Home Explore Help
Sign In
LiuFan
/
PrivacyScanData
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ad9a4f33ff
Branches Tags
PrivacyScanD...
/
S3
/
NewFind
/
amazon-s3-resumable-upload-master
/
cluster
/
old-cdk-cluster-0.96
/
app.py

app.py 2.5 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. #!/usr/bin/env python3
    2. 

  2. 

  3. from aws_cdk import core
    4. 

  4. 

  5. from cdk.cdk_vpc_stack import CdkVpcStack
    6. 

  6. from cdk.cdk_ec2_stack import CdkEc2Stack
    7. 

  7. from cdk.cdk_resource_stack import CdkResourceStack
    8. 

  8. 

  9. ############
    10. 

  10. # Define bucket before deploy CDK
    11. 

  11. bucket_para = [{
    12. 

  12.         "src_bucket": "broad-references",
    13. 

  13.         "src_prefix": "",
    14. 

  14.         "des_bucket": "s3-open-data",
    15. 

  15.         "des_prefix": "broad-references"
    16. 

  16.     }, {
    17. 

  17.         "src_bucket": "gatk-test-data",
    18. 

  18.         "src_prefix": "",
    19. 

  19.         "des_bucket": "s3-open-data",
    20. 

  20.         "des_prefix": "gatk-test-data"
    21. 

  21.     }, {
    22. 

  22.         "src_bucket": "giab",
    23. 

  23.         "src_prefix": "",
    24. 

  24.         "des_bucket": "s3-open-data",
    25. 

  25.         "des_prefix": "giab"
    26. 

  26.     }, {
    27. 

  27.         "src_bucket": "covid19-lake",
    28. 

  28.         "src_prefix": "",
    29. 

  29.         "des_bucket": "covid19-lake",
    30. 

  30.         "des_prefix": ""
    31. 

  31.     }]
    32. 

  32. 

  33. # key_name = "id_rsa"  # Optional if use SSM-SessionManager
    34. 

  34. 

  35. '''
    36. 

  36. BEFORE DEPLOY CDK, please setup a "s3_migration_credentials" secure parameter in ssm parameter store MANUALLY!
    37. 

  37. This is the access_key which is not in the same account as ec2.
    38. 

  38. For example, if ec2 running in Global, this is China Account access_key. Example as below:
    39. 

  39. {
    40. 

  40.     "aws_access_key_id": "your_aws_access_key_id",
    41. 

  41.     "aws_secret_access_key": "your_aws_secret_access_key",
    42. 

  42.     "region": "cn-northwest-1"
    43. 

  43. }
    44. 

  44. CDK don not allow to deploy secure para, so you have to do it mannually
    45. 

  45. And then in this template will assign ec2 role to access it.
    46. 

  46. 请在部署CDK前,先在ssm parameter store手工创建一个名为 "s3_migration_credentials" 的 secure parameter:
    47. 

  47. 这个是跟EC2不在一个Account体系下的另一个Account的access_key
    48. 

  48. 例如EC2在Global,则这个是China Account access_key,反之EC2在中国,这就是Global Account
    49. 

  49. CDK 不允许直接部署加密Key,所以你需要先去手工创建,然后在CDK中会赋予EC2角色有读取权限
    50. 

  50. '''
    51. 

  51. 

  52. app = core.App()
    53. 

  53. vpc_stack = CdkVpcStack(app, "s3-migration-cluster-vpc")
    54. 

  54. vpc = vpc_stack.vpc
    55. 

  55. 

  56. resource_stack = CdkResourceStack(app, "s3-migration-cluster-resource", bucket_para)
    57. 

  57. 

  58. ec2_stack = CdkEc2Stack(app, "s3-migration-cluster-ec2", vpc, bucket_para,
    59. 

  59.                         # key_name,   # Optional if use SSM-SessionManager
    60. 

  60.                         resource_stack.ddb_file_list,
    61. 

  61.                         resource_stack.sqs_queue,
    62. 

  62.                         resource_stack.sqs_queue_DLQ,
    63. 

  63.                         resource_stack.ssm_bucket_para,
    64. 

  64.                         resource_stack.ssm_credential_para,
    65. 

  65.                         resource_stack.s3bucket,
    66. 

  66.                         resource_stack.s3_deploy)
    67. 

  67. 

  68. app.synth()
    69.