app.py 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263
  1. #!/usr/bin/env python3
  2. from aws_cdk import core
  3. from cdk.cdk_vpc_stack import CdkVpcStack
  4. from cdk.cdk_ec2_stack import CdkEc2Stack
  5. from cdk.cdk_resource_stack import CdkResourceStack
  6. ############
  7. # Define bucket before deploy CDK
  8. bucket_para = [{
  9. "src_bucket": "broad-references",
  10. "src_prefix": "",
  11. "des_bucket": "s3-open-data",
  12. "des_prefix": "broad-references"
  13. }, {
  14. "src_bucket": "gatk-test-data",
  15. "src_prefix": "",
  16. "des_bucket": "s3-open-data",
  17. "des_prefix": "gatk-test-data"
  18. }, {
  19. "src_bucket": "giab",
  20. "src_prefix": "",
  21. "des_bucket": "s3-open-data",
  22. "des_prefix": "giab"
  23. }]
  24. # key_name = "id_rsa" # Optional if use SSM-SessionManager
  25. '''
  26. BEFORE DEPLOY CDK, please setup a "s3_migration_credentials" secure parameter in ssm parameter store MANUALLY!
  27. This is the access_key which is not in the same account as ec2.
  28. For example, if ec2 running in Global, this is China Account access_key. Example as below:
  29. {
  30. "aws_access_key_id": "your_aws_access_key_id",
  31. "aws_secret_access_key": "your_aws_secret_access_key",
  32. "region": "cn-northwest-1"
  33. }
  34. CDK don not allow to deploy secure para, so you have to do it mannually
  35. And then in this template will assign ec2 role to access it.
  36. 请在部署CDK前,先在ssm parameter store手工创建一个名为 "s3_migration_credentials" 的 secure parameter:
  37. 这个是跟EC2不在一个Account体系下的另一个Account的access_key
  38. 例如EC2在Global,则这个是China Account access_key,反之EC2在中国,这就是Global Account
  39. CDK 不允许直接部署加密Key,所以你需要先去手工创建,然后在CDK中会赋予EC2角色有读取权限
  40. '''
  41. app = core.App()
  42. vpc_stack = CdkVpcStack(app, "s3-migration-cluster-vpc")
  43. vpc = vpc_stack.vpc
  44. resource_stack = CdkResourceStack(app, "s3-migration-cluster-resource", bucket_para)
  45. ec2_stack = CdkEc2Stack(app, "s3-migration-cluster-ec2", vpc, bucket_para,
  46. # key_name, # Optional if use SSM-SessionManager
  47. resource_stack.ddb_file_list,
  48. resource_stack.sqs_queue,
  49. resource_stack.sqs_queue_DLQ,
  50. resource_stack.ssm_bucket_para,
  51. resource_stack.ssm_credential_para,
  52. resource_stack.s3bucket,
  53. resource_stack.s3_deploy)
  54. app.synth()