This repository has been archived by the owner on May 23, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapprunner.ts
144 lines (130 loc) · 4.9 KB
/
apprunner.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
import { Stack, StackProps, CfnOutput } from 'aws-cdk-lib'
import { Construct } from 'constructs'
import * as apprunner from 'aws-cdk-lib/aws-apprunner'
import * as assets from 'aws-cdk-lib/aws-ecr-assets'
import * as iam from 'aws-cdk-lib/aws-iam'
import * as cr from 'aws-cdk-lib/custom-resources'
import * as ec2 from 'aws-cdk-lib/aws-ec2'
import * as path from 'path'
import { CreateAutoScalingConfigurationCommandInput } from '@aws-sdk/client-apprunner'
export class AppRunnerStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props)
const imageAsset = new assets.DockerImageAsset(this, 'ImageAssets', {
directory: path.join(__dirname, '..', 'app')
})
const instanceRole = new iam.Role(this, 'AppRunnerInstanceRole', {
assumedBy: new iam.ServicePrincipal('tasks.apprunner.amazonaws.com')
})
// * Set the IAM Policy that the container should assumes.
// In this example, it's commented out because not necessary.
// https://docs.aws.amazon.com/ja_jp/apprunner/latest/dg/security_iam_service-with-iam.html
// instanceRole.addToPolicy(
// new iam.PolicyStatement({
// effect: iam.Effect.ALLOW,
// actions: ['dynamodb:*'],
// resources: ['*']
// })
// )
const accessRole = new iam.Role(this, 'AppRunnerBuildRole', {
assumedBy: new iam.ServicePrincipal('build.apprunner.amazonaws.com')
})
accessRole.addToPolicy(
new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: [
'ecr:BatchCheckLayerAvailability',
'ecr:BatchGetImage',
'ecr:DescribeImages',
'ecr:GetAuthorizationToken',
'ecr:GetDownloadUrlForLayer'
],
resources: ['*']
})
)
const autoScalingConfiguration: CreateAutoScalingConfigurationCommandInput = {
AutoScalingConfigurationName: 'con100-min2-max25',
MaxConcurrency: 100,
MinSize: 2,
MaxSize: 25
}
// * Two custom resources are defined to refer to the ARN when deleting.
// https://github.com/aws/aws-cdk/issues/6985#issuecomment-603712539
const createAutoScalingConfiguration = new cr.AwsCustomResource(this, 'CreateAutoScalingConfiguration', {
onCreate: {
service: 'AppRunner',
action: 'createAutoScalingConfiguration',
parameters: autoScalingConfiguration,
physicalResourceId: cr.PhysicalResourceId.fromResponse('AutoScalingConfiguration.AutoScalingConfigurationArn')
},
policy: cr.AwsCustomResourcePolicy.fromSdkCalls({
resources: cr.AwsCustomResourcePolicy.ANY_RESOURCE
})
})
const autoScalingConfigurationArn = createAutoScalingConfiguration.getResponseField(
'AutoScalingConfiguration.AutoScalingConfigurationArn'
)
const deleteAutoScalingConfiguration = new cr.AwsCustomResource(this, 'DeleteAutoScalingConfiguration', {
onDelete: {
service: 'AppRunner',
action: 'deleteAutoScalingConfiguration',
parameters: {
AutoScalingConfigurationArn: autoScalingConfigurationArn
}
},
policy: cr.AwsCustomResourcePolicy.fromSdkCalls({
resources: cr.AwsCustomResourcePolicy.ANY_RESOURCE
})
})
// * Set the environment variables to be used in the container
const env = {
AWS_REGION: this.region,
AWS_ACCOUNT_ID: this.account
}
// * Enable if connect to VPC resources such as RDS.
// const vpc = new ec2.Vpc(this, 'Vpc')
// const sg = new ec2.SecurityGroup(this, 'AppRunnerSecurityGroup', { vpc })
// const vpcConnector = new apprunner.CfnVpcConnector(this, 'VpcConnector', {
// subnets: vpc.privateSubnets.map((s) => s.subnetId),
// securityGroups: [sg.securityGroupId]
// })
const app = new apprunner.CfnService(this, 'AppRunner', {
instanceConfiguration: {
instanceRoleArn: instanceRole.roleArn,
cpu: '2 vCPU',
memory: '4 GB'
},
// * Enable if connect to VPC resources such as RDS.
// networkConfiguration: {
// egressConfiguration: {
// egressType: 'VPC',
// vpcConnectorArn: vpcConnector.attrVpcConnectorArn
// }
// },
healthCheckConfiguration: {
path: '/',
protocol: 'HTTP'
},
autoScalingConfigurationArn: autoScalingConfigurationArn,
sourceConfiguration: {
authenticationConfiguration: {
accessRoleArn: accessRole.roleArn
},
autoDeploymentsEnabled: true,
imageRepository: {
imageIdentifier: imageAsset.imageUri,
imageRepositoryType: 'ECR',
imageConfiguration: {
port: '3000',
runtimeEnvironmentVariables: Object.entries(env).map((e) => {
return { name: e[0], value: e[1] }
})
}
}
}
})
new CfnOutput(this, 'AppRunnerUri', {
value: `https://${app.attrServiceUrl}`
})
}
}