Merge pull request #7 from DevSecOpsSamples/develop

.
DevSecOpsSamples · Dec 18, 2022 · 8f8a12e · 8f8a12e
2 parents 7a23575 + 6353a48
commit 8f8a12e
Show file tree

Hide file tree

Showing 6 changed files with 38 additions and 85 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -7,8 +7,13 @@ on:
   pull_request:
     types: [opened, synchronize, reopened]
 jobs:
-  build:
-    name: Build
+  docker-build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build the Docker image
+      run: cd app && docker build . -t sample-rest-api:$(date +%s)
+  sonarqube:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2

diff --git a/01-vpc/lib/vpc-stack.ts b/01-vpc/lib/vpc-stack.ts
@@ -10,7 +10,7 @@ export class VpcStack extends Stack {
     constructor(scope: Construct, id: string, props?: StackProps) {
         super(scope, id, props);
 
-        const cidr = `10.100.0.0/16`;
+        const cidr = `10.10.0.0/16`;
         const vpc = new ec2.Vpc(this, 'Vpc', {
             maxAzs: 3,
             natGateways: 3,

diff --git a/03-ecr-codecommit/lib/ecr-codecommit-stack.ts b/03-ecr-codecommit/lib/ecr-codecommit-stack.ts
@@ -13,7 +13,9 @@ export interface EcrStackProps extends StackCommonProps {
     serviceName: string;
 }
 /**
- * Build 'app/Dockerfile' and push to ECR for X86 and ARM
+ * Build 'app/Dockerfile' and push to ECR
+ * 
+ * {account-id}.dkr.ecr.{.region}.amazonaws.com/{serviceName}:latest
  */
 export class EcrCodeCommitStack extends Stack {
     constructor(scope: Construct, id: string, props: EcrStackProps) {
@@ -22,46 +24,30 @@ export class EcrCodeCommitStack extends Stack {
         const stage = props.stage;
         const serviceName = props.serviceName;
 
-        const assetX86 = new assets.DockerImageAsset(this, 'ecr-image-x86', {
+        const assetX86 = new assets.DockerImageAsset(this, 'ecr-image', {
             directory: path.join(__dirname, "../../", "app")
         });
         const ecrRepo = new ecr.Repository(this, `${serviceName}`, {
             repositoryName: `${serviceName}`
         });
-        new ecrdeploy.ECRDeployment(this, 'ecr-deploy-x86', {
+        new ecrdeploy.ECRDeployment(this, 'ecr-deploy', {
             src: new ecrdeploy.DockerImageName(assetX86.imageUri),
             dest: new ecrdeploy.DockerImageName(`${ecrRepo.repositoryUriForTag('latest')}`),
         });
 
-        const assetArm = new assets.DockerImageAsset(this, 'ecr-image-arm', {
-            directory: path.join(__dirname, "../../", "app"),
-            platform: assets.Platform.LINUX_ARM64,
-        });
-        const ecrArmRepo = new ecr.Repository(this, `${serviceName}-arm`, {
-            repositoryName: `${serviceName}-arm`
-        });
-        new ecrdeploy.ECRDeployment(this, 'ecr-deploy-arm', {
-            src: new ecrdeploy.DockerImageName(assetArm.imageUri),
-            dest: new ecrdeploy.DockerImageName(`${ecrArmRepo.repositoryUriForTag('latest')}`),
-        });
-
         const codecommitRepo = new codecommit.Repository(this, `${serviceName}-codecommit`, {
             repositoryName: `${serviceName}`
         });
 
         Tags.of(codecommitRepo).add('Stage', stage);
         Tags.of(ecrRepo).add('Stage', stage);
-        Tags.of(ecrArmRepo).add('Stage', stage);
 
         new CfnOutput(this, 'URI', { value: ecrRepo.repositoryUri });
-        new CfnOutput(this, 'URIARM', { value: ecrArmRepo.repositoryUri });
 
         new ssm.StringParameter(this, 'ssm-codecommit-arn', { parameterName: `${SSM_PREFIX}/codecommit-arn`, stringValue: codecommitRepo.repositoryArn });
 
         new ssm.StringParameter(this, 'ssm-ecr-repo-name', { parameterName: `${SSM_PREFIX}/ecr-repo-name`, stringValue: ecrRepo.repositoryName });
         new ssm.StringParameter(this, 'ssm-ecr-repo-arn', { parameterName: `${SSM_PREFIX}/ecr-repo-arn`, stringValue: ecrRepo.repositoryArn });
-        new ssm.StringParameter(this, 'ssm-ecr-armrepo-name', { parameterName: `${SSM_PREFIX}/ecr-armrepo-name`, stringValue: ecrArmRepo.repositoryUri });
-        new ssm.StringParameter(this, 'ssm-ecr-armrepo-arn', { parameterName: `${SSM_PREFIX}/ecr-armrepo-arn`, stringValue: ecrArmRepo.repositoryArn });
 
         new CfnOutput(this, 'CodeCommitRepoUrl', { value: codecommitRepo.repositoryCloneUrlHttp });
     }

diff --git a/04-apprunner/lib/apprunner-stack.ts b/04-apprunner/lib/apprunner-stack.ts
@@ -3,6 +3,7 @@ import { Construct } from 'constructs';
 
 import * as apprunner from 'aws-cdk-lib/aws-apprunner';
 import * as ssm from 'aws-cdk-lib/aws-ssm';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
 
 import { StackCommonProps, SSM_PREFIX } from '../../config';
 
@@ -14,12 +15,22 @@ export class AppRunnerStack extends Stack {
     super(scope, id, props);
 
     const serviceName = `apprunnder-${props.stage}`;
-    const ecrUrl = `${props.env?.account}.dkr.ecr.${props.env?.region}.amazonaws.com/fargate-restapi-${props.stage}:latest`;
+    const ecrUrl = `${props.env?.account}.dkr.ecr.${props.env?.region}.amazonaws.com/${serviceName}:latest`;
 
     const accessRoleArn = ssm.StringParameter.valueFromLookup(this, `${SSM_PREFIX}/access-role-arn`);
     const vpcId = ssm.StringParameter.valueFromLookup(this, `${SSM_PREFIX}/vpc-id`);
+    const vpc = ec2.Vpc.fromLookup(this, 'vpc', { vpcId });
 
-    const cfnService = new apprunner.CfnService(this, 'cfn-service', {
+    let privateSubnetIds: string[] = [];
+    for (const subnet of vpc.privateSubnets) {
+      privateSubnetIds.push(subnet.subnetId);
+    }
+    const vpcConnector = new apprunner.CfnVpcConnector(this, 'vpc-connector', {
+      vpcConnectorName: `vpcct-${serviceName}`,
+      subnets: privateSubnetIds,
+    });
+
+    const cfnService = new apprunner.CfnService(this, 'service', {
       serviceName,
       tags: [{
         key: 'stage',
@@ -53,12 +64,12 @@ export class AppRunnerStack extends Stack {
       networkConfiguration: {
         egressConfiguration: {
           egressType: 'VPC',
-          vpcConnectorArn:  Lazy.string({ produce: () => vpcId }) ,
+          vpcConnectorArn: vpcConnector.attrVpcConnectorArn,
         },
       },
     });
 
     new CfnOutput(this, 'ServiceName', { value: cfnService.serviceName as string });
-    new CfnOutput(this, 'ServiceURL', { value: cfnService.attrServiceUrl as string });
+    new CfnOutput(this, 'ServiceURL', { value: `https://${cfnService.attrServiceUrl}` });
   }
 }
diff --git a/README.md b/README.md
@@ -1,13 +1,12 @@
 # App Runner sample project with CDK
 
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=ContainerOnAWS_apprunner-cdk&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=ContainerOnAWS_apprunner-cdk) [![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=ContainerOnAWS_apprunner-cdk&metric=ncloc)](https://sonarcloud.io/summary/new_code?id=ContainerOnAWS_apprunner-cdk)
+[![Build](https://github.com/DevSecOpsSamples/apprunner-cdk/actions/workflows/build.yml/badge.svg?branch=master)](https://github.com/DevSecOpsSamples/apprunner-cdk/actions/workflows/build.yml)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=DevSecOpsSamples_apprunner-cdk&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=DevSecOpsSamples_apprunner-cdk) [![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=DevSecOpsSamples_apprunner-cdk&metric=ncloc)](https://sonarcloud.io/summary/new_code?id=DevSecOpsSamples_apprunner-cdk)
 
 ## Introduction
 
 In this sample project, we will learn major features of App Runner.
 
-![Architecture](./screenshots/architecture.png?raw=true)
-
 ## Objectives
 
 Learn the features below using the CDK code:
@@ -49,9 +48,9 @@ Use the `cdk` command-line toolkit to interact with your project:
 |---|----------------------------------|-------------------|
 | 1 | VPC                              | 3m 30s (optional)     |
 | 2 | IAM roles                        | 1m      |
-| 3 | ECR and CodeCommit repository    | 2m      |
-| 4 | App Runner                       | 3m      |
-|   | Total                            | 6m (9m 30s with a new VPC) |
+| 3 | ECR and CodeCommit repository including Docker build    | 4m      |
+| 4 | App Runner                       | 6m      |
+|   | Total                            | 11m (14m 30s with a new VPC) |
 
 ## Steps
 
@@ -123,59 +122,11 @@ If the ECS cluster was re-created, you HAVE to deploy after cdk.context.json fil
 
 [clean-up.sh](./clean-up.sh)
 
-## Structure
-
-```text
-├── build.gradle
-├── package.json
-├── ssm-prefix.ts
-├── tsconfig.json
-├── vpc
-│   ├── bin
-│   │   └── index.ts
-│   ├── cdk.json
-│   └── lib
-│       └── vpc-stack.ts
-├── ecs-fargate-cluster
-│   ├── bin
-│   │   └── index.ts
-│   ├── cdk.json
-│   ├── lib
-│   │   ├── cluster-config.ts
-│   │   └── ec2ecs-cluster-stack.ts
-│   └── settings.yaml
-├── 02-iam-role
-│   ├── bin
-│   │   └── index.ts
-│   ├── cdk.json
-│   └── lib
-│       └── 02-iam-role-stack.ts
-├── ecs-fargate-service-restapi
-│   ├── bin
-│   │   └── index.ts
-│   ├── cdk.json
-│   ├── lib
-│   │   └── apprunner-stack.ts
-├── ecs-fargatespot-service-restapi
-│   ├── bin
-│   │   └── index.ts
-│   ├── cdk.json
-│   ├── lib
-│   │   └── ecs-fargatespot-service-restapi-stack.ts
-├── app
-│   ├── Dockerfile
-│   ├── README.md
-│   ├── build.sh
-│   ├── flask_api.py
-│   ├── gunicorn.config.py
-│   └── requirements.txt
-```
-
 ## Reference
 
-* [GitHub - aws-containers](https://github.com/aws-containers)
+* https://aws.github.io/copilot-cli/blogs/apprunner-vpc/
 
-https://aws.amazon.com/ko/blogs/containers/deep-dive-on-aws-app-runner-vpc-networking/
+* https://aws.amazon.com/ko/blogs/containers/deep-dive-on-aws-app-runner-vpc-networking/
 
 ### Docs
 

diff --git a/build.gradle b/build.gradle
@@ -10,8 +10,8 @@ repositories {
 sonarqube {
     properties {
         property "sonar.projectName", "apprunner-cdk"
-        property "sonar.projectKey", "ContainerOnAWS_apprunner-cdk"
-        property "sonar.organization", "containeronaws"
+        property "sonar.projectKey", "DevSecOpsSamples_apprunner-cdk"
+        property "sonar.organization", "devsecopssamples"
         // property "sonar.host.url", "http://127.0.0.1:9000"
         property "sonar.host.url", "https://sonarcloud.io"
         property "sonar.sourceEncoding", "UTF-8"
@@ -21,6 +21,6 @@ sonarqube {
         property "sonar.issue.ignore.multicriteria", "e1"
         property "sonar.issue.ignore.multicriteria.e1.ruleKey", "typescript:S1848"
         property "sonar.issue.ignore.multicriteria.e1.resourceKey", "**/*.ts"
-        property "sonar.links.ci", "https://github.com/ContainerOnAWS/apprunner-cdk"
+        property "sonar.links.ci", "https://github.com/DevSecOpsSamples/apprunner-cdk"
     }
 }