Package Exports
- @flowaccount/nx-aws-cdk
- @flowaccount/nx-aws-cdk/src/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@flowaccount/nx-aws-cdk) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
Prerequisites
- Have an existing nx workspace. For creating this, see nrwl's documentation.
- Add
"aws-cdk": "1.114.0",to yourpackage.jsonand runyarn
Installation
NPM
npm i --save-dev @flowaccount/nx-aws-cdk
// npx nx g @flowaccount/nx-aws-cdk:init -- coming soonPNPM
pnpm i --save-dev @flowaccount/nx-aws-cdk
// pnpx nx g @flowaccount/nx-aws-cdk:init -- coming soonYarn
yarn add --dev @flowaccount/nx-aws-cdk
// npx nx g @flowaccount/nx-aws-cdk:init -- coming soonGenerate and run your first AWS infrastructure! (Coming Soon)
Generate my-api, and my-api-test with C# and nunit tests.
yarn nx g @flowaccount/nx-aws-cdk:app my-cdkRun my-cdk Synthesizer locally
yarn nx run my-cdk:synth [--configuration=<stack-suffix>]Deploy your infrastructure
yarn nx run my-cdk:deploy [--configuration=<stack-suffix>]Steps to deploy an ECS service
- First we need to create policies
- Then we spin up the load-balancer and target-group together
- Then we spin up the autoscaling group and cluster together
- Then at last we spin up the service onto cluster supplying the target-group ARN for serving to internet through ALB
ECS environment file example
import { Peer, Port } from "aws-cdk-lib/aws-ec2"
import { PlacementConstraint } from "aws-cdk-lib/aws-ecs"
import { ServicePrincipal } from "aws-cdk-lib/aws-iam"
import { AppEnvModel } from '@flowaccount/core/cdk'
const _region = `ap-southeast-1`
const _appprefix = `AppName`
const _stage = `fadev`
const _app = `app-name`
const _ecr = `xxxxxxxxxxxx.dkr.ecr.ap-southeast-1.amazonaws.com/<orgname>/`
export const environment: AppEnvModel = {
appprefix: _appprefix,
stage: _stage,
app: _app,
awsCredentials: {
account: "xxxxxxxxxxxx",
region: _region
},
vpc: {
vpcAttributes: {
vpcId: `vpc-xxxxxxxxxxxxxxxxx`,
availabilityZones: [ `${_region}a`, `${_region}b` ],
privateSubnetIds: [ `subnet-xxxxxxxxxxxxxxxxx`, `subnet-xxxxxxxxxxxxxxxxx` ]
}
},
ecs: {
securityGroup: {
name: `${_app}-${_stage}-ecs-sg-stack`,
inboudRule: [
{ peer: Peer.anyIpv4(), connection: Port.allTcp() }
]
},
policy: {
statement: {
actions: [
`ec2:*`,
`s3:*`,
`ecs:CreateCluster`,
`ecs:DeregisterContainerInstance`,
`ecs:DiscoverPollEndpoint`,
`ecs:Poll`,
`ecs:RegisterContainerInstance`,
`ecs:StartTelemetrySession`,
`ecs:UpdateContainerInstancesState`,
`ecs:Submit*`,
`ecr:GetAuthorizationToken`,
`ecr:BatchCheckLayerAvailability`,
`ecr:GetDownloadUrlForLayer`,
`ecr:BatchGetImage`,
`logs:CreateLogGroup`,
`logs:CreateLogStream`,
`logs:PutLogEvents`,
`logs:DescribeLogStreams`,
`secretsmanager:GetSecretValue`
],
resources: [
`*`
]
},
name: `${_app}-${_stage}-cluster-policy`
},
role: {
name: `${_app}-${_stage}-cluster-role`,
assumedBy: new ServicePrincipal(`ec2.amazonaws.com`)
},
policyAssume: {
statement: {
actions: [
"secretsmanager:GetSecretValue",
"ssm:Get*",
],
resources: [
`*`
]
},
name: `${_app}-${_stage}-cluster-policy-assume`
},
roleAssume: {
name: `${_app}-${_stage}-cluster-role-assume`,
assumedBy: [new ServicePrincipal(`ecs-tasks.amazonaws.com`), new ServicePrincipal(`ec2.amazonaws.com`)]
},
taskRoleAssume: {
name: `${_app}-${_stage}-cluster-taskRole-assume`,
assumedBy: [new ServicePrincipal(`ecs-tasks.amazonaws.com`), new ServicePrincipal(`ec2.amazonaws.com`)]
},
instanceProfile: {
name: `${_app}-${_stage}-cluster-instance-profile`
},
asgList: [
{
launchTemplate: {
name: `${_app}-${_stage}-lt`,
instanceType: "t3.micro",
keyName: "fadev",
version: 1
},
asg: {
name: `${_app}-${_stage}-asg`,
min: "1",
max: "3",
desired: "3",
overrides: [
{
InstanceType: "t3.micro"
},
{
InstanceType: "t3a.micro"
}
],
onDemandBaseCapacity: 0,
onDemandPercentage: 0,
protectionFromScaleIn: false
}
}
],
executionRoleName: `ECSTaskExecutionRole`, // arn:aws:iam::697698820969:role/
clusterName: `${_app}-${_stage}-cluster`
},
service: [
{
taskDefinition: {
name: `${_app}-${_stage}-taskdef`,
containerDefinitionOptions: {
image: `${_ecr}:latest-${_stage}`,
memoryLimitMiB: 235,
cpu: 512,
hostname: `${_app}-${_stage}`
},
portMapping: [
{ hostPort: 0, containerPort: 8080 }
]
},
name: `${_app}-${_stage}-service`,
desired: 1,
minHealthyPercent: 0,
placementConstraint: [
PlacementConstraint.memberOf(`attribute:ecs.os-type == linux and attribute:ecs.instance-type in [t3.micro, t3a.micro]`)
],
targetGroupArn: `arn:aws:elasticloadbalancing:ap-southeast-1:697698820969:targetgroup/crm-fadev-tg/fcf09968fd4c148c`
},
{
taskDefinition: {
name: `${_app}-storybook-${_stage}-taskdef`,
containerDefinitionOptions: {
image: `${_ecr}:latest-storybook-${_stage}`,
memoryLimitMiB: 235,
cpu: 512,
hostname: `${_app}-storybook-${_stage}`
},
portMapping: [
{ hostPort: 0, containerPort: 8080 }
]
},
name: `${_app}-storybook-${_stage}-service`,
desired: 1,
minHealthyPercent: 0,
placementConstraint: [
PlacementConstraint.memberOf(`attribute:ecs.os-type == linux and attribute:ecs.instance-type in [t3.micro, t3a.micro]`)
],
targetGroupArn: `arn:aws:elasticloadbalancing:ap-southeast-1:697698820969:targetgroup/storybook-staging-tg/25a353e4b8fd3123`
},
{
taskDefinition: {
name: `${_app}-developer-handbook-${_stage}-taskdef`,
containerDefinitionOptions: {
image: `${_ecr}:latest-developer-handbook-${_stage}`,
memoryLimitMiB: 235,
cpu: 512,
hostname: `${_app}-developer-handbook-${_stage}`
},
portMapping: [
{ hostPort: 0, containerPort: 80 }
]
},
name: `${_app}-developer-handbook-${_stage}-service`,
desired: 1,
minHealthyPercent: 0,
placementConstraint: [
PlacementConstraint.memberOf(`attribute:ecs.os-type == linux and attribute:ecs.instance-type in [t3.micro, t3a.micro]`)
],
targetGroupArn: `arn:aws:elasticloadbalancing:ap-southeast-1:697698820969:targetgroup/developer-handbook-staging-tg/1239e837cd2fc44d`
}
],
tag: [
{key: "AppStack", value: `${_app}-${_stage}-stack`}
]
}argument setup
add to libs\nx-aws-cdk\src\builders\deploy\deploy.executor.ts
nx: yarn publish-local workspace: yarn upgrade nx-aws-cdk
Release Notes
Version 2.0.0 (2024-09-09)
- Update core function to support Node 20
- Update package version for reduced vulnerability