-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathsetup-eks.py
117 lines (101 loc) · 4.39 KB
/
setup-eks.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
from aws_cdk import (
aws_codebuild as codebuild,
aws_iam as iam,
aws_codepipeline as codepipeline,
aws_codepipeline_actions as codepipeline_actions,
aws_codebuild as codebuild,
aws_ec2 as ec2,
aws_cloud9 as cloud9,
core
)
import os
class EnvironmentStack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
eks_vpc = ec2.Vpc(
self, "VPC",
cidr="10.0.0.0/16"
)
self.node.apply_aspect(core.Tag("kubernetes.io/cluster/cluster", "shared"))
eks_vpc.private_subnets[0].node.apply_aspect(core.Tag("kubernetes.io/role/internal-elb", "1"))
eks_vpc.private_subnets[1].node.apply_aspect(core.Tag("kubernetes.io/role/internal-elb", "1"))
eks_vpc.public_subnets[0].node.apply_aspect(core.Tag("kubernetes.io/role/elb", "1"))
eks_vpc.public_subnets[1].node.apply_aspect(core.Tag("kubernetes.io/role/elb", "1"))
# Create IAM Role For CodeBuild and Cloud9
codebuild_role = iam.Role(
self, "BuildRole",
assumed_by=iam.CompositePrincipal(
iam.ServicePrincipal("codebuild.amazonaws.com"),
iam.ServicePrincipal("ec2.amazonaws.com")
),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name("AdministratorAccess")
]
)
instance_profile = iam.CfnInstanceProfile(
self, "InstanceProfile",
roles=[codebuild_role.role_name]
)
# Create CodeBuild PipelineProject
build_project = codebuild.PipelineProject(
self, "BuildProject",
role=codebuild_role,
build_spec=codebuild.BuildSpec.from_source_filename("buildspec.yml")
)
# Create CodePipeline
pipeline = codepipeline.Pipeline(
self, "Pipeline",
)
# Create Artifact
artifact = codepipeline.Artifact()
# Add Source Stage
pipeline.add_stage(
stage_name="Source",
actions=[
codepipeline_actions.GitHubSourceAction(
action_name="SourceCodeRepo",
owner="aws-samples",
repo="con317-reinvent19",
output=artifact,
oauth_token=core.SecretValue.secrets_manager("github-token"),
trigger=codepipeline_actions.GitHubTrigger.NONE
)
]
)
# Add CodeBuild Stage
pipeline.add_stage(
stage_name="Deploy",
actions=[
codepipeline_actions.CodeBuildAction(
action_name="CodeBuildProject",
project=build_project,
type=codepipeline_actions.CodeBuildActionType.BUILD,
input=artifact,
environment_variables={
'PublicSubnet1ID': codebuild.BuildEnvironmentVariable(value=eks_vpc.public_subnets[0].subnet_id),
'PublicSubnet2ID': codebuild.BuildEnvironmentVariable(value=eks_vpc.public_subnets[1].subnet_id),
'PrivateSubnet1ID': codebuild.BuildEnvironmentVariable(value=eks_vpc.private_subnets[0].subnet_id),
'PrivateSubnet2ID': codebuild.BuildEnvironmentVariable(value=eks_vpc.private_subnets[1].subnet_id),
'AWS_DEFAULT_REGION': codebuild.BuildEnvironmentVariable(value=self.region),
'INSTANCEPROFILEID': codebuild.BuildEnvironmentVariable(value=instance_profile.ref)
}
)
]
)
cloud9_repository = cloud9.CfnEnvironmentEC2.RepositoryProperty(
path_component="con317-reinvent19",
repository_url="https://github.com/aws-samples/con317-reinvent19"
)
cloud9_instance = cloud9.CfnEnvironmentEC2(
self, 'Cloud9Instance',
instance_type="t2.micro",
automatic_stop_time_minutes=30,
subnet_id=eks_vpc.public_subnets[0].subnet_id,
repositories=[cloud9_repository]
)
pipeline.node.add_dependency(eks_vpc)
pipeline.node.add_dependency(cloud9_instance)
cloud9_instance.node.add_dependency(eks_vpc)
app = core.App()
environment_stack = EnvironmentStack(app, "EnvironmentStack")
app.synth()