vpc(cdk):
mkdir vpc
cd vpc/
cdk init app -l python
python3 -m venv .venv
sudo npm install -g aws-cdk
source .venv/bin/activate
./.venv/bin/python3 -m pip install --upgrade pip
pip install -r requirements.txt
pip install aws-cdk.aws-ec2
cdk synth
cdk deploy
cdk diff
from aws_cdk import core as cdk
from aws_cdk import (core,aws_ec2 as ec2)
#cdk bootstrap
#/home/ec2-user/environment/liu/.venv/bin/python3 -m pip install --upgrade pip
class VpcStack(core.Stack):
def __init__(self,scope: core.Construct,id:str,**kwargs) -> None:
super().__init__(scope,id,**kwargs)
#创建VPC
self.vpc = ec2.Vpc(self,"vpc",
#两个可用区
max_azs = 2,
#1个nat网关
nat_gateways = 1,
#创建公网子网和私网子网
subnet_configuration = [ec2.SubnetConfiguration(
subnet_type = ec2.SubnetType.PUBLIC,
name = "public"
),ec2.SubnetConfiguration(
subnet_type = ec2.SubnetType.PRIVATE,
name = "private"
)
])
#创建alb安全组
self.sgalb = ec2.SecurityGroup(self,"sg_alb",
#选择vpc
vpc =self.vpc ,
#自定义安全组名称
security_group_name = "sg_elb",
#默认开放所有出站流量
allow_all_outbound = True
)
#添加80入站端口
self.sgalb.connections.allow_from_any_ipv4(ec2.Port.tcp(80))
#创建ec2安全组
self.sgec2 = ec2.SecurityGroup(self,"sg_ec2",
vpc = self.vpc ,
security_group_name = "sg_ec2",
allow_all_outbound = True
)
#安全组接收alb的80端口流量
self.sgec2.connections.allow_from(self.sgalb,ec2.Port.tcp(80))
#输出vpc id
core.CfnOutput(self,"Output_vpc",
value=self.vpc.vpc_id)
#输出安全组alb id
core.CfnOutput(self,"Output_sgalb",
value=self.sgalb.security_group_id)
#输出安全组 ec2 id
core.CfnOutput(self,"Output_sgec2",
value=self.sgec2.security_group_id)