constructor()

in amazon-neptune-and-aws-cdk-for-amundsen/lib/databuilder-stack.ts [31:138]

• 94 lines of code
• 1 McCabe index (conditional complexity)

  constructor(scope: cdk.App, id: string, props: DatabuilderStackProps) {
    super(scope, id, props);

    const application = this.node.tryGetContext('application');
	  const environment = this.node.tryGetContext('environment');

    var subnets = props.vpc.privateSubnets.map((a) => {
      return a.subnetId;
    });

    const executionRole = new iam.Role(this, 'ExecutionRole', {
      roleName: `${application}-${environment}-databuilder-execution-role`,
      assumedBy: new iam.ServicePrincipal('ecs-tasks.amazonaws.com'),
      managedPolicies: [
        iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonECSTaskExecutionRolePolicy')
      ]
    });

    const taskRole = new iam.Role(this, 'TaskRole', {
      roleName: `${application}-${environment}-databuilder-task-role`,
      assumedBy: new iam.ServicePrincipal('ecs-tasks.amazonaws.com'),
      managedPolicies: [
        iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonECSTaskExecutionRolePolicy')
      ]
    });
    
    const taskPolicy = new iam.Policy(this, 'DatabuilderTaskPolicy', {
      policyName: `${application}-${environment}-amundsen-databuilder-policy`,
      roles: [
        taskRole
      ],
    });

    taskPolicy.addStatements(new iam.PolicyStatement({
      effect: iam.Effect.ALLOW,
      actions: [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
      ],
      resources: [
        `arn:aws:logs:${this.region}:${this.account}:log-group:*:log-stream:*`,
        `arn:aws:logs:${this.region}:${this.account}:log-group:*`,
      ],
    }));

    // Add an ES policy to a Role
    taskPolicy.addStatements(
      new iam.PolicyStatement({
        resources: [
          `arn:aws:es:${this.region}:${this.account}:domain/*`,
          `arn:aws:rds:${this.region}:${this.account}:cluster/*`,
          `arn:aws:s3:::*`,
          `arn:aws:neptune-db:${this.region}:${this.account}:cluster-*`,
        ],
        actions: [
          "es:ESHttpGet",
          "es:ESHttpPut",
          "es:ESHttpPost",
          "es:ESHttpHead",
          "s3:*",
          "neptune-db:*"
        ],
        effect: iam.Effect.ALLOW,
    }));
    
    const taskDefinition = new ecs.FargateTaskDefinition(this, 'Amundsen-Databuilder-Postgres', {
      cpu: 1024,
      memoryLimitMiB: 4096,
      executionRole: executionRole,
      taskRole: taskRole
    });
    
    const asset = new DockerImageAsset(this, 'amundsen-blog-databuilder-postgres', {
      directory: path.join(__dirname, 'databuilders/postgres')
    });

    const container = taskDefinition.addContainer('AmundsenDatabuilderPostgresContainer', {
      image: ecs.ContainerImage.fromDockerImageAsset(asset),
      logging: ecs.LogDrivers.awsLogs({ streamPrefix: 'amundsen-databuilder-postgres' }),
      environment: {
        AWS_REGION: `${this.region}`,
        ES_HOST: props.esDomain.attrDomainEndpoint,
        NEPTUNE_HOST: props.neptuneCluster.attrEndpoint,
        NEPTUNE_PORT: props.neptuneCluster.attrPort,
        S3_BUCKET_NAME: props.s3Bucket.bucketName,
        POSTGRES_HOST: props.rdsInstance.dbInstanceEndpointAddress,
        POSTGRES_PORT: props.rdsInstance.dbInstanceEndpointPort,
      },
      secrets: {
        POSTGRES_USER: ecs.Secret.fromSecretsManager(props.rdsSecret, 'username'),
        POSTGRES_PASSWORD: ecs.Secret.fromSecretsManager(props.rdsSecret, 'password'),
      },
      cpu: 256,
      memoryLimitMiB: 512
    });
    
    const rule = new events.Rule(this, 'Amundsen-Databuilder-Rule', {
      schedule: events.Schedule.expression('rate(5 minutes)')
    });
    
    rule.addTarget(new targets.EcsTask({
      cluster: props.cluster,
      taskDefinition,
      taskCount: 1
    }));

  }