in amazon-msk-java-app-cdk/lib/fargate-stack.ts [32:94]
constructor(vpcStack: VpcStack, scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
let bootstrapAddress = new CfnParameter(this, "bootstrapAddress", {
type: "String",
description: "Bootstrap address for Kafka broker. Corresponds to bootstrap.servers Kafka consumer configuration"
});
let topicName = new CfnParameter(this, "topicName", {
type: "String",
description: "Kafka topic name"
});
const image = new assets.DockerImageAsset(this, "ConsumerImage", {
directory: '../consumer/docker'
});
const fargateTaskDefinition = new ecs.FargateTaskDefinition(this, 'TaskDef', {
memoryLimitMiB: 4096,
cpu: 512
});
const cluster = new ecs.Cluster(this, 'Cluster', {
vpc: vpcStack.vpc
});
cluster.addCapacity('DefaultAutoScalingGroupCapacity', {
instanceType: ec2.InstanceType.of(InstanceClass.T3, InstanceSize.MEDIUM),//new ec2.InstanceType("t2.xlarge"),
desiredCapacity: 1,
});
fargateTaskDefinition.addContainer("KafkaConsumer", {
image: ecs.ContainerImage.fromDockerImageAsset(image),
logging: ecs.LogDrivers.awsLogs({streamPrefix: 'KafkaConsumer'}),
environment: {
'TABLE_NAME': this.tableName,
'GROUP_ID': this.groupId,
'BOOTSTRAP_ADDRESS': bootstrapAddress.valueAsString,
'REGION': this.region,
'TOPIC_NAME': topicName.valueAsString
}
});
//TODO: harden security
fargateTaskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({
effect: Effect.ALLOW,
actions: ["kafka:*"],
resources: ["*"]
}
));
fargateTaskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({
effect: Effect.ALLOW,
actions: ["dynamodb:GetItem", "dynamodb:UpdateItem"],
resources: ["*"]
}));
const service = new ecs.FargateService(this, 'Service', {
cluster: cluster,
securityGroups: [vpcStack.fargateSercurityGroup],
taskDefinition: fargateTaskDefinition,
desiredCount: 1
});
}