Merge pull request #27 from bmaidics/web_improvements

Improve web streaming template
aklivity · Aug 27, 2024 · 62889c8 · 62889c8
2 parents 97beff6 + d79cf70
commit 62889c8
Show file tree

Hide file tree

Showing 3 changed files with 92 additions and 18 deletions.
diff --git a/amazon-msk/cdktf/web-streaming/README.md b/amazon-msk/cdktf/web-streaming/README.md
@@ -43,7 +43,7 @@ aws kafka list-clusters --query 'ClusterInfoList[*].[ClusterName,ClusterArn]' --
 
 Use the `ClusterName` of your desired MSK cluster for this variable.
 
-### `msk_access_credentials_name`: MSK access credentials Secret Name
+### `msk_credentials_secret_name`: MSK Credentials Secret Name
 
 Provide the Secret Name that is associated with your MSK cluster. If you use our provided example cluster, there is already a secret associated with the cluster called `AmazonMSK_alice`.
 
@@ -223,7 +223,74 @@ terraform -chdir=cdktf.out/stacks/web-streaming init
 Apply the plan, review the resources to be create, and confirm to deploy the resources:
 
 ```bash
-terraform -chdir=cdktf.out/stacks/web-streaming apply
+terraform -chdir=cdktf.out/stacks/web-streaming apply -auto-approve
+```
+
+```bash
+...
+Changes to Outputs:
+  + NetworkLoadBalancerOutput = (known after apply)
+aws_internet_gateway.InternetGateway: Creating...
+aws_cloudwatch_log_group.loggroup: Creating...
+aws_route_table.PublicRouteTable: Creating...
+aws_subnet.PublicSubnet2: Creating...
+aws_iam_role.zilla_plus_role: Creating...
+aws_subnet.PublicSubnet1: Creating...
+aws_lb_target_group.NLBTargetGroup: Creating...
+aws_security_group.ZillaPlusSecurityGroup: Creating...
+aws_cloudwatch_log_group.loggroup: Creation complete after 1s [id=web-streaming-group]
+aws_internet_gateway.InternetGateway: Creation complete after 1s [id=igw-XXXX]
+aws_route_table.PublicRouteTable: Creation complete after 2s [id=rtb-XXXX]
+aws_route.PublicRoute: Creating...
+aws_iam_role.zilla_plus_role: Creation complete after 2s [id=zilla_plus_role]
+aws_iam_role_policy.ZillaPlusRolePolicy: Creating...
+aws_iam_instance_profile.zilla_plus_instance_profile: Creating...
+aws_route.PublicRoute: Creation complete after 1s [id=r-rtb-XXXX]
+aws_lb_target_group.NLBTargetGroup: Creation complete after 3s [id=arn:aws:elasticloadbalancing:<region>:XXXX:targetgroup/nlb-target-group/XXXX]
+aws_iam_role_policy.ZillaPlusRolePolicy: Creation complete after 1s [id=zilla_plus_role:terraform-XXXX]
+aws_iam_instance_profile.zilla_plus_instance_profile: Creation complete after 1s [id=zilla_plus_role]
+aws_security_group.ZillaPlusSecurityGroup: Creation complete after 4s [id=sg-XXXX]
+aws_launch_template.ZillaPlusLaunchTemplate: Creating...
+aws_launch_template.ZillaPlusLaunchTemplate: Creation complete after 1s [id=lt-XXXX]
+aws_subnet.PublicSubnet2: Still creating... [10s elapsed]
+aws_subnet.PublicSubnet1: Still creating... [10s elapsed]
+aws_subnet.PublicSubnet1: Creation complete after 12s [id=subnet-XXXX]
+aws_subnet.PublicSubnet2: Creation complete after 12s [id=subnet-XXXX]
+aws_route_table_association.PublicSubnet1RouteTableAssociation: Creating...
+aws_route_table_association.PublicSubnet2RouteTableAssociation: Creating...
+aws_lb.NetworkLoadBalancer: Creating...
+aws_autoscaling_group.ZillaPlusGroup: Creating...
+aws_route_table_association.PublicSubnet1RouteTableAssociation: Creation complete after 1s [id=rtbassoc-XXXX]
+aws_route_table_association.PublicSubnet2RouteTableAssociation: Creation complete after 1s [id=rtbassoc-XXXX]
+aws_lb.NetworkLoadBalancer: Still creating... [10s elapsed]
+aws_autoscaling_group.ZillaPlusGroup: Still creating... [10s elapsed]
+aws_autoscaling_group.ZillaPlusGroup: Creation complete after 12s [id=terraform-XXXX]
+aws_lb.NetworkLoadBalancer: Still creating... [20s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [30s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [40s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [50s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [1m0s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [1m10s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [1m20s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [1m30s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [1m40s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [1m50s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [2m0s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [2m10s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [2m20s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [2m30s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [2m40s elapsed]
+aws_lb.NetworkLoadBalancer: Still creating... [2m50s elapsed]
+aws_lb.NetworkLoadBalancer: Creation complete after 2m55s [id=arn:aws:elasticloadbalancing:<region>:XXXX:loadbalancer/net/network-load-balancer/XXXX]
+aws_lb_listener.NLBListener: Creating...
+aws_lb_listener.NLBListener: Creation complete after 1s [id=arn:aws:elasticloadbalancing:<region>:XXXX:listener/net/network-load-balancer/XXXX/XXXX]
+
+Apply complete! Resources: 17 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+NetworkLoadBalancerOutput = "network-load-balancer-XXXX.elb.<region>.amazonaws.com"
+
 ```
 
 ### Configure Global DNS
@@ -255,3 +322,10 @@ In another terminal, use `curl` to POST and notice the data arriving on your SSE
 ```bash
 curl -d 'Hello, World' -X POST https://web.example.aklivity.io:7143/<your path>
 ```
+
+
+## Destroy Stack using Terraform
+
+```bash
+terraform -chdir=cdktf.out/stacks/web-streaming destroy 
+```
diff --git a/amazon-msk/cdktf/web-streaming/main.ts b/amazon-msk/cdktf/web-streaming/main.ts
@@ -48,13 +48,13 @@ export class ZillaPlusWebStreamingStack extends TerraformStack {
       clusterName: mskClusterName.stringValue,
     });
 
-    const mskAccessCredentialsName = new TerraformVariable(this, "msk_access_credentials_name", {
+    const mskCredentialsSecretName = new TerraformVariable(this, "msk_credentials_secret_name", {
       type: "string",
-      description: "The MSK Access Credentials Secret Name with JSON properties; username, password",
+      description: "The MSK Credentials Secret Name with JSON properties; username, password",
     });
     // Validate that the Credentials exists
-    const secret = new DataAwsSecretsmanagerSecretVersion(this, "mskAccessCredentials", {
-      secretId: mskAccessCredentialsName.stringValue,
+    new DataAwsSecretsmanagerSecretVersion(this, "mskAccessCredentials", {
+      secretId: mskCredentialsSecretName.stringValue,
     });
 
     const mskClusterBrokerNodes = new DataAwsMskBrokerNodes(this, "MSKClusterBrokerNodes", {
@@ -148,10 +148,6 @@ export class ZillaPlusWebStreamingStack extends TerraformStack {
       path = `/${pathVar.stringValue}`;
     }
 
-    const secretValue = Fn.jsondecode(secret.secretString);
-    const username = Fn.lookup(secretValue, "username");
-    const password = Fn.lookup(secretValue, "password");
-
     const bootstrapBrokers = [Fn.element(Fn.split(",", mskCluster.bootstrapBrokersSaslScram), 0)];
 
     let zillaPlusRole;
@@ -453,9 +449,9 @@ ${metricsSection}`;
       ],
     });
 
-    const kafkaSaslUsername = Fn.join("", ["${{aws.secrets.", mskAccessCredentialsName.stringValue, "#username}}"]);
+    const kafkaSaslUsername = Fn.join("", ["${{aws.secrets.", mskCredentialsSecretName.stringValue, "#username}}"]);
 
-    const kafkaSaslPassword = Fn.join("", ["${{aws.secrets.", mskAccessCredentialsName.stringValue, "#password}}"]);
+    const kafkaSaslPassword = Fn.join("", ["${{aws.secrets.", mskCredentialsSecretName.stringValue, "#password}}"]);
 
     const kafkaBootstrapServers = `['${Fn.join(`','`, Fn.split(",", mskCluster.bootstrapBrokersSaslScram))}']`;
 
@@ -622,12 +618,16 @@ tar -xzf kafka_2.13-3.5.1.tgz
 cd kafka_2.13-3.5.1/libs
 wget https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.1/aws-msk-iam-auth-1.1.1-all.jar
 cd ../bin
-cat <<'END_HELP'> client.properties
-sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username='${username}' password='${password}';
+SECRET_STRING=$(aws secretsmanager get-secret-value --secret-id AmazonMSK_access --query SecretString --output text)
+USERNAME=$(echo $SECRET_STRING | jq -r '.username')
+PASSWORD=$(echo $SECRET_STRING | jq -r '.password')
+
+cat <<EOF> client.properties
+sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username=$USERNAME password=$PASSWORD;
 security.protocol=SASL_SSL
 sasl.mechanism=SCRAM-SHA-512
-END_HELP
-./kafka-topics.sh --create --bootstrap-server ${bootstrapBrokers} --command-config client.properties --replication-factor 2 --partitions 3 --topic ${topic.stringValue} --config 'cleanup.policy=compact'
+EOF
+./kafka-topics.sh --create --if-not-exists --bootstrap-server ${bootstrapBrokers} --command-config client.properties --replication-factor 2 --partitions 3 --topic ${topic.stringValue} --config 'cleanup.policy=compact'
   `;
     }
 
@@ -683,7 +683,7 @@ ${kafkaTopicCreationCommand}
       userData: Fn.base64encode(userData),
     });
 
-    new autoscalingGroup.AutoscalingGroup(this, "zillaPlusGroup", {
+    new autoscalingGroup.AutoscalingGroup(this, "ZillaPlusGroup", {
       vpcZoneIdentifier: subnetIds,
       launchTemplate: {
         id: ZillaPlusLaunchTemplate.id,

diff --git a/amazon-msk/cdktf/web-streaming/terraform.tfvars.example b/amazon-msk/cdktf/web-streaming/terraform.tfvars.example
@@ -1,5 +1,5 @@
 msk_cluster_name="<your msk cluster name>"
-msk_access_credentials_name="<your msk access credentials name>"
+msk_credentials_secret_name="<your msk credentials secret name>"
 kafka_topic="<your kafka topic>"
 public_tls_certificate_key="<your public tls certificate key ARN>"