AWS CDK – Cloud Development Kit
Budowaniu infrastruktury jako kodu nigdy nie było prostsze, gdyż CDK wykorzystuje języki jakie doskonale znasz (TypeScript, JavaScript, Python, Java, C# lub Go) i możesz stosować ich mocne strony do budowy chmury. Na warsztatach ustawisz sobie środowisko do programowania Infrastructure as Code (IaC) i zakodujesz proste rozwiązanie. Zapewniam, że to łatwiejsze od Terraforma.
Warsztaty live w ramach AWSowego tygodnia 
https://www.akademiaarchitektait.pl/plan-wydarzen-awsowego-tygodnia/
Polecenia i kod wykorzystany w warsztatach
Instalacja CDK
npm -g install typescript
npm install -g aws-cdk
cdk --version
npm -g install typescript
npm install -g aws-cdk
cdk --version
npm -g install typescript npm install -g aws-cdk cdk --version
Tworzenie aplikacji
mkdir bastion-cdk
cd bastion-cdk
cdk init app --language typescript
mkdir bastion-cdk
cd bastion-cdk
cdk init app --language typescript
mkdir bastion-cdk cd bastion-cdk cdk init app --language typescript
Budowanie aplikacji
npm run build
cdk ls
npm run build
cdk ls
npm run build cdk ls
Konfiguracja VPC
npm install @aws-cdk/aws-ec2
npm install @aws-cdk/aws-ec2
npm install @aws-cdk/aws-ec2
import * as ec2 from '@aws-cdk/aws-ec2';
import * as ec2 from '@aws-cdk/aws-ec2';
import * as ec2 from '@aws-cdk/aws-ec2';
get availabilityZones(): string[] {
return ['us-east-1a', 'us-east-1b'];
}
get availabilityZones(): string[] {
return ['us-east-1a', 'us-east-1b'];
}
get availabilityZones(): string[] {
return ['us-east-1a', 'us-east-1b'];
}
const vpc = new ec2.Vpc(this, 'VPC_utworzona_w_CDK', {
cidr: '172.16.0.0/16',
maxAzs: 1,
natGateways: 0,
subnetConfiguration: [
{
subnetType: ec2.SubnetType.PUBLIC,
name: 'Public-subnet',
cidrMask: 24,
},
{
subnetType: ec2.SubnetType.PRIVATE,
name: 'Private-subnet',
cidrMask: 24,
}
]
});
const vpc = new ec2.Vpc(this, 'VPC_utworzona_w_CDK', {
cidr: '172.16.0.0/16',
maxAzs: 1,
natGateways: 0,
subnetConfiguration: [
{
subnetType: ec2.SubnetType.PUBLIC,
name: 'Public-subnet',
cidrMask: 24,
},
{
subnetType: ec2.SubnetType.PRIVATE,
name: 'Private-subnet',
cidrMask: 24,
}
]
});
const vpc = new ec2.Vpc(this, 'VPC_utworzona_w_CDK', {
cidr: '172.16.0.0/16',
maxAzs: 1,
natGateways: 0,
subnetConfiguration: [
{
subnetType: ec2.SubnetType.PUBLIC,
name: 'Public-subnet',
cidrMask: 24,
},
{
subnetType: ec2.SubnetType.PRIVATE,
name: 'Private-subnet',
cidrMask: 24,
}
]
});
const cdkSecurityGroup = new ec2.SecurityGroup(this, 'cdkSecurityGroup', {
vpc,
description: 'Pozwalaj na SSH i Ping',
allowAllOutbound: true
});
cdkSecurityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(22), 'Pozwalaj na ssh z dowolnego adresu ip');
cdkSecurityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.allIcmp(), 'Pozwalaj na ping z dowolnego adresu ip');
const cdkSecurityGroup = new ec2.SecurityGroup(this, 'cdkSecurityGroup', {
vpc,
description: 'Pozwalaj na SSH i Ping',
allowAllOutbound: true
});
cdkSecurityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(22), 'Pozwalaj na ssh z dowolnego adresu ip');
cdkSecurityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.allIcmp(), 'Pozwalaj na ping z dowolnego adresu ip');
const cdkSecurityGroup = new ec2.SecurityGroup(this, 'cdkSecurityGroup', {
vpc,
description: 'Pozwalaj na SSH i Ping',
allowAllOutbound: true
});
cdkSecurityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(22), 'Pozwalaj na ssh z dowolnego adresu ip');
cdkSecurityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.allIcmp(), 'Pozwalaj na ping z dowolnego adresu ip');
{
subnetType: ec2.SubnetType.ISOLATED,
name: 'Isolated-subnet',
cidrMask: 24,
}
{
subnetType: ec2.SubnetType.ISOLATED,
name: 'Isolated-subnet',
cidrMask: 24,
}
{
subnetType: ec2.SubnetType.ISOLATED,
name: 'Isolated-subnet',
cidrMask: 24,
}
npm run build
cdk ls
cdk synth
cdk deploy
npm run build
cdk ls
cdk synth
cdk deploy
npm run build cdk ls cdk synth cdk deploy
get availabilityZones(): string[] {
return ['eu-central-1a', 'eu-central-1b'];
}
get availabilityZones(): string[] {
return ['eu-central-1a', 'eu-central-1b'];
}
get availabilityZones(): string[] {
return ['eu-central-1a', 'eu-central-1b'];
}
cdk deploy
cdk deploy
cdk deploy
const instance = new ec2.Instance(this, 'Instancja-publiczna', {
vpc: vpc,
vpcSubnets: vpc.selectSubnets({subnetType: ec2.SubnetType.PUBLIC}),
securityGroup: cdkSecurityGroup,
instanceName: 'Instancja-publiczna',
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.MICRO),
machineImage: ec2.MachineImage.latestAmazonLinux({
generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
}),
keyName: 'kluczvpc',
})
const instance = new ec2.Instance(this, 'Instancja-publiczna', {
vpc: vpc,
vpcSubnets: vpc.selectSubnets({subnetType: ec2.SubnetType.PUBLIC}),
securityGroup: cdkSecurityGroup,
instanceName: 'Instancja-publiczna',
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.MICRO),
machineImage: ec2.MachineImage.latestAmazonLinux({
generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
}),
keyName: 'kluczvpc',
})
const instance = new ec2.Instance(this, 'Instancja-publiczna', {
vpc: vpc,
vpcSubnets: vpc.selectSubnets({subnetType: ec2.SubnetType.PUBLIC}),
securityGroup: cdkSecurityGroup,
instanceName: 'Instancja-publiczna',
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.MICRO),
machineImage: ec2.MachineImage.latestAmazonLinux({
generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
}),
keyName: 'kluczvpc',
})
cdk diff
cdk diff
cdk diff
const instance2 = new ec2.Instance(this, 'Instancja-odizolowana', {
vpc: vpc,
vpcSubnets: vpc.selectSubnets({subnetType: ec2.SubnetType.ISOLATED}),
securityGroup: cdkSecurityGroup,
instanceName: 'Instancja-odizolowana',
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.MICRO),
machineImage: ec2.MachineImage.latestAmazonLinux({
generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
}),
keyName: 'kluczvpc',
})
const instance2 = new ec2.Instance(this, 'Instancja-odizolowana', {
vpc: vpc,
vpcSubnets: vpc.selectSubnets({subnetType: ec2.SubnetType.ISOLATED}),
securityGroup: cdkSecurityGroup,
instanceName: 'Instancja-odizolowana',
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.MICRO),
machineImage: ec2.MachineImage.latestAmazonLinux({
generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
}),
keyName: 'kluczvpc',
})
const instance2 = new ec2.Instance(this, 'Instancja-odizolowana', {
vpc: vpc,
vpcSubnets: vpc.selectSubnets({subnetType: ec2.SubnetType.ISOLATED}),
securityGroup: cdkSecurityGroup,
instanceName: 'Instancja-odizolowana',
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.MICRO),
machineImage: ec2.MachineImage.latestAmazonLinux({
generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
}),
keyName: 'kluczvpc',
})
cdk deploy
cdk deploy
cdk deploy
new cdk.CfnOutput(this, 'InstancjaPublicznaIp', {
value: instance.instancePublicIp
})
new cdk.CfnOutput(this, 'InstancjaOdizolowanaIp', {
value: instance2.instancePrivateIp
})
new cdk.CfnOutput(this, 'InstancjaPublicznaIp', {
value: instance.instancePublicIp
})
new cdk.CfnOutput(this, 'InstancjaOdizolowanaIp', {
value: instance2.instancePrivateIp
})
new cdk.CfnOutput(this, 'InstancjaPublicznaIp', {
value: instance.instancePublicIp
})
new cdk.CfnOutput(this, 'InstancjaOdizolowanaIp', {
value: instance2.instancePrivateIp
})
cdk diff
cdk synth
cdk deploy
cdk diff
cdk synth
cdk deploy
cdk diff cdk synth cdk deploy
chmod 400 kluczvpc.pem
ssh -i "kluczvpc.pem" ec2-user@IpPubliczne
scp -i "kluczvpc.pem" kluczvpc.pem ec2-user@IpPubliczne:/home/ec2-user/
chmod 400 kluczvpc.pem
ssh -i "kluczvpc.pem" ec2-user@IpPrywatne
chmod 400 kluczvpc.pem
ssh -i "kluczvpc.pem" ec2-user@IpPubliczne
scp -i "kluczvpc.pem" kluczvpc.pem ec2-user@IpPubliczne:/home/ec2-user/
chmod 400 kluczvpc.pem
ssh -i "kluczvpc.pem" ec2-user@IpPrywatne
chmod 400 kluczvpc.pem ssh -i "kluczvpc.pem" ec2-user@IpPubliczne scp -i "kluczvpc.pem" kluczvpc.pem ec2-user@IpPubliczne:/home/ec2-user/ chmod 400 kluczvpc.pem ssh -i "kluczvpc.pem" ec2-user@IpPrywatne
Testy jednostkowe
npm run build
npm test
npm run build
npm test
npm run build npm test
test('Instancja typu t2.micro', () => {
const app = new cdk.App();
const stack = new BastionCdk.BastionCdkStack(app, 'MyTestStack');
expectCDK(stack).to(haveResourceLike('AWS::EC2::Instance', { InstanceType: 't2.micro' }));
});
test('Klucz SSH musi nazywać się kluczvpc', () => {
const app = new cdk.App();
const stack = new BastionCdk.BastionCdkStack(app, 'MyTestStack');
expectCDK(stack).to(haveResourceLike('AWS::EC2::Instance', { KeyName: 'kluczvpc' }));
});
test('Instancja typu t2.micro', () => {
const app = new cdk.App();
const stack = new BastionCdk.BastionCdkStack(app, 'MyTestStack');
expectCDK(stack).to(haveResourceLike('AWS::EC2::Instance', { InstanceType: 't2.micro' }));
});
test('Klucz SSH musi nazywać się kluczvpc', () => {
const app = new cdk.App();
const stack = new BastionCdk.BastionCdkStack(app, 'MyTestStack');
expectCDK(stack).to(haveResourceLike('AWS::EC2::Instance', { KeyName: 'kluczvpc' }));
});
test('Instancja typu t2.micro', () => {
const app = new cdk.App();
const stack = new BastionCdk.BastionCdkStack(app, 'MyTestStack');
expectCDK(stack).to(haveResourceLike('AWS::EC2::Instance', { InstanceType: 't2.micro' }));
});
test('Klucz SSH musi nazywać się kluczvpc', () => {
const app = new cdk.App();
const stack = new BastionCdk.BastionCdkStack(app, 'MyTestStack');
expectCDK(stack).to(haveResourceLike('AWS::EC2::Instance', { KeyName: 'kluczvpc' }));
});
npm test
npm test
npm test
Czyszczenie
cdk destroy
cdk destroy
cdk destroy
Poprzedni wpis
Następny wpis
