constructor()

in cdk/lib/cerebro.ts [21:112]

• 82 lines of code
• 1 McCabe index (conditional complexity)

  constructor(scope: App, props: CerebroStackProps) {
    super(scope, `${app}-${props.stage}`, props);

    const vpc = GuVpc.fromIdParameter(this, 'vpc');

    const esUrl = new GuStringParameter(this, 'elasticsearchUrl', {
      fromSSM: true,
      default: `/${props.stage}/${props.stack}/elasticsearch/url`,
    });

    const cerebroApp = new GuEc2App(this, {
      scaling:  {
        minimumInstances: 1,
      },
      applicationPort: 9000,
      app,
      access: {
        scope: AccessScope.PUBLIC
      },
      instanceType: InstanceType.of(InstanceClass.T4G, props.instanceSize),
      certificateProps:{
        domainName: props.domainName
      },
      monitoringConfiguration: {
        noMonitoring: true
      },
      userData: UserData.custom(`#!/bin/bash -ev
adduser --disabled-password cerebro
export HOME=/home/cerebro
cd $HOME
wget https://github.com/lmenezes/cerebro/releases/download/v${props.cerebroVersion}/cerebro_${props.cerebroVersion}_all.deb
dpkg -i cerebro_${props.cerebroVersion}_all.deb
echo 'JAVA_OPTS="-Dconfig.file=/etc/cerebro/custom.conf -Dpidfile.path=/dev/null"' > /etc/default/cerebro
cat <<'EOF' > /etc/cerebro/custom.conf
# Include these as defaults
include "/etc/cerebro/application.conf"
      
# Overrides
data.path: "/var/lib/cerebro/cerebro.db"
      
hosts = [
  {
    host = "${esUrl.valueAsString}"
    name = "${props.stack} (${props.stage})"
  }
]
EOF
systemctl restart cerebro
`),
      roleConfiguration: {
        additionalPolicies: [
        ],
      },
      googleAuth: {
        enabled: true,
        domain: props.domainName,
      },
      imageRecipe: {
        Recipe: 'editorial-tools-jammy-java11',
        Encrypted: true,
      }
    });

		cerebroApp.targetGroup.configureHealthCheck({
			...cerebroApp.targetGroup.healthCheck,
			path: '/',
		});

    const elasticsearchSecurityGroup = new GuSecurityGroup(this, "ElasticSearchAccess", {
      egresses: [
        {
          range: Peer.ipv4("172.16.0.0/12"),
          port: 9200,
          description: "Allow outgoing Elasticsearch connections"
        }
      ],
      allowAllOutbound: false,
      vpc,
      app,
    });

    cerebroApp.autoScalingGroup.connections.addSecurityGroup(elasticsearchSecurityGroup);

    const { domainName } = props;

    new GuCname(this, "CerebroCname", {
      app,
      resourceRecord: cerebroApp.loadBalancer.loadBalancerDnsName,
      ttl: Duration.hours(1),
      domainName: domainName,
    })
  }