Skip to content

Commit

Permalink
refactor(cloudquery): Define the database in its own construct
Browse files Browse the repository at this point in the history 
This is a start to address guardian/cdk#1786 in a real-world service.
  • Loading branch information
@akash1810
akash1810 committed May 8, 2023
1 parent 7588acd commit 1111fdb
Show file tree
Hide file tree
Showing 5 changed files with 484 additions and 203 deletions.
280 changes: 132 additions & 148 deletions packages/cdk/lib/__snapshots__/cloudquery.test.ts.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ exports[`The CloudQuery stack matches the snapshot 1`] = `
"GuVpcParameter",
"GuSubnetListParameter",
"GuSecurityGroup",
"GuDatabase",
"GuDistributionBucketParameter",
"GuAmiParameter",
"GuInstanceRole",
Expand Down Expand Up @@ -48,6 +49,65 @@ exports[`The CloudQuery stack matches the snapshot 1`] = `
},
},
"Resources": {
"DefaultSecurityGroupCloudquery39EED116": {
"Properties": {
"GroupDescription": "CloudQuery/DefaultSecurityGroupCloudquery",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow all outbound traffic by default",
"IpProtocol": "-1",
},
],
"Tags": [
{
"Key": "App",
"Value": "cloudquery",
},
{
"Key": "gu:cdk:version",
"Value": "TEST",
},
{
"Key": "gu:repo",
"Value": "guardian/service-catalogue",
},
{
"Key": "Stack",
"Value": "deploy",
},
{
"Key": "Stage",
"Value": "TEST",
},
],
"VpcId": {
"Ref": "VpcId",
},
},
"Type": "AWS::EC2::SecurityGroup",
},
"DefaultSecurityGroupCloudqueryfromCloudQueryDefaultSecurityGroupCloudquery6925211454323690040A": {
"Properties": {
"Description": "from CloudQueryDefaultSecurityGroupCloudquery69252114:5432",
"FromPort": 5432,
"GroupId": {
"Fn::GetAtt": [
"DefaultSecurityGroupCloudquery39EED116",
"GroupId",
],
},
"IpProtocol": "tcp",
"SourceSecurityGroupId": {
"Fn::GetAtt": [
"DefaultSecurityGroupCloudquery39EED116",
"GroupId",
],
},
"ToPort": 5432,
},
"Type": "AWS::EC2::SecurityGroupIngress",
},
"DescribeEC2PolicyFF5F9295": {
"Properties": {
"PolicyDocument": {
Expand Down Expand Up @@ -315,7 +375,7 @@ exports[`The CloudQuery stack matches the snapshot 1`] = `
":dbuser:",
{
"Fn::GetAtt": [
"PostgresInstance16DE4286E",
"PostgresInstance1Cloudquery223DB538",
"DbiResourceId",
],
},
Expand Down Expand Up @@ -400,74 +460,17 @@ exports[`The CloudQuery stack matches the snapshot 1`] = `
},
"Type": "AWS::IAM::Policy",
},
"PostgresAccessSecurityGroupCloudqueryE959A23F": {
"Properties": {
"GroupDescription": "CloudQuery/PostgresAccessSecurityGroupCloudquery",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow all outbound traffic by default",
"IpProtocol": "-1",
},
],
"Tags": [
{
"Key": "App",
"Value": "cloudquery",
},
{
"Key": "gu:cdk:version",
"Value": "TEST",
},
{
"Key": "gu:repo",
"Value": "guardian/service-catalogue",
},
{
"Key": "Stack",
"Value": "deploy",
},
{
"Key": "Stage",
"Value": "TEST",
},
],
"VpcId": {
"Ref": "VpcId",
},
},
"Type": "AWS::EC2::SecurityGroup",
},
"PostgresAccessSecurityGroupParam38DFE001": {
"Properties": {
"DataType": "text",
"Name": "/TEST/deploy/cloudquery/postgres-access-security-group",
"Tags": {
"Stack": "deploy",
"Stage": "TEST",
"gu:cdk:version": "TEST",
"gu:repo": "guardian/service-catalogue",
},
"Tier": "Standard",
"Type": "String",
"Value": {
"Fn::GetAtt": [
"PostgresAccessSecurityGroupCloudqueryE959A23F",
"GroupId",
],
},
},
"Type": "AWS::SSM::Parameter",
},
"PostgresInstance16DE4286E": {
"PostgresInstance1Cloudquery223DB538": {
"DeletionPolicy": "Snapshot",
"Properties": {
"AllocatedStorage": "100",
"CACertificateIdentifier": "rds-ca-2019",
"CopyTagsToSnapshot": true,
"DBInstanceClass": "db.t4g.small",
"DBSubnetGroupName": {
"Ref": "PostgresInstance1SubnetGroupCAC045A5",
"Ref": "PostgresInstance1CloudquerySubnetGroup1E0841E2",
},
"DeletionProtection": true,
"EnableIAMDatabaseAuthentication": true,
"Engine": "postgres",
"MasterUserPassword": {
Expand All @@ -476,7 +479,7 @@ exports[`The CloudQuery stack matches the snapshot 1`] = `
[
"{{resolve:secretsmanager:",
{
"Ref": "PostgresInstance1Secret7FA1A24B",
"Ref": "PostgresInstance1CloudquerySecret896B33F7",
},
":SecretString:password::}}",
],
Expand All @@ -488,17 +491,22 @@ exports[`The CloudQuery stack matches the snapshot 1`] = `
[
"{{resolve:secretsmanager:",
{
"Ref": "PostgresInstance1Secret7FA1A24B",
"Ref": "PostgresInstance1CloudquerySecret896B33F7",
},
":SecretString:username::}}",
],
],
},
"MultiAZ": true,
"Port": "5432",
"PubliclyAccessible": false,
"StorageEncrypted": true,
"StorageType": "gp2",
"Tags": [
{
"Key": "App",
"Value": "cloudquery",
},
{
"Key": "gu:cdk:version",
"Value": "TEST",
Expand All @@ -519,7 +527,7 @@ exports[`The CloudQuery stack matches the snapshot 1`] = `
"VPCSecurityGroups": [
{
"Fn::GetAtt": [
"PostgresInstance1SecurityGroupFA28C3C0",
"DefaultSecurityGroupCloudquery39EED116",
"GroupId",
],
},
Expand All @@ -528,7 +536,51 @@ exports[`The CloudQuery stack matches the snapshot 1`] = `
"Type": "AWS::RDS::DBInstance",
"UpdateReplacePolicy": "Snapshot",
},
"PostgresInstance1Secret7FA1A24B": {
"PostgresInstance1CloudqueryAccessSecurityGroupParam9F461088": {
"Properties": {
"DataType": "text",
"Name": "/TEST/deploy/cloudquery/database/access-security-group",
"Tags": {
"App": "cloudquery",
"Stack": "deploy",
"Stage": "TEST",
"gu:cdk:version": "TEST",
"gu:repo": "guardian/service-catalogue",
},
"Tier": "Standard",
"Type": "String",
"Value": {
"Fn::GetAtt": [
"DefaultSecurityGroupCloudquery39EED116",
"GroupId",
],
},
},
"Type": "AWS::SSM::Parameter",
},
"PostgresInstance1CloudqueryEndpointAddressParamB17A3B97": {
"Properties": {
"DataType": "text",
"Name": "/TEST/deploy/cloudquery/database/endpoint-address",
"Tags": {
"App": "cloudquery",
"Stack": "deploy",
"Stage": "TEST",
"gu:cdk:version": "TEST",
"gu:repo": "guardian/service-catalogue",
},
"Tier": "Standard",
"Type": "String",
"Value": {
"Fn::GetAtt": [
"PostgresInstance1Cloudquery223DB538",
"Endpoint.Address",
],
},
},
"Type": "AWS::SSM::Parameter",
},
"PostgresInstance1CloudquerySecret896B33F7": {
"DeletionPolicy": "Delete",
"Properties": {
"Description": {
Expand All @@ -549,6 +601,10 @@ exports[`The CloudQuery stack matches the snapshot 1`] = `
"SecretStringTemplate": "{"username":"postgres"}",
},
"Tags": [
{
"Key": "App",
"Value": "cloudquery",
},
{
"Key": "gu:cdk:version",
"Value": "TEST",
Expand All @@ -570,80 +626,29 @@ exports[`The CloudQuery stack matches the snapshot 1`] = `
"Type": "AWS::SecretsManager::Secret",
"UpdateReplacePolicy": "Delete",
},
"PostgresInstance1SecretAttachmentBA0D257D": {
"PostgresInstance1CloudquerySecretAttachmentADDCFC44": {
"Properties": {
"SecretId": {
"Ref": "PostgresInstance1Secret7FA1A24B",
"Ref": "PostgresInstance1CloudquerySecret896B33F7",
},
"TargetId": {
"Ref": "PostgresInstance16DE4286E",
"Ref": "PostgresInstance1Cloudquery223DB538",
},
"TargetType": "AWS::RDS::DBInstance",
},
"Type": "AWS::SecretsManager::SecretTargetAttachment",
},
"PostgresInstance1SecurityGroupFA28C3C0": {
"PostgresInstance1CloudquerySubnetGroup1E0841E2": {
"Properties": {
"GroupDescription": "Security group for PostgresInstance1 database",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow all outbound traffic by default",
"IpProtocol": "-1",
},
],
"Tags": [
{
"Key": "gu:cdk:version",
"Value": "TEST",
},
{
"Key": "gu:repo",
"Value": "guardian/service-catalogue",
},
{
"Key": "Stack",
"Value": "deploy",
},
{
"Key": "Stage",
"Value": "TEST",
},
],
"VpcId": {
"Ref": "VpcId",
},
},
"Type": "AWS::EC2::SecurityGroup",
},
"PostgresInstance1SecurityGroupfromCloudQueryPostgresAccessSecurityGroupCloudqueryAE627D465432AE3168F5": {
"Properties": {
"Description": "from CloudQueryPostgresAccessSecurityGroupCloudqueryAE627D46:5432",
"FromPort": 5432,
"GroupId": {
"Fn::GetAtt": [
"PostgresInstance1SecurityGroupFA28C3C0",
"GroupId",
],
},
"IpProtocol": "tcp",
"SourceSecurityGroupId": {
"Fn::GetAtt": [
"PostgresAccessSecurityGroupCloudqueryE959A23F",
"GroupId",
],
},
"ToPort": 5432,
},
"Type": "AWS::EC2::SecurityGroupIngress",
},
"PostgresInstance1SubnetGroupCAC045A5": {
"Properties": {
"DBSubnetGroupDescription": "Subnet group for PostgresInstance1 database",
"DBSubnetGroupDescription": "Subnet group for PostgresInstance1Cloudquery database",
"SubnetIds": {
"Ref": "cloudqueryPrivateSubnets",
},
"Tags": [
{
"Key": "App",
"Value": "cloudquery",
},
{
"Key": "gu:cdk:version",
"Value": "TEST",
Expand All @@ -664,27 +669,6 @@ exports[`The CloudQuery stack matches the snapshot 1`] = `
},
"Type": "AWS::RDS::DBSubnetGroup",
},
"PostgresInstanceEndpointAddress6E14162C": {
"Properties": {
"DataType": "text",
"Name": "/TEST/deploy/cloudquery/postgres-instance-endpoint-address",
"Tags": {
"Stack": "deploy",
"Stage": "TEST",
"gu:cdk:version": "TEST",
"gu:repo": "guardian/service-catalogue",
},
"Tier": "Standard",
"Type": "String",
"Value": {
"Fn::GetAtt": [
"PostgresInstance16DE4286E",
"Endpoint.Address",
],
},
},
"Type": "AWS::SSM::Parameter",
},
"WazuhSecurityGroup": {
"Properties": {
"GroupDescription": "Allow outbound traffic from wazuh agent to manager",
Expand Down Expand Up @@ -821,7 +805,7 @@ exports[`The CloudQuery stack matches the snapshot 1`] = `
},
{
"Fn::GetAtt": [
"PostgresAccessSecurityGroupCloudqueryE959A23F",
"DefaultSecurityGroupCloudquery39EED116",
"GroupId",
],
},
Expand Down
Loading

0 comments on commit 1111fdb

Please sign in to comment.