Merge pull request #60 from aws-samples/bsc

Bsc
aws-samples · Mar 27, 2024 · 3e7da62 · 3e7da62
2 parents 026c9b9 + 0d1128e
commit 3e7da62
Show file tree

Hide file tree

Showing 37 changed files with 2,399 additions and 10 deletions.
diff --git a/docs/pre-merge-tools.md b/docs/pre-merge-tools.md
@@ -41,3 +41,5 @@ npm run install-pre-commit-mac
 # Run
 npm run run-pre-commit
 ```
+
+4. Optionally, run [shellcheck](https://github.com/koalaman/shellcheck) to check for common problems in your shell scripts.
diff --git a/lib/bsc/.gitignore b/lib/bsc/.gitignore
@@ -0,0 +1,8 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
diff --git a/lib/bsc/README.md b/lib/bsc/README.md
diff --git a/lib/bsc/app.ts b/lib/bsc/app.ts
@@ -0,0 +1,55 @@
+import 'dotenv/config'
+import "source-map-support/register";
+import * as cdk from "aws-cdk-lib";
+import * as config from "./lib/config/bscConfig";
+import * as configTypes from "./lib/config/bscConfig.interface";
+import { BscCommonStack } from "./lib/common-stack";
+import { BscSingleNodeStack } from "./lib/single-node-stack";
+import { BscHANodesStack } from "./lib/ha-nodes-stack";
+import * as nag from "cdk-nag";
+
+const app = new cdk.App();
+cdk.Tags.of(app).add("Project", "AWS_BSC");
+
+new BscCommonStack(app, "bsc-common", {
+    stackName: `bsc-nodes-common`,
+    env: { account: config.baseConfig.accountId, region: config.baseConfig.region }
+});
+
+new BscSingleNodeStack(app, "bsc-single-node", {
+    stackName: `bsc-single-node-${config.baseNodeConfig.nodeConfiguration}-${config.baseNodeConfig.bscNetwork}`,
+
+    env: { account: config.baseConfig.accountId, region: config.baseConfig.region },
+    nodeRole: <configTypes.BscNodeRole> "single-node",
+    instanceType: config.baseNodeConfig.instanceType,
+    instanceCpuType: config.baseNodeConfig.instanceCpuType,
+    bscNetwork: config.baseNodeConfig.bscNetwork,
+    nodeConfiguration: config.baseNodeConfig.nodeConfiguration,
+    snapshotsUrl:config.baseNodeConfig.snapshotsUrl,
+    dataVolume: config.baseNodeConfig.dataVolume,
+});
+
+new BscHANodesStack(app, "bsc-ha-nodes", {
+    stackName: `bsc-ha-nodes-${config.baseNodeConfig.nodeConfiguration}-${config.baseNodeConfig.bscNetwork}`,
+    env: { account: config.baseConfig.accountId, region: config.baseConfig.region },
+    nodeRole: <configTypes.BscNodeRole> "rpc-node",
+    instanceType: config.baseNodeConfig.instanceType,
+    instanceCpuType: config.baseNodeConfig.instanceCpuType,
+    bscNetwork: config.baseNodeConfig.bscNetwork,
+    nodeConfiguration: config.baseNodeConfig.nodeConfiguration,
+    snapshotsUrl:config.baseNodeConfig.snapshotsUrl,
+    dataVolume: config.baseNodeConfig.dataVolume,
+
+    albHealthCheckGracePeriodMin: config.haNodeConfig.albHealthCheckGracePeriodMin,
+    heartBeatDelayMin: config.haNodeConfig.heartBeatDelayMin,
+    numberOfNodes: config.haNodeConfig.numberOfNodes
+});
+
+// Security Check
+cdk.Aspects.of(app).add(
+    new nag.AwsSolutionsChecks({
+        verbose: false,
+        reports: true,
+        logIgnores: false
+    })
+);
diff --git a/lib/bsc/cdk.json b/lib/bsc/cdk.json
@@ -0,0 +1,57 @@
+{
+  "app": "npx ts-node --prefer-ts-exts app.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true
+  }
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -41,3 +41,5 @@ npm run install-pre-commit-mac @@
     # Run
     npm run run-pre-commit
     ```
+. Optionally, run [shellcheck](https://github.com/koalaman/shellcheck) to check for common problems in your shell scripts.