init

DevSecOpsSamples · Aug 15, 2022 · 2a58bee · 2a58bee
1 parent 2a600c4
commit 2a58bee
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 29 deletions.
diff --git a/01-vpc/lib/vpc-stack.ts b/01-vpc/lib/vpc-stack.ts
@@ -10,7 +10,7 @@ export class VpcStack extends Stack {
     constructor(scope: Construct, id: string, props?: StackProps) {
         super(scope, id, props);
 
-        const cidr = `10.100.0.0/16`;
+        const cidr = `10.10.0.0/16`;
         const vpc = new ec2.Vpc(this, 'Vpc', {
             maxAzs: 3,
             natGateways: 3,

diff --git a/03-ecr-codecommit/lib/ecr-codecommit-stack.ts b/03-ecr-codecommit/lib/ecr-codecommit-stack.ts
@@ -13,7 +13,9 @@ export interface EcrStackProps extends StackCommonProps {
     serviceName: string;
 }
 /**
- * Build 'app/Dockerfile' and push to ECR for X86 and ARM
+ * Build 'app/Dockerfile' and push to ECR
+ * 
+ * {account-id}.dkr.ecr.{.region}.amazonaws.com/{serviceName}:latest
  */
 export class EcrCodeCommitStack extends Stack {
     constructor(scope: Construct, id: string, props: EcrStackProps) {
@@ -22,46 +24,30 @@ export class EcrCodeCommitStack extends Stack {
         const stage = props.stage;
         const serviceName = props.serviceName;
 
-        const assetX86 = new assets.DockerImageAsset(this, 'ecr-image-x86', {
+        const assetX86 = new assets.DockerImageAsset(this, 'ecr-image', {
             directory: path.join(__dirname, "../../", "app")
         });
         const ecrRepo = new ecr.Repository(this, `${serviceName}`, {
             repositoryName: `${serviceName}`
         });
-        new ecrdeploy.ECRDeployment(this, 'ecr-deploy-x86', {
+        new ecrdeploy.ECRDeployment(this, 'ecr-deploy', {
             src: new ecrdeploy.DockerImageName(assetX86.imageUri),
             dest: new ecrdeploy.DockerImageName(`${ecrRepo.repositoryUriForTag('latest')}`),
         });
 
-        const assetArm = new assets.DockerImageAsset(this, 'ecr-image-arm', {
-            directory: path.join(__dirname, "../../", "app"),
-            platform: assets.Platform.LINUX_ARM64,
-        });
-        const ecrArmRepo = new ecr.Repository(this, `${serviceName}-arm`, {
-            repositoryName: `${serviceName}-arm`
-        });
-        new ecrdeploy.ECRDeployment(this, 'ecr-deploy-arm', {
-            src: new ecrdeploy.DockerImageName(assetArm.imageUri),
-            dest: new ecrdeploy.DockerImageName(`${ecrArmRepo.repositoryUriForTag('latest')}`),
-        });
-
         const codecommitRepo = new codecommit.Repository(this, `${serviceName}-codecommit`, {
             repositoryName: `${serviceName}`
         });
 
         Tags.of(codecommitRepo).add('Stage', stage);
         Tags.of(ecrRepo).add('Stage', stage);
-        Tags.of(ecrArmRepo).add('Stage', stage);
 
         new CfnOutput(this, 'URI', { value: ecrRepo.repositoryUri });
-        new CfnOutput(this, 'URIARM', { value: ecrArmRepo.repositoryUri });
 
         new ssm.StringParameter(this, 'ssm-codecommit-arn', { parameterName: `${SSM_PREFIX}/codecommit-arn`, stringValue: codecommitRepo.repositoryArn });
 
         new ssm.StringParameter(this, 'ssm-ecr-repo-name', { parameterName: `${SSM_PREFIX}/ecr-repo-name`, stringValue: ecrRepo.repositoryName });
         new ssm.StringParameter(this, 'ssm-ecr-repo-arn', { parameterName: `${SSM_PREFIX}/ecr-repo-arn`, stringValue: ecrRepo.repositoryArn });
-        new ssm.StringParameter(this, 'ssm-ecr-armrepo-name', { parameterName: `${SSM_PREFIX}/ecr-armrepo-name`, stringValue: ecrArmRepo.repositoryUri });
-        new ssm.StringParameter(this, 'ssm-ecr-armrepo-arn', { parameterName: `${SSM_PREFIX}/ecr-armrepo-arn`, stringValue: ecrArmRepo.repositoryArn });
 
         new CfnOutput(this, 'CodeCommitRepoUrl', { value: codecommitRepo.repositoryCloneUrlHttp });
     }

diff --git a/04-apprunner/lib/apprunner-stack.ts b/04-apprunner/lib/apprunner-stack.ts
@@ -3,6 +3,7 @@ import { Construct } from 'constructs';
 
 import * as apprunner from 'aws-cdk-lib/aws-apprunner';
 import * as ssm from 'aws-cdk-lib/aws-ssm';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
 
 import { StackCommonProps, SSM_PREFIX } from '../../config';
 
@@ -14,12 +15,22 @@ export class AppRunnerStack extends Stack {
     super(scope, id, props);
 
     const serviceName = `apprunnder-${props.stage}`;
-    const ecrUrl = `${props.env?.account}.dkr.ecr.${props.env?.region}.amazonaws.com/fargate-restapi-${props.stage}:latest`;
+    const ecrUrl = `${props.env?.account}.dkr.ecr.${props.env?.region}.amazonaws.com/${serviceName}:latest`;
 
     const accessRoleArn = ssm.StringParameter.valueFromLookup(this, `${SSM_PREFIX}/access-role-arn`);
     const vpcId = ssm.StringParameter.valueFromLookup(this, `${SSM_PREFIX}/vpc-id`);
+    const vpc = ec2.Vpc.fromLookup(this, 'vpc', { vpcId });
 
-    const cfnService = new apprunner.CfnService(this, 'cfn-service', {
+    let privateSubnetIds: string[] = [];
+    for (const subnet of vpc.privateSubnets) {
+      privateSubnetIds.push(subnet.subnetId);
+    }
+    const vpcConnector = new apprunner.CfnVpcConnector(this, 'vpc-connector', {
+      vpcConnectorName: `vpcct-${serviceName}`,
+      subnets: privateSubnetIds,
+    });
+
+    const cfnService = new apprunner.CfnService(this, 'service', {
       serviceName,
       tags: [{
         key: 'stage',
@@ -53,12 +64,12 @@ export class AppRunnerStack extends Stack {
       networkConfiguration: {
         egressConfiguration: {
           egressType: 'VPC',
-          vpcConnectorArn:  Lazy.string({ produce: () => vpcId }) ,
+          vpcConnectorArn: vpcConnector.attrVpcConnectorArn,
         },
       },
     });
 
     new CfnOutput(this, 'ServiceName', { value: cfnService.serviceName as string });
-    new CfnOutput(this, 'ServiceURL', { value: cfnService.attrServiceUrl as string });
+    new CfnOutput(this, 'ServiceURL', { value: `https://${cfnService.attrServiceUrl}` });
   }
 }
diff --git a/README.md b/README.md
@@ -49,9 +49,9 @@ Use the `cdk` command-line toolkit to interact with your project:
 |---|----------------------------------|-------------------|
 | 1 | VPC                              | 3m 30s (optional)     |
 | 2 | IAM roles                        | 1m      |
-| 3 | ECR and CodeCommit repository    | 2m      |
-| 4 | App Runner                       | 3m      |
-|   | Total                            | 6m (9m 30s with a new VPC) |
+| 3 | ECR and CodeCommit repository including Docker build    | 4m      |
+| 4 | App Runner                       | 6m      |
+|   | Total                            | 11m (14m 30s with a new VPC) |
 
 ## Steps
 
@@ -173,9 +173,9 @@ If the ECS cluster was re-created, you HAVE to deploy after cdk.context.json fil
 
 ## Reference
 
-* [GitHub - aws-containers](https://github.com/aws-containers)
+* https://aws.github.io/copilot-cli/blogs/apprunner-vpc/
 
-https://aws.amazon.com/ko/blogs/containers/deep-dive-on-aws-app-runner-vpc-networking/
+* https://aws.amazon.com/ko/blogs/containers/deep-dive-on-aws-app-runner-vpc-networking/
 
 ### Docs