Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide an example for a fully private cluster with Private Isolated Subnets and VPC Interface Endpoints #9

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Provide an example for a fully private cluster with Private Isolated Subnets and VPC Interface Endpoints #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 40 additions & 2 deletions lib/ecs/cluster.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,47 @@ export class EcsBlueGreenCluster extends Construct {
constructor(scope: Construct, id: string, props: EcsBlueGreenClusterProps = {}) {
super(scope, id);

// Create the VPC for the ECS cluster. The VPC will have one private subnet without NAT Gateway.
this.vpc = new ec2.Vpc(this, 'ecsClusterVPC', {
cidr: props.cidr
});
cidr: props.cidr,
subnetConfiguration: [
{
name: 'Private',
subnetType: ec2.SubnetType.PRIVATE_ISOLATED
}
]
});

// Create the VPC endpoint for the ECR registry
new ec2.InterfaceVpcEndpoint(this, 'ECRVpcEndpoint', {
vpc: this.vpc,
service: ec2.InterfaceVpcEndpointAwsService.ECR,
privateDnsEnabled: true
})

// Create the VPC endpoint for the ECR Docker registry. This is required for the Fargate task to pull the docker image from ECR.
//This is not required for the ECS task to pull the docker image from ECR. The ECS task will pull the docker image from EC

new ec2.InterfaceVpcEndpoint(this, 'ECRDockerVpcEndpoint', {
vpc: this.vpc,
service: ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER,
privateDnsEnabled: true
})

// access S3 bucket from Fargate task. This is required for the Fargate task to pull the docker image from ECR.
new ec2.GatewayVpcEndpoint(this, 'S3GatewayEndpoint', {
service: ec2.GatewayVpcEndpointAwsService.S3,
vpc: this.vpc,
subnets: [{ subnetType: ec2.SubnetType.PRIVATE_ISOLATED, }]
})

// access Cloudwatch logging
new ec2.InterfaceVpcEndpoint(this, 'CloudWatchLogsVpcEndpoint', {
vpc: this.vpc,
service: ec2.InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS,
privateDnsEnabled: true
})

this.cluster = new ecs.Cluster(this, 'ecsCluster', {
vpc: this.vpc,
containerInsights: true
Expand Down
2 changes: 1 addition & 1 deletion lib/ecs/service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ export class EcsBlueGreenService extends Construct {
// Creating an application load balancer, listener and two target groups for Blue/Green deployment
this.alb = new albv2.ApplicationLoadBalancer(this, 'alb', {
vpc: props.vpc!,
internetFacing: true
internetFacing: false
});
this.albProdListener = this.alb.addListener('albProdListener', {
port: 80
Expand Down