Open2
cdk example
watanyimport * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { Repository } from 'aws-cdk-lib/aws-codecommit';
import { BuildSpec, PipelineProject } from 'aws-cdk-lib/aws-codebuild';
import { Artifact, Pipeline, StageProps } from 'aws-cdk-lib/aws-codepipeline';
import {
CodeCommitSourceAction,
CodeBuildAction,
CloudFormationCreateReplaceChangeSetAction,
ManualApprovalAction,
StackInstances,
CloudFormationDeployStackSetAction,
StackSetTemplate,
} from 'aws-cdk-lib/aws-codepipeline-actions';
export class CdStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// Stage1: Source Action
const repo = new Repository(this, 'sampleRepo', {
repositoryName: 'sample-repo',
});
const releaseBranch = "release";
const sourceOutput = new Artifact('SourceArtifact');
const source = new CodeCommitSourceAction({
actionName: 'Source',
repository: repo,
output: sourceOutput,
branch: releaseBranch,
});
const sourceStage: StageProps = {
stageName: 'Source',
actions: [source],
}
// Stage2: Build
const template = 'template.yaml'
const build = new PipelineProject(this,'TestBuild',{
buildSpec: BuildSpec.fromObject({
version: '0.2',
phases: {
install: {
commands: [
'pip3 install -U pip --quiet',
'pip3 install cfn-lint checkov --quiet',
'curl --proto \'=https\' --tlsv1.2 -sSf https://raw.githubusercontent.com/aws-cloudformation/cloudformation-guard/main/install-guard.sh | sh',
'echo \'export PATH="$HOME/.guard/bin:$PATH"\' >> ~/.bash_profile'
]
},
build: {
commands: [
'cfn-lint *.yaml',
'checkov -d . --framework cloudformation',
// 'cfn-guard help'
]
},
},
}),
});
const buildStage: StageProps = {
stageName: 'Build',
actions: [
new CodeBuildAction({
actionName: 'CFn_Build',
project: build,
input: sourceOutput,
}),
]
}
// Stage3: Deploy
const stackName = 'OurStack';
const changeSetName = 'StagedChangeSet';
const deployStage: StageProps = {
stageName: 'Deploy',
actions: [
new CloudFormationCreateReplaceChangeSetAction({
actionName: 'PrepareChanges',
stackName,
changeSetName,
adminPermissions: true,
templatePath: sourceOutput.atPath(template),
runOrder: 1,
}),
new ManualApprovalAction({
actionName: 'ApproveChanges',
runOrder: 2,
externalEntityLink: `https://${this.region}.console.aws.amazon.com/codesuite/codecommit/repositories/sample-repo/commit/${source.variables.commitId}`,
}),
new CloudFormationDeployStackSetAction({
actionName: 'UpdateStackSet',
runOrder: 3,
stackSetName: 'MyStackSet',
template: StackSetTemplate.fromArtifactPath(
sourceOutput.atPath(template)),
stackInstances: StackInstances.inAccounts(
[this.account],
['us-east-1', 'ap-northeast-1']),
}),
],
};
const pipeline = new Pipeline(this, 'MyFirstPipeline', {
pipelineName: 'cfnDeployPipeline',
stages: [
sourceStage,
buildStage,
deployStage,
],
});
}
}
import * as cdk from 'aws-cdk-lib';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as s3 from 'aws-cdk-lib/aws-s3';
import { Construct } from 'constructs';
export class Sftps3Stack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// Create an S3 bucket
const bucket = new s3.Bucket(this, 'SftpBucket', {
versioned: true,
encryption: s3.BucketEncryption.S3_MANAGED,
removalPolicy: cdk.RemovalPolicy.DESTROY,
autoDeleteObjects: true,
});
// Create a VPC
const vpc = new ec2.Vpc(this, 'SftpVpc', {
maxAzs: 1,
});
// Create a security group for the EC2 instance
const bastionSecurityGroup = new ec2.SecurityGroup(this, 'bastionSecurityGroup', {
vpc,
description: 'Allow SSH (SFTP) access to EC2 instances',
allowAllOutbound: true,
});
const sftpSecurityGroup = new ec2.SecurityGroup(this, 'SftpSecurityGroup', {
vpc,
description: 'Allow SSH (SFTP) access to EC2 instances',
allowAllOutbound: true,
});
sftpSecurityGroup.addIngressRule(
bastionSecurityGroup,
ec2.Port.tcp(22),
'Allow SSH access'
);
const bastion = new ec2.BastionHostLinux(this, "BastionServer", {
vpc,
securityGroup: bastionSecurityGroup
});
// Create an EC2 instance
const sftpServer = new ec2.BastionHostLinux(this, "SFTPServer", {
instanceName: 'SFTPServer',
vpc,
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T4G, ec2.InstanceSize.SMALL),
machineImage: ec2.MachineImage.latestAmazonLinux2023({
cpuType: ec2.AmazonLinuxCpuType.ARM_64,
}),
securityGroup: sftpSecurityGroup,
});
bucket.grantReadWrite(sftpServer.instance.role)
// Add user data to set up SFTP and mount S3
sftpServer.instance.addUserData(
'yum update -y',
'yum install -y wget',
'useradd sftpuser',
'echo "sftpuser:password" | chpasswd',
'sed -i \'$aMatch User sftpuser\\n PasswordAuthentication yes\' /etc/ssh/sshd_config',
'systemctl restart sshd',
'wget https://s3.amazonaws.com/mountpoint-s3-release/latest/arm64/mount-s3.rpm',
'yum install -y ./mount-s3.rpm',
'su - sftpuser -c "mkdir mountdir"',
`su - sftpuser -c "mount-s3 ${bucket.bucketName} mountdir"`,
);
}
}
- bastionに入って以下のコマンド
# 1. ファイルの作成:
echo "This is a test file for SFTP transfer." > test_file.txt
# 2. SFTPサーバーへの接続:
sftp sftpuser@ec2-xx-xx-xx-xx.compute-1.amazonaws.com
# 3. ファイルのアップロード:
put test_file.txt mountdir/test_file.txt