air-tech-assessment/air-tech/__main__.py

import pulumi
from pulumi import Config
import pulumi_aws as aws
from pulumi_aws import acm, ecs, ec2, lb, iam, ecr
import pulumi_awsx as awsx


config = Config()

cpu = config.get_int("cpu", 512)
memory = config.get_int("memory", 128)

vpc = ec2.Vpc("production", cidr_block="10.0.0.0/16")

ig = ec2.InternetGateway("internet-gateway", vpc_id=vpc.id)

cert = acm.Certificate(
    "air-tech",
    domain_name="air-tech.ahosking.com",
    validation_method="DNS",
)

public_subnet = ec2.Subnet(
    "public-subnet",
    vpc_id=vpc.id,
    cidr_block="10.0.1.0/26",
    availability_zone="us-east-2a",
    map_public_ip_on_launch=True
)
public_subnet2 = ec2.Subnet(
    "public-subnet2",
    vpc_id=vpc.id,
    cidr_block="10.0.2.0/26",
    availability_zone="us-east-2b",
    map_public_ip_on_launch=True
)

route_table = ec2.RouteTable("route-table", vpc_id=vpc.id)
route = ec2.Route(
    "route", route_table_id=route_table.id,
    destination_cidr_block="0.0.0.0/0", gateway_id=ig.id)


private_subnet = ec2.Subnet(
    "private-subnet",
    vpc_id=vpc.id,
    cidr_block="10.0.3.0/26",
    availability_zone="us-east-2a",
    map_public_ip_on_launch=False
)
private_subnet2 = ec2.Subnet(
    "private-subnet2",
    vpc_id=vpc.id,
    cidr_block="10.0.4.0/26",
    availability_zone="us-east-2b",
    map_public_ip_on_launch=False
)
repo = ecr.Repository("repo")

# ecs_task_execution_role = iam.Role("ecsExecutionRole",
#                                    path="/",
#                                    assume_role_policy=iam.get_policy_document(statements=[{
#                                        "actions": ["sts:AssumeRole"],
#                                        "principals": {
#                                            "type": "Service",
#                                            "identifiers": ["ecs-tasks.amazonaws.com"]
#                                        }
#                                    }
#                                    ]).json,
#                                    )


# iam.RolePolicy("accessECRImages",
#                role=ecs_task_execution_role.id,
#                policy={
#                    "Version": "2012-10-17",
#                    "Statement": [
#                        {
#                            "Effect": "Allow",
#                            "Action": [
#                                "ecr:GetDownloadUrlForLayer",
#                                "ecr:BatchGetImage",
#                                "ecr:BatchCheckLayerAvailability",
#                            ],
#                            "Resource": repo.repository_arn
#                        }
#                    ]
#                }
#                )


image_web = awsx.ecr.Image(
    "image_web",
    repository_url=repo.url,
    path=".",
    dockerfile=".\infra-web\Dockerfile")

image_api = awsx.ecr.Image(
    "image_api",
    repository_url=repo.url,
    path=".",
    dockerfile=".\infra-api\Dockerfile")

security_group = aws.ec2.SecurityGroup(
    "securityGroup",
    vpc_id=vpc.id,
    egress=[aws.ec2.SecurityGroupEgressArgs(
        from_port=0,
        to_port=0,
        protocol="-1",
        cidr_blocks=["0.0.0.0/0"],
        ipv6_cidr_blocks=["::/0"],
    )])


cluster = ecs.Cluster("cluster")

pulumi.export("certificateArn", cert.arn)
loadbalancer = lb.LoadBalancer(
    "loadbalancer",
    load_balancer_type="application",
    security_groups=[security_group.id],
    subnets=[public_subnet.id, public_subnet2.id])


target_group = lb.TargetGroup(
    "target-group",
    port=5000,
    protocol="HTTP",
    target_type="ip",
    vpc_id=vpc.id)

listener = lb.Listener(
    "listener",
    load_balancer_arn=loadbalancer.arn,
    port=80,
    default_actions=[{
        "type": "forward",
        "target_group_arn": target_group.arn
    }])


web_sg = ec2.SecurityGroup(
    "web-sg",
    vpc_id=vpc.id,
    ingress=[
        {
            "protocol": "tcp",
            "from_port": 80,
            "to_port": 80,
            "cidr_blocks": ["0.0.0.0/0"],
        }
    ],
    egress=[
        {
            "protocol": "-1",
            "from_port": 0,
            "to_port": 0,
            "cidr_blocks": ["0.0.0.0/0"],
        }
    ]
)


api = awsx.ecs.FargateService(
    "api",
    cluster=cluster.arn,
    network_configuration={
        "assignPublicIp": "false",
        "subnets": [private_subnet.id],
        "securityGroups": [web_sg.id]
    },
    task_definition_args=awsx.ecs.FargateServiceTaskDefinitionArgs(
        container=awsx.ecs.TaskDefinitionContainerDefinitionArgs(
            name="theApi",
            image=image_api.image_uri,
            cpu=cpu,
            memory=memory,
            essential=True,
            port_mappings=[awsx.ecs.TaskDefinitionPortMappingArgs(
                container_port=5000,
                host_port=5000,
            )],
        ),
    ))


service = awsx.ecs.FargateService(
    "web",
    cluster=cluster.arn,
    network_configuration={
        "assignPublicIp": "true",
        "subnets": [public_subnet.id],
        "securityGroups": [web_sg.id]
    },
    task_definition_args=awsx.ecs.FargateServiceTaskDefinitionArgs(
        container=awsx.ecs.TaskDefinitionContainerDefinitionArgs(
            name="theOne",
            image=image_web.image_uri,
            cpu=cpu,
            memory=memory,
            essential=True,
            port_mappings=[awsx.ecs.TaskDefinitionPortMappingArgs(
                container_port=5000,
                host_port=5000,
                target_group=target_group,
            )],
        ),
    ),
    opts=pulumi.ResourceOptions(depends_on=[api, target_group])
)
This is nearly working in all Pulumi. Permissions are not correct in code to allow the images to be pulled by the ECS tasks. As such, they will not start and run without some manual intervention. Pulumi will happily let the process sit at this stage forever. 2023-09-07 04:49:03 +00:00			`import pulumi`
chore: Add README 2023-09-07 05:00:13 +00:00			`from pulumi import Config`
This is nearly working in all Pulumi. Permissions are not correct in code to allow the images to be pulled by the ECS tasks. As such, they will not start and run without some manual intervention. Pulumi will happily let the process sit at this stage forever. 2023-09-07 04:49:03 +00:00			`import pulumi_aws as aws`
chore: Add README 2023-09-07 05:00:13 +00:00			`from pulumi_aws import acm, ecs, ec2, lb, iam, ecr`
This is nearly working in all Pulumi. Permissions are not correct in code to allow the images to be pulled by the ECS tasks. As such, they will not start and run without some manual intervention. Pulumi will happily let the process sit at this stage forever. 2023-09-07 04:49:03 +00:00			`import pulumi_awsx as awsx`


			`config = Config()`
chore: Add README 2023-09-07 05:00:13 +00:00
This is nearly working in all Pulumi. Permissions are not correct in code to allow the images to be pulled by the ECS tasks. As such, they will not start and run without some manual intervention. Pulumi will happily let the process sit at this stage forever. 2023-09-07 04:49:03 +00:00			`cpu = config.get_int("cpu", 512)`
			`memory = config.get_int("memory", 128)`
chore: Add README 2023-09-07 05:00:13 +00:00
This is nearly working in all Pulumi. Permissions are not correct in code to allow the images to be pulled by the ECS tasks. As such, they will not start and run without some manual intervention. Pulumi will happily let the process sit at this stage forever. 2023-09-07 04:49:03 +00:00			`vpc = ec2.Vpc("production", cidr_block="10.0.0.0/16")`

			`ig = ec2.InternetGateway("internet-gateway", vpc_id=vpc.id)`

			`cert = acm.Certificate(`
			`"air-tech",`
			`domain_name="air-tech.ahosking.com",`
			`validation_method="DNS",`
			`)`
chore: Add README 2023-09-07 05:00:13 +00:00
This is nearly working in all Pulumi. Permissions are not correct in code to allow the images to be pulled by the ECS tasks. As such, they will not start and run without some manual intervention. Pulumi will happily let the process sit at this stage forever. 2023-09-07 04:49:03 +00:00			`public_subnet = ec2.Subnet(`
			`"public-subnet",`
			`vpc_id=vpc.id,`
			`cidr_block="10.0.1.0/26",`
			`availability_zone="us-east-2a",`
			`map_public_ip_on_launch=True`
			`)`
			`public_subnet2 = ec2.Subnet(`
			`"public-subnet2",`
			`vpc_id=vpc.id,`
			`cidr_block="10.0.2.0/26",`
			`availability_zone="us-east-2b",`
			`map_public_ip_on_launch=True`
			`)`

chore: Add README 2023-09-07 05:00:13 +00:00			`route_table = ec2.RouteTable("route-table", vpc_id=vpc.id)`
			`route = ec2.Route(`
			`"route", route_table_id=route_table.id,`
			`destination_cidr_block="0.0.0.0/0", gateway_id=ig.id)`

This is nearly working in all Pulumi. Permissions are not correct in code to allow the images to be pulled by the ECS tasks. As such, they will not start and run without some manual intervention. Pulumi will happily let the process sit at this stage forever. 2023-09-07 04:49:03 +00:00
			`private_subnet = ec2.Subnet(`
			`"private-subnet",`
			`vpc_id=vpc.id,`
			`cidr_block="10.0.3.0/26",`
			`availability_zone="us-east-2a",`
			`map_public_ip_on_launch=False`
			`)`
			`private_subnet2 = ec2.Subnet(`
			`"private-subnet2",`
			`vpc_id=vpc.id,`
			`cidr_block="10.0.4.0/26",`
			`availability_zone="us-east-2b",`
			`map_public_ip_on_launch=False`
			`)`
			`repo = ecr.Repository("repo")`

chore: Add README 2023-09-07 05:00:13 +00:00			`# ecs_task_execution_role = iam.Role("ecsExecutionRole",`
			`# path="/",`
			`# assume_role_policy=iam.get_policy_document(statements=[{`
			`# "actions": ["sts:AssumeRole"],`
			`# "principals": {`
			`# "type": "Service",`
			`# "identifiers": ["ecs-tasks.amazonaws.com"]`
			`# }`
			`# }`
			`# ]).json,`
			`# )`


			`# iam.RolePolicy("accessECRImages",`
			`# role=ecs_task_execution_role.id,`
			`# policy={`
			`# "Version": "2012-10-17",`
			`# "Statement": [`
			`# {`
			`# "Effect": "Allow",`
			`# "Action": [`
			`# "ecr:GetDownloadUrlForLayer",`
			`# "ecr:BatchGetImage",`
			`# "ecr:BatchCheckLayerAvailability",`
			`# ],`
			`# "Resource": repo.repository_arn`
			`# }`
			`# ]`
			`# }`
			`# )`
This is nearly working in all Pulumi. Permissions are not correct in code to allow the images to be pulled by the ECS tasks. As such, they will not start and run without some manual intervention. Pulumi will happily let the process sit at this stage forever. 2023-09-07 04:49:03 +00:00

			`image_web = awsx.ecr.Image(`
			`"image_web",`
			`repository_url=repo.url,`
			`path=".",`
			`dockerfile=".\infra-web\Dockerfile")`

			`image_api = awsx.ecr.Image(`
			`"image_api",`
			`repository_url=repo.url,`
			`path=".",`
			`dockerfile=".\infra-api\Dockerfile")`

			`security_group = aws.ec2.SecurityGroup(`
			`"securityGroup",`
			`vpc_id=vpc.id,`
			`egress=[aws.ec2.SecurityGroupEgressArgs(`
			`from_port=0,`
			`to_port=0,`
			`protocol="-1",`
			`cidr_blocks=["0.0.0.0/0"],`
			`ipv6_cidr_blocks=["::/0"],`
			`)])`
chore: Add README 2023-09-07 05:00:13 +00:00

This is nearly working in all Pulumi. Permissions are not correct in code to allow the images to be pulled by the ECS tasks. As such, they will not start and run without some manual intervention. Pulumi will happily let the process sit at this stage forever. 2023-09-07 04:49:03 +00:00			`cluster = ecs.Cluster("cluster")`

			`pulumi.export("certificateArn", cert.arn)`
			`loadbalancer = lb.LoadBalancer(`
			`"loadbalancer",`
			`load_balancer_type="application",`
			`security_groups=[security_group.id],`
			`subnets=[public_subnet.id, public_subnet2.id])`


chore: Add README 2023-09-07 05:00:13 +00:00			`target_group = lb.TargetGroup(`
			`"target-group",`
			`port=5000,`
			`protocol="HTTP",`
			`target_type="ip",`
			`vpc_id=vpc.id)`

			`listener = lb.Listener(`
			`"listener",`
			`load_balancer_arn=loadbalancer.arn,`
			`port=80,`
			`default_actions=[{`
			`"type": "forward",`
			`"target_group_arn": target_group.arn`
			`}])`


			`web_sg = ec2.SecurityGroup(`
			`"web-sg",`
			`vpc_id=vpc.id,`
			`ingress=[`
			`{`
			`"protocol": "tcp",`
			`"from_port": 80,`
			`"to_port": 80,`
			`"cidr_blocks": ["0.0.0.0/0"],`
			`}`
			`],`
			`egress=[`
			`{`
			`"protocol": "-1",`
			`"from_port": 0,`
			`"to_port": 0,`
			`"cidr_blocks": ["0.0.0.0/0"],`
			`}`
			`]`
			`)`
This is nearly working in all Pulumi. Permissions are not correct in code to allow the images to be pulled by the ECS tasks. As such, they will not start and run without some manual intervention. Pulumi will happily let the process sit at this stage forever. 2023-09-07 04:49:03 +00:00

			`api = awsx.ecs.FargateService(`
			`"api",`
			`cluster=cluster.arn,`
			`network_configuration={`
chore: Add README 2023-09-07 05:00:13 +00:00			`"assignPublicIp": "false",`
			`"subnets": [private_subnet.id],`
			`"securityGroups": [web_sg.id]`
This is nearly working in all Pulumi. Permissions are not correct in code to allow the images to be pulled by the ECS tasks. As such, they will not start and run without some manual intervention. Pulumi will happily let the process sit at this stage forever. 2023-09-07 04:49:03 +00:00			`},`
			`task_definition_args=awsx.ecs.FargateServiceTaskDefinitionArgs(`
			`container=awsx.ecs.TaskDefinitionContainerDefinitionArgs(`
			`name="theApi",`
			`image=image_api.image_uri,`
			`cpu=cpu,`
			`memory=memory,`
			`essential=True,`
			`port_mappings=[awsx.ecs.TaskDefinitionPortMappingArgs(`
			`container_port=5000,`
			`host_port=5000,`
			`)],`
			`),`
			`))`


			`service = awsx.ecs.FargateService(`
			`"web",`
			`cluster=cluster.arn,`
			`network_configuration={`
chore: Add README 2023-09-07 05:00:13 +00:00			`"assignPublicIp": "true",`
			`"subnets": [public_subnet.id],`
			`"securityGroups": [web_sg.id]`
This is nearly working in all Pulumi. Permissions are not correct in code to allow the images to be pulled by the ECS tasks. As such, they will not start and run without some manual intervention. Pulumi will happily let the process sit at this stage forever. 2023-09-07 04:49:03 +00:00			`},`
			`task_definition_args=awsx.ecs.FargateServiceTaskDefinitionArgs(`
			`container=awsx.ecs.TaskDefinitionContainerDefinitionArgs(`
			`name="theOne",`
			`image=image_web.image_uri,`
			`cpu=cpu,`
			`memory=memory,`
			`essential=True,`
			`port_mappings=[awsx.ecs.TaskDefinitionPortMappingArgs(`
			`container_port=5000,`
			`host_port=5000,`
			`target_group=target_group,`
			`)],`
			`),`
			`),`
			`opts=pulumi.ResourceOptions(depends_on=[api, target_group])`
			`)`