Merge branch 'main' into bsc

Author: vlasonfa

lib/stacks/README.md

@@ -0,0 +1,40 @@
+#!/usr/bin/env node
+import 'dotenv/config'
+import "source-map-support/register";
+import * as cdk from "aws-cdk-lib";
+import * as nag from "cdk-nag";
+import * as config from "./lib/config/stacksConfig";
+
+import { StacksSingleNodeStack } from "./lib/single-node-stack";
+import { StacksCommonStack } from "./lib/common-stack";
+import { StacksHANodesStack } from './lib/ha-nodes-stack';
+
+const app = new cdk.App();
+cdk.Tags.of(app).add("Project", "AWSStacks");
+
+new StacksCommonStack(app, "stacks-common", {
+    stackName: `stacks-nodes-common`,
+    env: { account: config.baseConfig.accountId, region: config.baseConfig.region },
+});
+
+new StacksSingleNodeStack(app, "stacks-single-node", {
+    stackName: `stacks-single-node-${config.baseNodeConfig.stacksNodeConfiguration}`,
+    env: { account: config.baseConfig.accountId, region: config.baseConfig.region },
+    ...config.baseNodeConfig
+});
+
+new StacksHANodesStack(app, "stacks-ha-nodes", {
+    stackName: `stacks-ha-nodes-${config.baseNodeConfig.stacksNodeConfiguration}`,
+    env: { account: config.baseConfig.accountId, region: config.baseConfig.region },
+    ...config.baseNodeConfig,
+    ...config.haNodeConfig
+});
+
+// Security Check
+cdk.Aspects.of(app).add(
+    new nag.AwsSolutionsChecks({
+        verbose: false,
+        reports: true,
+        logIgnores: false,
+    })
+);

lib/stacks/app.ts

@@ -0,0 +1,44 @@
+{
+  "app": "npx ts-node --prefer-ts-exts app.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false
+  }
+}

lib/stacks/cdk.json

@@ -0,0 +1,8 @@
+module.exports = {
+  testEnvironment: 'node',
+  roots: ['<rootDir>/test'],
+  testMatch: ['**/*.test.ts'],
+  transform: {
+    '^.+\\.tsx?$': 'ts-jest'
+  },
+};

lib/stacks/doc/assets/Stacks HA Node AWS Diagram.png

@@ -0,0 +1,58 @@
+#!/bin/bash
+
+# shellcheck source=/dev/null
+source /etc/environment
+
+# Download
+STACKS_REPO="stacks-core"
+STACKS_ORG="stacks-network"
+START_DIR=$PWD
+
+# Install build dependencies.
+sudo yum update
+sudo yum -y install clang llvm git
+
+mkdir -p src && cd src || return
+
+if [ -z "$HOME" ]; then
+  # Set $HOME to /root. $HOME isn't set to be /root when this
+  # script first runs on the host.
+  export HOME="/root"
+  echo "HOME is not set. Setting it to /root."
+fi
+
+# Install Rust.
+echo "Install rustc, cargo and rustfmt."
+curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+
+# shellcheck source=/dev/null
+source "$HOME/.cargo/env"
+rustup component add rustfmt
+
+echo "Verifying we use the latest stable version of Rust"
+rustup update
+
+RUST_STABLE_VERSION=$(rustc --version | awk '{print $2}')
+export RUST_STABLE_VERSION
+
+# Get tag for the latest version.
+echo "Getting the source for stable version $STACKS_VERSION"
+if [ "$STACKS_VERSION" = "latest" ]; then
+  echo "Aquiring tag for latest stable release."
+  VERSION_TAG=$(curl -sL https://api.github.com/repos/$STACKS_ORG/$STACKS_REPO/releases/latest | jq -r .tag_name)
+else
+  VERSION_TAG=$STACKS_VERSION
+fi
+
+echo "Fetching stacks latest code from stacks release $VERSION_TAG"
+wget "https://github.com/$STACKS_ORG/$STACKS_REPO/archive/refs/tags/$VERSION_TAG.tar.gz"
+tar -xzvf "$VERSION_TAG.tar.gz"
+
+SOURCE_DIR="$PWD/$STACKS_REPO-$VERSION_TAG"
+
+# Build relevant source code
+cd "$SOURCE_DIR" || return
+cargo build --features monitoring_prom,slog_json --release --workspace
+
+sudo mkdir -p "$START_DIR/bin"
+find target/release/ -maxdepth 1 -perm /a+x ! -type d -exec cp {} "$START_DIR/bin/" \;

lib/stacks/doc/assets/Stacks Single Node AWS Diagram.png

@@ -0,0 +1,4 @@
+[cfn-auto-reloader-hook]
+triggers=post.update
+path=Resources.WebServerHost.Metadata.AWS::CloudFormation::Init
+action=/opt/aws/bin/cfn-init -v --stack "$STACK_ID" --resource WebServerHost --region "$AWS_REGION"

lib/stacks/jest.config.js

@@ -0,0 +1,5 @@
+[main]
+stack="$STACK_ID"
+region="$AWS_REGION"
+# The interval used to check for changes to the resource metadata in minutes. Default is 15
+interval=2

lib/stacks/lib/assets/build-binaries.sh

@@ -0,0 +1,8 @@
+[Unit]
+Description=cfn-hup daemon
+[Service]
+Type=simple
+ExecStart=/usr/bin/cfn-hup
+Restart=always
+[Install]
+WantedBy=multi-user.target