Skip to content

Commit

Permalink
chore: Separate CDK apps
Browse files Browse the repository at this point in the history
  • Loading branch information
SvenKirschbaum committed Mar 9, 2024
1 parent 867063e commit b893956
Show file tree
Hide file tree
Showing 11 changed files with 156 additions and 128 deletions.
9 changes: 9 additions & 0 deletions bin/cicd.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
import * as cdk from "aws-cdk-lib";
import {CICDStack} from "../lib/cicd-stack";
import {utilAccountEnv} from "./constants";

const app = new cdk.App();

new CICDStack(app, 'CICDStack', {
env: utilAccountEnv
});
12 changes: 12 additions & 0 deletions bin/constants.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@

export const utilAccountID = '362408963076';
export const dnsAccountID = '058264224454';

export const utilAccountEnv = {
region: 'eu-central-1',
account: utilAccountID
}
export const dnsAccountEnv = {
region: 'eu-central-1',
account: dnsAccountID
}
24 changes: 24 additions & 0 deletions bin/dns.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
import * as cdk from "aws-cdk-lib";
import {DNSStack} from "../lib/dns-stack";
import {dnsAccountEnv} from "./constants";

const app = new cdk.App();

new DNSStack(app, 'DNSStack', {
// WARNING: The Zones have been manually created with a reusable delegation set.
// Further zones should follow the same procedure, to use the same white-label nameservers.
// The create-hosted-zone script can be used to create a new zone, and the update-default-records
// script can be used to update the SOA and NS records.
domains: [
'elite12.de',
'kirschbaum.me',
'kirschbaum.cloud',
'bund-von-theramore.de',
'theramo.re',
'markus-dope.de',
'grillteller42.de',
'trigardon-rg.de',
'westerwald-esport.de',
],
env: dnsAccountEnv
})
15 changes: 15 additions & 0 deletions bin/domain-placeholder.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
import * as cdk from "aws-cdk-lib";
import {DomainPlaceholderStack} from "../lib/domain-placeholder-stack";
import {dnsAccountID, utilAccountEnv} from "./constants";

const app = new cdk.App();

new DomainPlaceholderStack(app, 'DomainPlaceholderStack', {
domainName: 'kirschbaum.cloud',
dnsDelegation: {
account: dnsAccountID,
roleName: 'DomainPlaceholderDnsDelegationRole',
hostedZoneId: 'Z0202936UCVSS5ELQXV6'
},
env: utilAccountEnv
})
16 changes: 16 additions & 0 deletions bin/log-redirect.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
import * as cdk from "aws-cdk-lib";
import {LogRedirectStack} from "../lib/log-redirect-stack";
import {dnsAccountID, utilAccountEnv} from "./constants";

const app = new cdk.App();

new LogRedirectStack(app, 'LogRedirectStack', {
domainName: 'logs.theramo.re',
wclTokenSecretName: 'wcl-user-token',
dnsDelegation: {
account: dnsAccountID,
roleName: 'LogsDnsDelegationRole',
hostedZoneId: 'Z063409814X6LVK19O0XU'
},
env: utilAccountEnv
});
15 changes: 15 additions & 0 deletions bin/prime-scout.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
import * as cdk from "aws-cdk-lib";
import {PrimeScoutStack} from "../lib/prime-scout-stack";
import {dnsAccountID, utilAccountEnv} from "./constants";

const app = new cdk.App();

new PrimeScoutStack(app, 'PrimeScoutStack', {
domainName: 'scout.westerwald-esport.de',
dnsDelegation: {
account: dnsAccountID,
roleName: 'PrimeScoutDnsDelegationRole',
hostedZoneId: 'Z061068430M8Q8F3V3ROJ'
},
env: utilAccountEnv
});
75 changes: 0 additions & 75 deletions bin/utils.ts

This file was deleted.

1 change: 0 additions & 1 deletion cdk.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
{
"app": "npx ts-node --prefer-ts-exts bin/utils.ts",
"watch": {
"include": [
"**"
Expand Down
50 changes: 0 additions & 50 deletions lib/ci-stack.ts

This file was deleted.

63 changes: 63 additions & 0 deletions lib/cicd-stack.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
import {Arn, Stack, StackProps} from "aws-cdk-lib";
import {Construct} from "constructs";
import {
Effect,
FederatedPrincipal,
OpenIdConnectProvider,
PolicyStatement,
Role
} from "aws-cdk-lib/aws-iam";
export class CICDStack extends Stack {
private githubProvider: OpenIdConnectProvider;
constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props);

this.addGithubActionsIdentityProvider();
this.addGithubActionPermissions();
}

private addGithubActionsIdentityProvider() {
this.githubProvider = new OpenIdConnectProvider(this, 'github-actions-oidc-provider', {
url: 'https://token.actions.githubusercontent.com',
thumbprints: ['1b511abead59c6ce207077c0bf0e0043b1382612'],
clientIds: ['sts.amazonaws.com']
});
}

private addGithubActionPermissions() {
const githubActionsRole = new Role(this, 'github-utils-actions-role', {
roleName: 'GithubActionsUtilsRole',
assumedBy: new FederatedPrincipal(
this.githubProvider.openIdConnectProviderArn,
{
"StringEquals": {
"token.actions.githubusercontent.com:aud": "sts.amazonaws.com",
"token.actions.githubusercontent.com:sub": "repo:SvenKirschbaum/aws-utils:ref:refs/heads/master",
}
}
),
});

githubActionsRole.addToPolicy(new PolicyStatement({
effect: Effect.ALLOW,
actions: ['sts:AssumeRole'],
resources: [
// Current (Utils) Account cdk Roles
Arn.format({
service: 'iam',
region: '',
resource: 'role',
resourceName: 'cdk-*'
}, Stack.of(this)),
// DNS Account cdk Roles
Arn.format({
service: 'iam',
account: '058264224454',
region: '',
resource: 'role',
resourceName: 'cdk-*'
}, Stack.of(this))
]
}));
}
}
4 changes: 2 additions & 2 deletions lib/dns-stack.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import {Aws, CfnResource, Duration, RemovalPolicy, Stack, StackProps} from "aws-cdk-lib";
import {CfnResource, Duration, RemovalPolicy, Stack, StackProps} from "aws-cdk-lib";
import {Construct} from "constructs";
import {
AaaaRecord,
Expand Down Expand Up @@ -75,7 +75,7 @@ class DnsStackUSEast1ResourcesStack extends Stack {
}
}

export class DnsStack extends Stack {
export class DNSStack extends Stack {

constructor(scope: Construct, id: string, props: RootDnsProps) {
super(scope, id, {
Expand Down

0 comments on commit b893956

Please sign in to comment.