add cost saving , remove nat features

Author: Joseph Morrison

lib/applicationLoadBalancedService/applicationLoadBalancedService.ts

@@ -0,0 +1,50 @@
+import {
+    ApplicationLoadBalancedFargateService,
+    ApplicationLoadBalancedServiceRecordType
+} from "@aws-cdk/aws-ecs-patterns";
+// @ts-ignore
+import path from "path";
+import {ApplicationProtocol} from "@aws-cdk/aws-elasticloadbalancingv2";
+import {Construct} from "@aws-cdk/core";
+import {IHostedZone} from "@aws-cdk/aws-route53";
+import {ICertificate} from "@aws-cdk/aws-certificatemanager";
+import {ICluster, ContainerImage} from "@aws-cdk/aws-ecs";
+
+interface ApplicationLoadBalancedServiceProps {
+    stack: Construct,
+    cluster: ICluster,
+    domainZone: IHostedZone,
+    domainName: string,
+    certificate: ICertificate,
+    imagePath: string,
+}
+
+const applicationLoadBalancedService = (
+    {
+        stack,
+        cluster,
+        domainZone,
+        domainName,
+        certificate,
+        imagePath,
+    }: ApplicationLoadBalancedServiceProps) => new ApplicationLoadBalancedFargateService(
+    stack, "WebappFargateService", {
+        cluster, // Required
+        cpu: 512, // Default is 256
+        desiredCount: 1, // Default is 1
+        assignPublicIp: true,
+        taskImageOptions: {
+            containerPort: 3000,
+            image: ContainerImage.fromAsset(imagePath),
+            enableLogging: true,
+        },
+        memoryLimitMiB: 1024, // Default is 512
+        domainZone,
+        protocol: ApplicationProtocol.HTTPS,
+        domainName,
+        certificate,
+        recordType: ApplicationLoadBalancedServiceRecordType.ALIAS,
+        publicLoadBalancer: true // Default is false
+    })
+
+export default applicationLoadBalancedService

lib/vpc/vpc.ts

@@ -0,0 +1,13 @@
+import {Vpc} from "@aws-cdk/aws-ec2";
+import {SubnetType} from "@aws-cdk/aws-ec2";
+import {Construct} from "@aws-cdk/core";
+
+const vpc = (stack: Construct) => new Vpc(stack, "WebappVpc", {
+    maxAzs: 2, // Default is all AZs in region
+    natGateways: 0,
+    subnetConfiguration: [
+        {cidrMask: 23, name: 'Public', subnetType: SubnetType.PUBLIC}
+    ]
+});
+
+export default vpc;

lib/webapp-stack.ts

@@ -1,73 +1,56 @@
 import * as cdk from '@aws-cdk/core';
-import * as ec2 from "@aws-cdk/aws-ec2";
 import * as ecs from "@aws-cdk/aws-ecs";
-import * as ecs_patterns from "@aws-cdk/aws-ecs-patterns";
 import * as wafv2 from '@aws-cdk/aws-wafv2';
-import {ApplicationLoadBalancedServiceRecordType} from "@aws-cdk/aws-ecs-patterns";
 import {PublicHostedZone} from "@aws-cdk/aws-route53";
-import * as path from "path";
 import {DnsValidatedCertificate} from "@aws-cdk/aws-certificatemanager";
-import {ApplicationProtocol} from "@aws-cdk/aws-elasticloadbalancingv2";
 import WebAppWaf from "./waf/waf";
+import vpc from "./vpc/vpc";
+import applicationLoadBalancedService from "./applicationLoadBalancedService/applicationLoadBalancedService";
+import path from 'path';
 
 export class WebappStack extends cdk.Stack {
-  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
-    super(scope, id, props);
-    // provide domain name in cdk.json or via CLI e.g. -c domain=<sub.mydomain.com | mydomain.com>
-    const domainName = this.node.tryGetContext('domain') || process.env.DOMAIN_NAME
-
-    const domainZone = PublicHostedZone.fromLookup(this, 'PublicHostedZone', {
-      domainName,
-      privateZone: false,
-    })
-
-    const natGatewayProvider = ec2.NatProvider.instance({
-      instanceType: new ec2.InstanceType('t2.micro'),
-    });
-
-    const vpc = new ec2.Vpc(this, "WebappVpc", {
-      maxAzs: 2, // Default is all AZs in region
-      natGateways: 2,
-      natGatewayProvider
-    });
-
-    const cluster = new ecs.Cluster(this, "WebappCluster", {
-      vpc: vpc
-    });
-
-    const certificate = new DnsValidatedCertificate(this, 'LBCertificate', {
-      hostedZone: domainZone,
-      domainName,
-    })
-
-    // Create a load-balanced Fargate service and make it public
-    const lb = new ecs_patterns.ApplicationLoadBalancedFargateService(this, "WebappFargateService", {
-      cluster, // Required
-      cpu: 512, // Default is 256
-      desiredCount: 1, // Default is 1
-      taskImageOptions: {
-        containerPort: 3000,
-        image: ecs.ContainerImage.fromAsset(path.resolve(__dirname, '../simple'))
-      },
-      memoryLimitMiB: 1024, // Default is 512
-      domainZone,
-      protocol: ApplicationProtocol.HTTPS,
-      domainName,
-      certificate,
-      recordType: ApplicationLoadBalancedServiceRecordType.ALIAS,
-      publicLoadBalancer: true // Default is false
-    })
-    // Redirects HTTP to HTTPS as default if no configuration provided - ideal!
-    lb.loadBalancer.addRedirect()
-
-    const appWaf = WebAppWaf(this);
-
-    // WAF to WebApp
-    const wafAssoc = new wafv2.CfnWebACLAssociation(this, 'WebApp-waf-assoc', {
-      resourceArn: lb.loadBalancer.loadBalancerArn,
-      webAclArn: appWaf.attrArn
-    });
-   // attach the waf to load balancer
-    wafAssoc.node.addDependency(lb.loadBalancer);
-  }
+    constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
+        super(scope, id, props);
+        // provide domain name in cdk.json or via CLI e.g. -c domain=<sub.mydomain.com | mydomain.com>
+        const domainName = this.node.tryGetContext('domain') || process.env.DOMAIN_NAME
+
+        const domainZone = PublicHostedZone.fromLookup(this, 'PublicHostedZone', {
+            domainName,
+            privateZone: false,
+        })
+
+        const certificate = new DnsValidatedCertificate(this, 'LBCertificate', {
+            hostedZone: domainZone,
+            domainName,
+        })
+
+        const webAppVpc = vpc(this);
+
+        const cluster = new ecs.Cluster(this, "WebappCluster", {
+            vpc: webAppVpc,
+            containerInsights: true,
+        });
+        // Path to application directory with Dockerfile
+        const imagePath = path.resolve(__dirname, '../simple')
+
+        const appService = applicationLoadBalancedService({
+            stack: this,
+            cluster,
+            domainZone,
+            domainName,
+            certificate,
+            imagePath
+        })
+        // Redirects HTTP to HTTPS as default if no configuration provided - ideal!
+        appService.loadBalancer.addRedirect()
+
+        const appWaf = WebAppWaf(this);
+        // WAF to WebApp
+        const wafAssoc = new wafv2.CfnWebACLAssociation(this, 'WebApp-waf-assoc', {
+            resourceArn: appService.loadBalancer.loadBalancerArn,
+            webAclArn: appWaf.attrArn
+        });
+        // attach the waf to load balancer
+        wafAssoc.node.addDependency(appService.loadBalancer);
+    }
 }

tsconfig.json

@@ -1,5 +1,6 @@
 {
   "compilerOptions": {
+    "esModuleInterop": true,
     "target": "ES2018",
     "module": "commonjs",
     "lib": ["es2018"],