Merge pull request #65 from aws-samples/base

Base

.pre-commit-config.yaml

@@ -11,3 +11,7 @@ repos:
       - id: detect-aws-credentials
         args: ['--allow-missing-credentials']
       - id: forbid-submodules
+  - repo: https://github.com/iamthefij/docker-pre-commit
+    rev: master
+    hooks:
+      - id: docker-compose-check

lib/base/.gitignore

@@ -0,0 +1,11 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
+.idea
+
+*-node.json

lib/base/.npmignore

@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

lib/base/app.ts

@@ -0,0 +1,60 @@
+#!/usr/bin/env node
+import 'dotenv/config'
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
+import * as nag from "cdk-nag";
+import * as config from "./lib/config/baseConfig";
+import {BaseCommonStack} from "./lib/common-stack";
+import {BaseSingleNodeStack} from "./lib/single-node-stack";
+import {BaseHANodesStack} from "./lib/ha-nodes-stack";
+
+const app = new cdk.App();
+cdk.Tags.of(app).add("Project", "AWSBase");
+
+new BaseCommonStack(app, "base-common", {
+  stackName: `base-nodes-common`,
+  env: { account: config.baseConfig.accountId, region: config.baseConfig.region },
+});
+
+new BaseSingleNodeStack(app, "base-single-node", {
+  stackName: `base-single-node-${config.baseNodeConfig.baseNodeConfiguration}-${config.baseNodeConfig.baseNetworkId}`,
+  env: { account: config.baseConfig.accountId, region: config.baseConfig.region },
+
+  instanceType: config.baseNodeConfig.instanceType,
+  instanceCpuType: config.baseNodeConfig.instanceCpuType,
+  baseNetworkId: config.baseNodeConfig.baseNetworkId,
+  baseNodeConfiguration: config.baseNodeConfig.baseNodeConfiguration,
+  restoreFromSnapshot: config.baseNodeConfig.restoreFromSnapshot,
+  l1ExecutionEndpoint: config.baseNodeConfig.l1ExecutionEndpoint,
+  l1ConsensusEndpoint: config.baseNodeConfig.l1ConsensusEndpoint,
+  snapshotUrl: config.baseNodeConfig.snapshotUrl,
+  dataVolume: config.baseNodeConfig.dataVolume,
+});
+
+new BaseHANodesStack(app, "base-ha-nodes", {
+  stackName: `base-ha-nodes-${config.baseNodeConfig.baseNodeConfiguration}-${config.baseNodeConfig.baseNetworkId}`,
+  env: { account: config.baseConfig.accountId, region: config.baseConfig.region },
+
+  instanceType: config.baseNodeConfig.instanceType,
+  instanceCpuType: config.baseNodeConfig.instanceCpuType,
+  baseNetworkId: config.baseNodeConfig.baseNetworkId,
+  baseNodeConfiguration: config.baseNodeConfig.baseNodeConfiguration,
+  restoreFromSnapshot: config.baseNodeConfig.restoreFromSnapshot,
+  l1ExecutionEndpoint: config.baseNodeConfig.l1ExecutionEndpoint,
+  l1ConsensusEndpoint: config.baseNodeConfig.l1ConsensusEndpoint,
+  snapshotUrl: config.baseNodeConfig.snapshotUrl,
+  dataVolume: config.baseNodeConfig.dataVolume,
+
+  albHealthCheckGracePeriodMin: config.haNodeConfig.albHealthCheckGracePeriodMin,
+  heartBeatDelayMin: config.haNodeConfig.heartBeatDelayMin,
+  numberOfNodes: config.haNodeConfig.numberOfNodes
+});
+
+// Security Check
+cdk.Aspects.of(app).add(
+  new nag.AwsSolutionsChecks({
+      verbose: false,
+      reports: true,
+      logIgnores: false,
+  })
+);

lib/base/cdk.json

@@ -0,0 +1,57 @@
+{
+  "app": "npx ts-node --prefer-ts-exts app.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true
+  }
+}