonLinuxVirt.HVM,
#选择存储类型 EBS 和 GENERAL_PURPOSE
storage ec2.AmazonLinuxStorage.EBS
)
#创建alb
alb elb.ApplicationLoadBalancer(self, helloALB ,
vpc vpc,
security_group alb_sg,
internet_facing True,
load_balancer_name helloALB
)
#监听80端口
listener alb.add_listener( my80 ,
port 80,
open True
)
#创建 AutoScaling组
asg autoscaling.AutoScalingGroup(self, myautoscaling ,
vpc vpc,
#实例启动在私网子网
vpc_subnets ec2.SubnetSelection(subnet_type ec2.SubnetType.PRIVATE),
#实例类型
instance_type ec2.InstanceType(instance_type_identifier ec2_type),
#实例镜像
machine_image ami_linux,
#实例密钥
key_name key_name,
security_group ec2_sg,
#实例用户数据
user_data ec2.UserData.custom(user_data),
#需求2实例
desired_capacity 1,
#最小与最大弹性伸缩
min_capacity 1,
max_capacity 5
)
#创建alb目标组
listener.add_targets( addTargetGroup ,
protocol elb.ApplicationProtocol.HTTP,
port 7777,
#目标组为AutoScaling组
targets [asg]
)
#输出alb的dns地址
core.CfnOutput(self, Output ,
value alb.load_balancer_dns_name
)
data.sh
#!/bin/bash -xe
yum install -y wget
wget https://yc-helloworld.s3.ap-northeast-1.amazonaws.com/server_demo -O /root/server_demo
wget https://yc-helloworld.s3.ap-northeast-1.amazonaws.com/conf.toml -O /root/conf.toml
chmod a x /root/server_demo
cd /root
/root/server_demo
DOCKER
FROM centos
RUN yum install -y wget
RUN echo #!/bin/bash -xe /opt/data.sh
echo wget https://yc-helloworld.s3.ap-northeast-1.amazonaws.com/server_demo -O /root/server_demo /opt/data.sh
echo wget https://yc-helloworld.s3.ap-northeast-1.amazonaws.com/conf.toml -O /root/conf.toml /opt/data.sh
echo chmod a x /root/server_demo /opt/data.sh
echo cd /root /opt/data.sh
echo /root/server_demo /opt/data.sh
chmod 755 /opt/data.sh
EXPOSE 7777
CMD [ /opt/data.sh , -D FOREGROUND ]
