From 8165de49bcb38bb336e3d9730597ff9f5c431338 Mon Sep 17 00:00:00 2001 From: Padraic Renaghan Date: Sat, 17 Aug 2024 14:33:35 -0400 Subject: [PATCH] cdk collapse --- .../{01-bootstrap-ecr.yml => 01-infra.yml} | 6 +- .github/workflows/02-network.yml | 53 ---------- .../{04-todo-deploy.yml => 02-service.yml} | 5 +- cdk/build.gradle.kts | 24 +---- cdk/package.json | 19 +--- .../com/renaghan/todo/cdk/CertificateApp.java | 10 -- .../renaghan/todo/cdk/CertificateStack.java | 54 ---------- .../cdk/{CognitoStack.java => Cognito.java} | 35 +++---- .../com/renaghan/todo/cdk/CognitoApp.java | 10 -- .../todo/cdk/DockerRepositoryApp.java | 27 ----- .../java/com/renaghan/todo/cdk/DomainApp.java | 10 -- .../com/renaghan/todo/cdk/DomainStack.java | 53 ---------- .../com/renaghan/todo/cdk/Infrastructure.java | 98 +++++++++++++++++++ .../com/renaghan/todo/cdk/NetworkApp.java | 29 ------ .../com/renaghan/todo/cdk/ServiceApp.java | 52 +++++----- 15 files changed, 149 insertions(+), 336 deletions(-) rename .github/workflows/{01-bootstrap-ecr.yml => 01-infra.yml} (90%) delete mode 100644 .github/workflows/02-network.yml rename .github/workflows/{04-todo-deploy.yml => 02-service.yml} (97%) delete mode 100644 cdk/src/main/java/com/renaghan/todo/cdk/CertificateApp.java delete mode 100644 cdk/src/main/java/com/renaghan/todo/cdk/CertificateStack.java rename cdk/src/main/java/com/renaghan/todo/cdk/{CognitoStack.java => Cognito.java} (90%) delete mode 100644 cdk/src/main/java/com/renaghan/todo/cdk/CognitoApp.java delete mode 100644 cdk/src/main/java/com/renaghan/todo/cdk/DockerRepositoryApp.java delete mode 100644 cdk/src/main/java/com/renaghan/todo/cdk/DomainApp.java delete mode 100644 cdk/src/main/java/com/renaghan/todo/cdk/DomainStack.java create mode 100644 cdk/src/main/java/com/renaghan/todo/cdk/Infrastructure.java delete mode 100644 cdk/src/main/java/com/renaghan/todo/cdk/NetworkApp.java diff --git a/.github/workflows/01-bootstrap-ecr.yml b/.github/workflows/01-infra.yml similarity index 90% rename from .github/workflows/01-bootstrap-ecr.yml rename to .github/workflows/01-infra.yml index c328692..a4dcccb 100644 --- a/.github/workflows/01-bootstrap-ecr.yml +++ b/.github/workflows/01-infra.yml @@ -1,7 +1,7 @@ # This is a one-off workflow to set up everything we need to deploy Docker images # with CDK. This workflow deploys everything that is not specific to a certain # environment (staging, prod, ...). -name: 01 - CDK Bootstrap and ECR +name: 01 - CDK Infra on: # manually triggered from github UI @@ -42,6 +42,6 @@ jobs: working-directory: cdk run: npm run bootstrap - - name: Deploy Docker Registry stack + - name: Deploy Infrastructure working-directory: cdk - run: npm run repository:deploy + run: npm run infra:deploy diff --git a/.github/workflows/02-network.yml b/.github/workflows/02-network.yml deleted file mode 100644 index 85a6723..0000000 --- a/.github/workflows/02-network.yml +++ /dev/null @@ -1,53 +0,0 @@ -# This workflow creates all environment-specific resources that are shared across applications. -# This needs to run before creating an application-specific environment. -name: 02 - CDK Deploy Network - -env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} - -on: - workflow_dispatch: - inputs: - environmentName: - description: 'The name of the environment to create.' - required: true - default: 'staging' -jobs: - deploy-network-stack: - if: github.ref == 'refs/heads/main' - runs-on: ubuntu-20.04 - name: Deploy the network stack - steps: - - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - distribution: 'temurin' - java-version: 17 - cache: 'gradle' - - - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 - with: - cache-overwrite-existing: true - - - name: NPM install - working-directory: cdk - run: npm install - - - name: Deploy Certificate stack - working-directory: cdk - run: npm run certificate:deploy -- -c environmentName=${{ github.event.inputs.environmentName }} - - - name: Deploy Network stack - working-directory: cdk - run: npm run network:deploy -- -c environmentName=${{ github.event.inputs.environmentName }} - - - name: Deploy DNS stack - working-directory: cdk - run: npm run domain:deploy -- -c environmentName=${{ github.event.inputs.environmentName }} diff --git a/.github/workflows/04-todo-deploy.yml b/.github/workflows/02-service.yml similarity index 97% rename from .github/workflows/04-todo-deploy.yml rename to .github/workflows/02-service.yml index abfb220..55ecce3 100644 --- a/.github/workflows/04-todo-deploy.yml +++ b/.github/workflows/02-service.yml @@ -1,5 +1,5 @@ # This workflow builds the Docker image for the Todo-App and then deploys the application. -name: 04 - Deploy Todo App +name: 02 - Deploy Service env: AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} @@ -14,9 +14,8 @@ on: - 'app/Dockerfile' - 'app/build.gradle.kts' - 'cdk/src/main/**' - - 'cdk/build.gradle.kts' - 'cdk/cdk.json' - - '.github/workflows/04-todo-deploy.yml' + - '.github/workflows/02-service.yml' workflow_dispatch: jobs: build-and-publish: diff --git a/cdk/build.gradle.kts b/cdk/build.gradle.kts index 3c90ee5..b469aa1 100644 --- a/cdk/build.gradle.kts +++ b/cdk/build.gradle.kts @@ -16,24 +16,9 @@ dependencies { implementation("dev.stratospheric:cdk-constructs:0.1.15") } -tasks.register("repository") { +tasks.register("infra") { group = "app" - mainClass = "com.renaghan.todo.cdk.DockerRepositoryApp" - classpath = project.sourceSets["main"].runtimeClasspath -} -tasks.register("certificate") { - group = "app" - mainClass = "com.renaghan.todo.cdk.CertificateApp" - classpath = project.sourceSets["main"].runtimeClasspath -} -tasks.register("network") { - group = "app" - mainClass = "com.renaghan.todo.cdk.NetworkApp" - classpath = project.sourceSets["main"].runtimeClasspath -} -tasks.register("domain") { - group = "app" - mainClass = "com.renaghan.todo.cdk.DomainApp" + mainClass = "com.renaghan.todo.cdk.Infrastructure" classpath = project.sourceSets["main"].runtimeClasspath } tasks.register("service") { @@ -41,11 +26,6 @@ tasks.register("service") { mainClass = "com.renaghan.todo.cdk.ServiceApp" classpath = project.sourceSets["main"].runtimeClasspath } -tasks.register("cognito") { - group = "app" - mainClass = "com.renaghan.todo.cdk.CognitoApp" - classpath = project.sourceSets["main"].runtimeClasspath -} testing { suites { diff --git a/cdk/package.json b/cdk/package.json index a08e117..c7e50f8 100644 --- a/cdk/package.json +++ b/cdk/package.json @@ -7,24 +7,11 @@ "bootstrap" : "cdk bootstrap --app '../gradlew --quiet :cdk:repository'", - "repository:deploy" : "cdk deploy --app '../gradlew --quiet :cdk:repository' --require-approval never", - "repository:destroy": "cdk destroy --app '../gradlew --quiet :cdk:repository' --force --require-approval never --all", - - "certificate:deploy" : "cdk deploy --app '../gradlew --quiet :cdk:certificate' --require-approval never", - "certificate:destroy": "cdk destroy --app '../gradlew --quiet :cdk:certificate' --force --require-approval never --all", - - "network:deploy" : "cdk deploy --app '../gradlew --quiet :cdk:network' --require-approval never", - "network:destroy": "cdk destroy --app '../gradlew --quiet :cdk:network' --force --require-approval never --all", - - "domain:deploy" : "cdk deploy --app '../gradlew --quiet :cdk:domain' --require-approval never", - "domain:destroy": "cdk destroy --app '../gradlew --quiet :cdk:domain' --force --require-approval never --all", + "infra:deploy" : "cdk deploy --app '../gradlew --quiet :cdk:infra' --require-approval never", + "infra:destroy": "cdk destroy --app '../gradlew --quiet :cdk:infra' --force --require-approval never --all", "service:deploy" : "cdk deploy --app '../gradlew --quiet :cdk:service' --require-approval never", - "service:destroy": "cdk destroy --app '../gradlew --quiet :cdk:service' --force --require-approval never --all", - - "cognito:deploy" : "cdk deploy --app '../gradlew --quiet :cdk:cognito' --require-approval never", - "cognito:destroy": "cdk destroy --app '../gradlew --quiet :cdk:cognito' --force --require-approval never --all" - + "service:destroy": "cdk destroy --app '../gradlew --quiet :cdk:service' --force --require-approval never --all" }, "devDependencies": { "aws-cdk": "2.151.0" diff --git a/cdk/src/main/java/com/renaghan/todo/cdk/CertificateApp.java b/cdk/src/main/java/com/renaghan/todo/cdk/CertificateApp.java deleted file mode 100644 index 996738b..0000000 --- a/cdk/src/main/java/com/renaghan/todo/cdk/CertificateApp.java +++ /dev/null @@ -1,10 +0,0 @@ -package com.renaghan.todo.cdk; - -/** CDK App */ -public class CertificateApp { - public static void main(String[] args) { - CDKApp app = new CDKApp(); - new CertificateStack(app, "certificate"); - app.synth(); - } -} diff --git a/cdk/src/main/java/com/renaghan/todo/cdk/CertificateStack.java b/cdk/src/main/java/com/renaghan/todo/cdk/CertificateStack.java deleted file mode 100644 index 63437b9..0000000 --- a/cdk/src/main/java/com/renaghan/todo/cdk/CertificateStack.java +++ /dev/null @@ -1,54 +0,0 @@ -package com.renaghan.todo.cdk; - -import software.amazon.awscdk.Stack; -import software.amazon.awscdk.StackProps; -import software.amazon.awscdk.services.certificatemanager.DnsValidatedCertificate; -import software.amazon.awscdk.services.route53.HostedZone; -import software.amazon.awscdk.services.route53.HostedZoneProviderProps; -import software.amazon.awscdk.services.route53.IHostedZone; -import software.amazon.awscdk.services.ssm.StringParameter; -import software.constructs.Construct; - -@SuppressWarnings("deprecation") -public class CertificateStack extends Stack { - private static final String PARAMETER_CERT_ARN = "sslCertARN"; - - CertificateStack(CDKApp app, String id) { - super( - app, - id, - StackProps.builder().stackName(app.appEnv().prefix("SSLCert")).env(app.awsEnv()).build()); - - IHostedZone hostedZone = - HostedZone.fromLookup( - this, - "HostedZone", - HostedZoneProviderProps.builder() - .domainName(app.getContext("hostedZoneDomain")) - .build()); - - DnsValidatedCertificate websiteCertificate = - DnsValidatedCertificate.Builder.create(this, "WebsiteCertificate") - .hostedZone(hostedZone) - .region(app.awsEnv().getRegion()) - .domainName(app.getApplicationDomain()) - .build(); - - StringParameter.Builder.create(this, PARAMETER_CERT_ARN) - .parameterName(app.appEnv().prefix(PARAMETER_CERT_ARN)) - .stringValue(websiteCertificate.getCertificateArn()) - .build(); - } - - static CertificateStack.CertificateOutputParameters getOutputParametersFromParameterStore( - CDKApp app, Construct scope) { - String sslCertARN = - StringParameter.fromStringParameterName( - scope, PARAMETER_CERT_ARN, app.appEnv().prefix(PARAMETER_CERT_ARN)) - .getStringValue(); - - return new CertificateStack.CertificateOutputParameters(sslCertARN); - } - - public record CertificateOutputParameters(String sslCertARN) {} -} diff --git a/cdk/src/main/java/com/renaghan/todo/cdk/CognitoStack.java b/cdk/src/main/java/com/renaghan/todo/cdk/Cognito.java similarity index 90% rename from cdk/src/main/java/com/renaghan/todo/cdk/CognitoStack.java rename to cdk/src/main/java/com/renaghan/todo/cdk/Cognito.java index 81e44e6..2d1a4ee 100644 --- a/cdk/src/main/java/com/renaghan/todo/cdk/CognitoStack.java +++ b/cdk/src/main/java/com/renaghan/todo/cdk/Cognito.java @@ -5,7 +5,6 @@ import java.util.Collections; import software.amazon.awscdk.Duration; import software.amazon.awscdk.Stack; -import software.amazon.awscdk.StackProps; import software.amazon.awscdk.services.cognito.AccountRecovery; import software.amazon.awscdk.services.cognito.AutoVerifiedAttrs; import software.amazon.awscdk.services.cognito.CognitoDomainOptions; @@ -24,17 +23,17 @@ import software.amazon.awscdk.services.ssm.StringParameter; import software.constructs.Construct; -class CognitoStack extends Stack { +class Cognito { + private final CDKApp app; + private final Stack stack; private final UserPool userPool; private final UserPoolClient userPoolClient; private final String logoutUrl; - public CognitoStack(CDKApp app, String id) { - super( - app, - id, - StackProps.builder().stackName(app.appEnv().prefix("Cognito")).env(app.awsEnv()).build()); + public Cognito(CDKApp app, Stack stack) { + this.app = app; + this.stack = stack; this.logoutUrl = String.format( @@ -42,7 +41,7 @@ public CognitoStack(CDKApp app, String id) { app.getContext("loginPageDomainPrefix"), app.awsEnv().getRegion()); this.userPool = - UserPool.Builder.create(this, "userPool") + UserPool.Builder.create(stack, "userPool") .userPoolName(app.getContext("applicationName") + "-user-pool") .selfSignUpEnabled(false) .accountRecovery(AccountRecovery.EMAIL_ONLY) @@ -66,7 +65,7 @@ public CognitoStack(CDKApp app, String id) { .build(); this.userPoolClient = - UserPoolClient.Builder.create(this, "userPoolClient") + UserPoolClient.Builder.create(stack, "userPoolClient") .userPoolClientName(app.getContext("applicationName") + "-client") .generateSecret(true) .userPool(this.userPool) @@ -84,7 +83,7 @@ public CognitoStack(CDKApp app, String id) { Collections.singletonList(UserPoolClientIdentityProvider.COGNITO)) .build(); - UserPoolDomain.Builder.create(this, "userPoolDomain") + UserPoolDomain.Builder.create(stack, "userPoolDomain") .userPool(this.userPool) .cognitoDomain( CognitoDomainOptions.builder() @@ -92,9 +91,7 @@ public CognitoStack(CDKApp app, String id) { .build()) .build(); - createOutputParameters(app); - - app.appEnv().tag(this); + createOutputParameters(); } private static final String PARAMETER_USER_POOL_ID = "userPoolId"; @@ -103,31 +100,31 @@ public CognitoStack(CDKApp app, String id) { private static final String PARAMETER_USER_POOL_LOGOUT_URL = "userPoolLogoutUrl"; private static final String PARAMETER_USER_POOL_PROVIDER_URL = "userPoolProviderUrl"; - private void createOutputParameters(CDKApp app) { + private void createOutputParameters() { - StringParameter.Builder.create(this, PARAMETER_USER_POOL_ID) + StringParameter.Builder.create(stack, PARAMETER_USER_POOL_ID) .parameterName(createParameterName(app.appEnv(), PARAMETER_USER_POOL_ID)) .stringValue(this.userPool.getUserPoolId()) .build(); - StringParameter.Builder.create(this, PARAMETER_USER_POOL_CLIENT_ID) + StringParameter.Builder.create(stack, PARAMETER_USER_POOL_CLIENT_ID) .parameterName(createParameterName(app.appEnv(), PARAMETER_USER_POOL_CLIENT_ID)) .stringValue(this.userPoolClient.getUserPoolClientId()) .build(); - StringParameter.Builder.create(this, "logoutUrl") + StringParameter.Builder.create(stack, "logoutUrl") .parameterName(createParameterName(app.appEnv(), PARAMETER_USER_POOL_LOGOUT_URL)) .stringValue(this.logoutUrl) .build(); - StringParameter.Builder.create(this, "providerUrl") + StringParameter.Builder.create(stack, "providerUrl") .parameterName(createParameterName(app.appEnv(), PARAMETER_USER_POOL_PROVIDER_URL)) .stringValue(this.userPool.getUserPoolProviderUrl()) .build(); String userPoolClientSecret = this.userPoolClient.getUserPoolClientSecret().unsafeUnwrap(); - StringParameter.Builder.create(this, PARAMETER_USER_POOL_CLIENT_SECRET) + StringParameter.Builder.create(stack, PARAMETER_USER_POOL_CLIENT_SECRET) .parameterName(createParameterName(app.appEnv(), PARAMETER_USER_POOL_CLIENT_SECRET)) .stringValue(userPoolClientSecret) .build(); diff --git a/cdk/src/main/java/com/renaghan/todo/cdk/CognitoApp.java b/cdk/src/main/java/com/renaghan/todo/cdk/CognitoApp.java deleted file mode 100644 index 9f1fcf7..0000000 --- a/cdk/src/main/java/com/renaghan/todo/cdk/CognitoApp.java +++ /dev/null @@ -1,10 +0,0 @@ -package com.renaghan.todo.cdk; - -/** CDK App */ -public class CognitoApp { - public static void main(String[] args) { - CDKApp app = new CDKApp(); - new CognitoStack(app, "Cognito"); - app.synth(); - } -} diff --git a/cdk/src/main/java/com/renaghan/todo/cdk/DockerRepositoryApp.java b/cdk/src/main/java/com/renaghan/todo/cdk/DockerRepositoryApp.java deleted file mode 100644 index 6c4f8ce..0000000 --- a/cdk/src/main/java/com/renaghan/todo/cdk/DockerRepositoryApp.java +++ /dev/null @@ -1,27 +0,0 @@ -package com.renaghan.todo.cdk; - -import dev.stratospheric.cdk.DockerRepository; -import software.amazon.awscdk.Stack; -import software.amazon.awscdk.StackProps; - -/** CDK App */ -public class DockerRepositoryApp { - public static void main(String[] args) { - CDKApp app = new CDKApp(); - Stack dockerRepositoryStack = - new Stack( - app, - "DockerRepositoryStack", - StackProps.builder() - .stackName(app.getContext("applicationName") + "-DockerRepository") - .env(app.awsEnv()) - .build()); - new DockerRepository( - dockerRepositoryStack, - "DockerRepository", - app.awsEnv(), - new DockerRepository.DockerRepositoryInputParameters( - app.getContext("applicationName"), app.awsEnv().getAccount())); - app.synth(); - } -} diff --git a/cdk/src/main/java/com/renaghan/todo/cdk/DomainApp.java b/cdk/src/main/java/com/renaghan/todo/cdk/DomainApp.java deleted file mode 100644 index 69d65d7..0000000 --- a/cdk/src/main/java/com/renaghan/todo/cdk/DomainApp.java +++ /dev/null @@ -1,10 +0,0 @@ -package com.renaghan.todo.cdk; - -/** CDK App */ -public class DomainApp { - public static void main(String[] args) { - CDKApp app = new CDKApp(); - new DomainStack(app, "domain"); - app.synth(); - } -} diff --git a/cdk/src/main/java/com/renaghan/todo/cdk/DomainStack.java b/cdk/src/main/java/com/renaghan/todo/cdk/DomainStack.java deleted file mode 100644 index 48654a0..0000000 --- a/cdk/src/main/java/com/renaghan/todo/cdk/DomainStack.java +++ /dev/null @@ -1,53 +0,0 @@ -package com.renaghan.todo.cdk; - -import dev.stratospheric.cdk.Network; -import software.amazon.awscdk.Stack; -import software.amazon.awscdk.StackProps; -import software.amazon.awscdk.services.elasticloadbalancingv2.ApplicationLoadBalancer; -import software.amazon.awscdk.services.elasticloadbalancingv2.ApplicationLoadBalancerAttributes; -import software.amazon.awscdk.services.elasticloadbalancingv2.IApplicationLoadBalancer; -import software.amazon.awscdk.services.route53.ARecord; -import software.amazon.awscdk.services.route53.HostedZone; -import software.amazon.awscdk.services.route53.HostedZoneProviderProps; -import software.amazon.awscdk.services.route53.IHostedZone; -import software.amazon.awscdk.services.route53.RecordTarget; -import software.amazon.awscdk.services.route53.targets.LoadBalancerTarget; - -public class DomainStack extends Stack { - - DomainStack(CDKApp app, String id) { - super( - app, - id, - StackProps.builder().stackName(app.appEnv().prefix("DNS")).env(app.awsEnv()).build()); - - IHostedZone hostedZone = - HostedZone.fromLookup( - this, - "HostedZone", - HostedZoneProviderProps.builder() - .domainName(app.getContext("hostedZoneDomain")) - .build()); - - Network.NetworkOutputParameters networkOutputParameters = - Network.getOutputParametersFromParameterStore(this, app.appEnv().getEnvironmentName()); - - IApplicationLoadBalancer applicationLoadBalancer = - ApplicationLoadBalancer.fromApplicationLoadBalancerAttributes( - this, - "LoadBalancer", - ApplicationLoadBalancerAttributes.builder() - .loadBalancerArn(networkOutputParameters.getLoadBalancerArn()) - .securityGroupId(networkOutputParameters.getLoadbalancerSecurityGroupId()) - .loadBalancerCanonicalHostedZoneId( - networkOutputParameters.getLoadBalancerCanonicalHostedZoneId()) - .loadBalancerDnsName(networkOutputParameters.getLoadBalancerDnsName()) - .build()); - - ARecord.Builder.create(this, "ARecord") - .recordName(app.getApplicationDomain()) - .zone(hostedZone) - .target(RecordTarget.fromAlias(new LoadBalancerTarget(applicationLoadBalancer))) - .build(); - } -} diff --git a/cdk/src/main/java/com/renaghan/todo/cdk/Infrastructure.java b/cdk/src/main/java/com/renaghan/todo/cdk/Infrastructure.java new file mode 100644 index 0000000..98999d8 --- /dev/null +++ b/cdk/src/main/java/com/renaghan/todo/cdk/Infrastructure.java @@ -0,0 +1,98 @@ +package com.renaghan.todo.cdk; + +import dev.stratospheric.cdk.DockerRepository; +import dev.stratospheric.cdk.Network; +import software.amazon.awscdk.Stack; +import software.amazon.awscdk.StackProps; +import software.amazon.awscdk.services.certificatemanager.DnsValidatedCertificate; +import software.amazon.awscdk.services.route53.ARecord; +import software.amazon.awscdk.services.route53.HostedZone; +import software.amazon.awscdk.services.route53.HostedZoneProviderProps; +import software.amazon.awscdk.services.route53.IHostedZone; +import software.amazon.awscdk.services.route53.RecordTarget; +import software.amazon.awscdk.services.route53.targets.LoadBalancerTarget; + +@SuppressWarnings("deprecation") +public class Infrastructure { + private final CDKApp app; + private final Stack stack; + + private IHostedZone hostedZone; + private String certARN; + private Network network; + + public Infrastructure() { + this.app = new CDKApp(); + this.stack = + new Stack( + app, + "infra", + StackProps.builder() + .stackName(app.getContext("applicationName") + "-infra") + .env(app.awsEnv()) + .build()); + } + + private void dockerRepo() { + new DockerRepository( + stack, + "DockerRepository", + app.awsEnv(), + new DockerRepository.DockerRepositoryInputParameters( + app.getContext("applicationName"), app.awsEnv().getAccount())); + } + + private void cert() { + this.hostedZone = + HostedZone.fromLookup( + stack, + "HostedZone", + HostedZoneProviderProps.builder() + .domainName(app.getContext("hostedZoneDomain")) + .build()); + + DnsValidatedCertificate websiteCertificate = + DnsValidatedCertificate.Builder.create(stack, "WebsiteCertificate") + .hostedZone(hostedZone) + .region(app.awsEnv().getRegion()) + .domainName(app.getApplicationDomain()) + .build(); + + this.certARN = websiteCertificate.getCertificateArn(); + } + + private void dns() { + ARecord.Builder.create(stack, "ARecord") + .recordName(app.getApplicationDomain()) + .zone(hostedZone) + .target(RecordTarget.fromAlias(new LoadBalancerTarget(network.getLoadBalancer()))) + .build(); + } + + private void network() { + this.network = + new Network( + stack, + "Network", + app.awsEnv(), + app.getContext("environmentName"), + new Network.NetworkInputParameters().withSslCertificateArn(certARN)); + } + + private void cognito() { + new Cognito(app, stack); + } + + private void generate() { + dockerRepo(); + cert(); + network(); + dns(); + cognito(); + app.synth(); + } + + public static void main(String[] args) { + new Infrastructure().generate(); + } +} diff --git a/cdk/src/main/java/com/renaghan/todo/cdk/NetworkApp.java b/cdk/src/main/java/com/renaghan/todo/cdk/NetworkApp.java deleted file mode 100644 index 831ba20..0000000 --- a/cdk/src/main/java/com/renaghan/todo/cdk/NetworkApp.java +++ /dev/null @@ -1,29 +0,0 @@ -package com.renaghan.todo.cdk; - -import dev.stratospheric.cdk.Network; -import software.amazon.awscdk.Stack; -import software.amazon.awscdk.StackProps; - -/** CDK App */ -public class NetworkApp { - public static void main(String[] args) { - CDKApp app = new CDKApp(); - Stack networkStack = - new Stack( - app, - "NetworkStack", - StackProps.builder() - .stackName(app.getContext("environmentName") + "-Network") - .env(app.awsEnv()) - .build()); - CertificateStack.CertificateOutputParameters certOutput = - CertificateStack.getOutputParametersFromParameterStore(app, networkStack); - new Network( - networkStack, - "Network", - app.awsEnv(), - app.getContext("environmentName"), - new Network.NetworkInputParameters().withSslCertificateArn(certOutput.sslCertARN())); - app.synth(); - } -} diff --git a/cdk/src/main/java/com/renaghan/todo/cdk/ServiceApp.java b/cdk/src/main/java/com/renaghan/todo/cdk/ServiceApp.java index 342b50f..321353d 100644 --- a/cdk/src/main/java/com/renaghan/todo/cdk/ServiceApp.java +++ b/cdk/src/main/java/com/renaghan/todo/cdk/ServiceApp.java @@ -4,6 +4,7 @@ import dev.stratospheric.cdk.Network; import dev.stratospheric.cdk.Service; +import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -12,7 +13,6 @@ import software.amazon.awscdk.services.iam.Effect; import software.amazon.awscdk.services.iam.PolicyStatement; -/** CDK App */ public class ServiceApp { public static void main(String[] args) { CDKApp app = new CDKApp(); @@ -37,8 +37,8 @@ public static void main(String[] args) { Map vars = new HashMap<>(); vars.put("SPRING_PROFILES_ACTIVE", app.getContext("springProfile")); - CognitoStack.CognitoOutputParameters cognitoOutputParameters = - CognitoStack.getOutputParametersFromParameterStore(serviceStack, app.appEnv()); + Cognito.CognitoOutputParameters cognitoOutputParameters = + Cognito.getOutputParametersFromParameterStore(serviceStack, app.appEnv()); vars.put("COGNITO_CLIENT_ID", cognitoOutputParameters.userPoolClientId()); vars.put("COGNITO_CLIENT_SECRET", cognitoOutputParameters.userPoolClientSecret()); vars.put("COGNITO_USER_POOL_ID", cognitoOutputParameters.userPoolId()); @@ -54,30 +54,28 @@ public static void main(String[] args) { .withMemory(1024) .withTaskRolePolicyStatements( List.of( - /* - PolicyStatement.Builder.create() - .sid("AllowSQSAccess") - .effect(Effect.ALLOW) - .resources( - List.of( - String.format( - "arn:aws:sqs:%s:%s:%s", - app.getContext("region"), - app.getContext("accountId"), - .actions( - Arrays.asList( - "sqs:DeleteMessage", - "sqs:GetQueueUrl", - "sqs:ListDeadLetterSourceQueues", - "sqs:ListQueues", - "sqs:ListQueueTags", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:ChangeMessageVisibility", - "sqs:GetQueueAttributes")) - .build(), - - */ + PolicyStatement.Builder.create() + .sid("AllowSQSAccess") + .effect(Effect.ALLOW) + .resources( + List.of( + String.format( + "arn:aws:sqs:%s:%s:%s", + app.getContext("region"), + app.getContext("accountId"), + app.appEnv().prefix("todo-sharing-queue")))) + .actions( + Arrays.asList( + "sqs:DeleteMessage", + "sqs:GetQueueUrl", + "sqs:ListDeadLetterSourceQueues", + "sqs:ListQueues", + "sqs:ListQueueTags", + "sqs:ReceiveMessage", + "sqs:SendMessage", + "sqs:ChangeMessageVisibility", + "sqs:GetQueueAttributes")) + .build(), PolicyStatement.Builder.create() .sid("AllowCreatingUsers") .effect(Effect.ALLOW)