Skip to content

Commit

Permalink
Add RDS
Browse files Browse the repository at this point in the history
ingalls committed Nov 21, 2024

Verified

This commit was signed with the committer’s verified signature.
ingalls Nick
1 parent 38ee7b8 commit 3e34128
Showing 4 changed files with 1,121 additions and 1,070 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
FROM lldap/lldap:2024-11-09-alpine

EXPOSE 389

EXPOSE 17170

2 changes: 2 additions & 0 deletions cloudformation/auth-infra.template.js
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
import cf from '@openaddresses/cloudfriend';
import RDS from './lib/db.js';
import API from './lib/api.js';
import KMS from './lib/kms.js';
import EFS from './lib/efs.js';
import { ELB as ELBAlarms } from '@openaddresses/batch-alarms';

export default cf.merge(
RDS,
API,
KMS,
EFS,
63 changes: 59 additions & 4 deletions cloudformation/lib/api.js
Original file line number Diff line number Diff line change
@@ -91,10 +91,32 @@ export default {
IpProtocol: 'tcp',
FromPort: 636,
ToPort: 636
},{
Description: 'Internal Traffic',
CidrIp: cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-vpc-cidr'])),
IpProtocol: 'tcp',
FromPort: 443,
ToPort: 443,
}],
VpcId: cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-vpc']))
}
},
WebListener: {
Type: 'AWS::ElasticLoadBalancingV2::Listener',
Properties: {
DefaultActions: [{
Type: 'forward',
TargetGroupArn: cf.ref('TargetGroupWeb')
}],
Certificates: [{
CertificateArn: cf.join(['arn:', cf.partition, ':acm:', cf.region, ':', cf.accountId, ':certificate/', cf.ref('SSLCertificateIdentifier')])
}],
SslPolicy: 'ELBSecurityPolicy-TLS-1-2-2017-01',
LoadBalancerArn: cf.ref('ELB'),
Port: 443,
Protocol: 'TLS'
}
},
HttpListener: {
Type: 'AWS::ElasticLoadBalancingV2::Listener',
Properties: {
@@ -127,6 +149,22 @@ export default {
VpcId: cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-vpc']))
}
},
TargetGroupWeb: {
Type: 'AWS::ElasticLoadBalancingV2::TargetGroup',
DependsOn: ['ELB'],
Properties: {
HealthCheckEnabled: true,
HealthCheckIntervalSeconds: 30,
HealthCheckTimeoutSeconds: 10,
HealthyThresholdCount: 3,
HealthCheckProtocol: 'TCP',
HealthCheckPort: 17170,
Port: 17170,
Protocol: 'TCP',
TargetType: 'ip',
VpcId: cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-vpc']))
}
},
TaskRole: {
Type: 'AWS::IAM::Role',
Properties: {
@@ -237,13 +275,16 @@ export default {
SourceVolume: cf.join([cf.stackName, '-config']),
}],
PortMappings: [{
ContainerPort: 3389
ContainerPort: 3389,
},{
ContainerPort: 17170
}],
Environment: [
{ Name: 'StackName', Value: cf.stackName },
{ Name: 'AWS_DEFAULT_REGION', Value: cf.region },
{ Name: 'LLDAP_LDAP_BASE_DN', Value: cf.ref('LDAPBaseDN') },
{ Name: 'LLDAP_LDAP_PORT', Value: '3389' },
{ Name: 'LLDAP_HTTP_PORT', Value: '17170' },
{ Name: 'LLDAP_LDAP_USER_PASS', Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/admin:SecretString:password:AWSCURRENT}}') },
{ Name: 'LLDAP_JWT_SECRET', Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/signing:SecretString::AWSCURRENT}}') },
{ Name: 'LLDAP_KEY_SEED', Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/seed:SecretString::AWSCURRENT}}') },
@@ -285,6 +326,10 @@ export default {
ContainerName: 'api',
ContainerPort: 3389,
TargetGroupArn: cf.ref('TargetGroup')
},{
ContainerName: 'api',
ContainerPort: 17170,
TargetGroupArn: cf.ref('TargetGroupWeb')
}]
}
},
@@ -302,16 +347,26 @@ export default {
Description: 'ELB Traffic',
SourceSecurityGroupId: cf.ref('ELBSecurityGroup'),
IpProtocol: 'tcp',
FromPort: 17170,
ToPort: 17170,
},{
Description: 'Internal Traffic',
SourceSecurityGroupId: cf.ref('ELBSecurityGroup'),
IpProtocol: 'tcp',
FromPort: 3389,
ToPort: 3389
}]
}
},
},
Outputs: {
API: {
Description: 'API ELB',
Value: cf.join(['http://', cf.getAtt('ELB', 'DNSName')])
WEBAPI: {
Description: 'Web ELB',
Value: cf.join(['https://', cf.getAtt('ELB', 'DNSName')])
},
LDAPAPI: {
Description: 'LDAPS ELB',
Value: cf.join(['ldaps://', cf.getAtt('ELB', 'DNSName'), ':636'])
},
LDAPAdminUsername: {
Description: 'LDAP Admin Username',
2,124 changes: 1,059 additions & 1,065 deletions package-lock.json

Large diffs are not rendered by default.

0 comments on commit 3e34128

Please sign in to comment.