Added Theta Edge Node CDK

Author: Jonathan Eid

lib/theta/.gitignore

@@ -0,0 +1,9 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+*.lock
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

lib/theta/README.md

@@ -0,0 +1,40 @@
+import 'dotenv/config'
+import "source-map-support/register";
+import * as cdk from "aws-cdk-lib";
+import * as config from "./lib/config/edgeConfig";
+import * as configTypes from "./lib/config/edgeConfig.interface";
+import { EdgeCommonStack } from "./lib/common-stack";
+import { EdgeSingleNodeStack } from "./lib/single-node-stack";
+import * as nag from "cdk-nag";
+
+const app = new cdk.App();
+cdk.Tags.of(app).add("Project", "AWS_THETA_EDGE");
+
+new EdgeCommonStack(app, "edge-common", {
+    stackName: `edge-nodes-common`,
+    env: { account: config.baseConfig.accountId, region: config.baseConfig.region }
+});
+
+new EdgeSingleNodeStack(app, "edge-single-node", {
+    stackName: `edge-single-node-${config.baseNodeConfig.edgeNetwork}`,
+
+    env: { account: config.baseConfig.accountId, region: config.baseConfig.region },
+    nodeRole: <configTypes.EdgeNodeRole> "single-node",
+    instanceType: config.baseNodeConfig.instanceType,
+    instanceCpuType: config.baseNodeConfig.instanceCpuType,
+    edgeNetwork: config.baseNodeConfig.edgeNetwork,
+    edgeNodeGpu: config.baseNodeConfig.edgeNodeGpu,
+    edgeLauncherVersion: config.baseNodeConfig.edgeLauncherVersion,
+    dataVolume: config.baseNodeConfig.dataVolume
+});
+
+
+
+// Security Check
+cdk.Aspects.of(app).add(
+    new nag.AwsSolutionsChecks({
+        verbose: false,
+        reports: true,
+        logIgnores: false
+    })
+);

lib/theta/app.ts

@@ -0,0 +1,57 @@
+{
+  "app": "npx ts-node --prefer-ts-exts app.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true
+  }
+}

lib/theta/cdk.json

@@ -0,0 +1,8 @@
+module.exports = {
+  testEnvironment: 'node',
+  roots: ['<rootDir>/test'],
+  testMatch: ['**/*.test.ts'],
+  transform: {
+    '^.+\\.tsx?$': 'ts-jest'
+  }
+};

lib/theta/doc/assets/Architecture-Theta-Edge-Single-Node.drawio

@@ -0,0 +1,4 @@
+[cfn-auto-reloader-hook]
+triggers=post.update
+path=Resources.WebServerHost.Metadata.AWS::CloudFormation::Init
+action=/opt/aws/bin/cfn-init -v --stack __AWS_STACK_NAME__ --resource WebServerHost --region __AWS_REGION__

lib/theta/doc/assets/Architecture-Theta-Edge-Single-Node.drawio.png

@@ -0,0 +1,5 @@
+[main]
+stack=__AWS_STACK_ID__
+region=__AWS_REGION__
+# The interval used to check for changes to the resource metadata in minutes. Default is 15
+interval=2

lib/theta/jest.config.js

@@ -0,0 +1,8 @@
+[Unit]
+Description=cfn-hup daemon
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/cfn-hup
+Restart=always
+[Install]
+WantedBy=multi-user.target