Merge pull request #157 from aws-samples/develop/cdk-constructs

Develop/cdk constructs

Author: wleepang

src/aws-genomics-cdk/.gitignore

@@ -0,0 +1,9 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
+cdk.context.json

src/aws-genomics-cdk/.npmignore

@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

src/aws-genomics-cdk/README.md

@@ -0,0 +1,160 @@
+# Genomics Workflows on AWS - CDK code
+
+Contained herein is a CDK application for creating AWS resources for working 
+with large-scale biomedical data - e.g. genomics.  
+
+In order to deploy this CDK application, you'll need an environment with AWS 
+CLI access and AWS CDK installed. A quick way to get an environment for running 
+this application is to launch [AWS Cloud9](https://aws.amazon.com/cloud9/).  
+
+AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets 
+you write, run, and debug your code with just a browser. It includes a code 
+editor, debugger, and terminal. Cloud9 comes prepackaged with essential 
+tools for popular programming languages, including JavaScript, Python, PHP, and 
+more, so you don’t need to install files or configure your development machine 
+to start new projects.
+
+
+## Download
+
+Clone the repo to your local environment / Cloud9 environment.
+```
+git clone https://github.com/aws-samples/aws-genomics-workflows.git
+```
+
+## Configure
+
+This CDK application requires an S3 bucket and a VPC. The application can 
+create them as part of the deployment or you could configure the application to 
+use your own S3 bucket and/or existing VPC.
+
+After cloning the repo, open, update, and save the application configuration 
+file - `app.config.json`.
+
+**accountID** - Your 
+[AWS account id](https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html).  
+**region** - The 
+[AWS region](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html) 
+you want to use for the deployment (e.g., us-east-1, us-west-2, etc.).  
+**projectName** - A name for the project that will be used as a prefix for the 
+CDK stacks and constrcuts.  
+**tags** - A list of key,value strings to use as tags for the AWS resources 
+created by this app.  
+**S3.existingBucket** - If you want to use an existing bucket, set this value 
+to true, otherwise set it to false to create a new bucket.  
+**S3.bucketName** - The bucket name to use or create.  
+**VPC.createVPC** - If you want to create a new VPC, set this to true, 
+otherwise set to false.  
+**VPC.VPCName** - The VPC name to use a create.  
+**VPC.maxAZs** - The amount of availability zones to use when creating a new 
+VPC.  
+**VPC.cidr** - The 
+[CIDR block](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) for 
+the new VPC.  
+**VPC.cidrMask** - The 
+[CIDR block subnet mask](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#Subnet_masks) 
+for the new VPC.  
+**batch.defaultVolumeSize** - The default EBS volume size in GiB to be attached 
+to the EC2 instance under AWS Batch.  
+**batch.spotMaxVCPUs** - The limit on vcpus when using 
+[spot instances](https://aws.amazon.com/ec2/spot/).  
+**batch.onDemendMaxVCPUs** - The limit on vcpus when using on-demand instances.  
+**batch.instanceTypes** - The 
+[EC2 instance types](https://aws.amazon.com/ec2/instance-types/) to use in 
+AWS Batch.  
+**workflows** - A list of workflows that you would like to launch. There are 
+demo workflows under the `lib/workflows` directory. To add a workflow, update 
+the code in the `lib/aws-genomics-cdk-stack.ts` file. Look for the workflows 
+section.
+
+```
+{
+    "accountID": "111111111111",
+    "region": "us-west-2",
+    "projectName": "genomics",
+    "tags": [{
+            "name": "Environment",
+            "value": "production"
+        },
+        {
+            "name": "Project",
+            "value": "genomics-pipeline"
+        }
+    ]
+    "S3": {
+        "existingBucket": true,
+        "bucketName": "YOUR-BUCKET-NAME"
+    },
+    "VPC": {
+        "createVPC": true,
+        "VPCName": "genomics-vpc",
+        "maxAZs": 2,
+        "cidr": "10.0.0.0/16",
+        "cidrMask": 24
+    },
+    "batch": {
+        "defaultVolumeSize": 100,
+        "spotMaxVCPUs": 128,
+        "onDemendMaxVCPUs": 128,
+        "instanceTypes": [
+            "c4.large",
+            "c4.xlarge",
+            "c4.2xlarge",
+            "c4.4xlarge",
+            "c4.8xlarge",
+            "c5.large",
+            "c5.xlarge",
+            "c5.2xlarge",
+            "c5.4xlarge",
+            "c5.9xlarge",
+            "c5.12xlarge",
+            "c5.18xlarge",
+            "c5.24xlarge"
+        ]
+    },
+    "workflows": [{
+        "name": "variantCalling",
+        "spot": true
+    }]
+}
+```
+
+## Deploy
+
+To deploy the CDK application, use the command line and make sure you are in 
+the root folder of the CDK application (`src/aws-genomics-cdk`).  
+First install the neccessary node.js modules
+```
+npm install
+```
+
+Then deploy the application.
+```
+# The "--require-approval never" parameter will skip the question to approve 
+# specific resouce creation, such as IAM roles. You can remove this parameter 
+# if you want to be prompted to approve creating these resources.
+cdk deploy --all --require-approval never
+```
+
+
+## Stacks
+
+| File | Description |
+| :--- | :---------- |
+| `lib/aws-genomics-cdk-stack.ts` | The main stack that initialize the rest of the stacks |
+| `lib/vpc/vpc-stack.ts` | An optional stack that will launch a VPC |
+| `lib/batch/batch-stack.ts` | An AWS Batch stack with 2 comnpute environments (spot and on demand) and 2 queues (default and high priority) |
+| `lib/batch/batch-iam-stack.ts` | An IAM stack with roles and policies required for running AWS Batch |
+| `llib/workflows` | A folder containing pipeline stacks |
+
+
+## Constructs
+
+| File | Description |
+| :--- | :---------- |
+| `lib/batch/batch-compute-environmnet-construct.ts` | A construct for creating an [AWS Batch compute environment](https://docs.aws.amazon.com/batch/latest/userguide/compute_environments.html) |
+| `lib/batch/job-queue-construct.ts` | A construct for creating an [AWS Batch job queue](https://docs.aws.amazon.com/batch/latest/userguide/job_queues.html) |
+| `lib/batch/launch-template-construct.ts` | A construct for creating an [EC2 launch template](https://docs.aws.amazon.com/autoscaling/ec2/userguide/LaunchTemplates.html) |
+| `lib/workflows/genomics-task-construct.ts` | A construct for creating a step function task that submits a batch job |
+| `lib/workflows/job-definition-construct.ts` | A construct for creating an [AWS Batch job definition](https://docs.aws.amazon.com/batch/latest/userguide/job_definitions.html) to be used as a task in step functions |
+

src/aws-genomics-cdk/app.config.json

@@ -0,0 +1,49 @@
+{
+    "accountID": "111111111111",
+    "region": "us-west-2",
+    "projectName": "genomics",
+    "tags": [{
+            "name": "Environment",
+            "value": "production"
+        },
+        {
+            "name": "Project",
+            "value": "genomics-pipeline"
+        }
+    ],
+    "S3": {
+        "existingBucket": true,
+        "bucketName": "YOUR-BUCKET-NAME"
+    },
+    "VPC": {
+        "createVPC": true,
+        "VPCName": "genomics-vpc",
+        "maxAZs": 2,
+        "cidr": "10.0.0.0/16",
+        "cidrMask": 24
+    },
+    "batch": {
+        "defaultVolumeSize": 100,
+        "spotMaxVCPUs": 128,
+        "onDemendMaxVCPUs": 128,
+        "instanceTypes": [
+            "c4.large",
+            "c4.xlarge",
+            "c4.2xlarge",
+            "c4.4xlarge",
+            "c4.8xlarge",
+            "c5.large",
+            "c5.xlarge",
+            "c5.2xlarge",
+            "c5.4xlarge",
+            "c5.9xlarge",
+            "c5.12xlarge",
+            "c5.18xlarge",
+            "c5.24xlarge"
+        ]
+    },
+    "workflows": [{
+        "name": "variantCalling",
+        "spot": true
+    }]
+}

src/aws-genomics-cdk/assets/genomics-policy-s3.json

@@ -0,0 +1,33 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Deny",
+            "Action": [
+                "s3:Delete*",
+                "s3:PutBucket*"
+            ],
+            "Resource": [
+                "arn:aws:s3:::BUCKET_NAME"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:ListBucket*"
+            ],
+            "Resource": [
+                "arn:aws:s3:::BUCKET_NAME"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:*"
+            ],
+            "Resource": [
+                "arn:aws:s3:::BUCKET_NAME/*"
+            ]
+        }
+    ]
+}

src/aws-genomics-cdk/assets/launch_template_user_data.txt

@@ -0,0 +1,99 @@
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="==BOUNDARY=="
+
+--==BOUNDARY==
+Content-Type: text/cloud-config; charset="us-ascii"
+
+#cloud-config
+repo_update: true
+repo_upgrade: security
+
+packages:
+- jq
+- btrfs-progs
+- sed
+- git
+- amazon-ssm-agent
+- unzip
+- amazon-cloudwatch-agent
+
+write_files:
+- permissions: '0644'
+  path: /opt/aws/amazon-cloudwatch-agent/etc/config.json
+  content: |
+    {
+      "agent": {
+        "logfile": "/opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log"
+      },
+      "logs": {
+        "logs_collected": {
+          "files": {
+            "collect_list": [
+              {
+                "file_path": "/opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log",
+                "log_group_name": "/aws/ecs/container-instance/${Namespace}",
+                "log_stream_name": "/aws/ecs/container-instance/${Namespace}/{instance_id}/amazon-cloudwatch-agent.log"
+              },
+              {
+                "file_path": "/var/log/cloud-init.log",
+                "log_group_name": "/aws/ecs/container-instance/${Namespace}",
+                "log_stream_name": "/aws/ecs/container-instance/${Namespace}/{instance_id}/cloud-init.log"
+              },
+              {
+                "file_path": "/var/log/cloud-init-output.log",
+                "log_group_name": "/aws/ecs/container-instance/${Namespace}",
+                "log_stream_name": "/aws/ecs/container-instance/${Namespace}/{instance_id}/cloud-init-output.log"
+              },
+              {
+                "file_path": "/var/log/ecs/ecs-init.log",
+                "log_group_name": "/aws/ecs/container-instance/${Namespace}",
+                "log_stream_name": "/aws/ecs/container-instance/${Namespace}/{instance_id}/ecs-init.log"
+              },
+              {
+                "file_path": "/var/log/ecs/ecs-agent.log",
+                "log_group_name": "/aws/ecs/container-instance/${Namespace}",
+                "log_stream_name": "/aws/ecs/container-instance/${Namespace}/{instance_id}/ecs-agent.log"
+              },
+              {
+                "file_path": "/var/log/ecs/ecs-volume-plugin.log",
+                "log_group_name": "/aws/ecs/container-instance/${Namespace}",
+                "log_stream_name": "/aws/ecs/container-instance/${Namespace}/{instance_id}/ecs-volume-plugin.log"
+              }
+            ]
+          }
+        }
+      }
+    }
+
+runcmd:
+
+# start the amazon-cloudwatch-agent
+- /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/etc/config.json
+
+# install aws-cli v2 and copy the static binary in an easy to find location for bind-mounts into containers
+- curl -s "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip"
+- unzip -q /tmp/awscliv2.zip -d /tmp
+- /tmp/aws/install -b /usr/bin
+
+# check that the aws-cli was actually installed. if not shutdown (terminate) the instance
+- command -v aws || shutdown -P now
+
+- mkdir -p /opt/aws-cli/bin
+- cp -a $(dirname $(find /usr/local/aws-cli -name 'aws' -type f))/. /opt/aws-cli/bin/
+
+# set environment variables for provisioning
+- export GWFCORE_NAMESPACE=${Namespace}
+- export INSTALLED_ARTIFACTS_S3_ROOT_URL=$(aws ssm get-parameter --name /gwfcore/${Namespace}/installed-artifacts/s3-root-url --query 'Parameter.Value' --output text)
+
+# enable ecs spot instance draining
+- echo ECS_ENABLE_SPOT_INSTANCE_DRAINING=true >> /etc/ecs/ecs.config
+
+# pull docker images only if missing
+- echo ECS_IMAGE_PULL_BEHAVIOR=prefer-cached >> /etc/ecs/ecs.config
+
+- cd /opt
+- aws s3 sync $INSTALLED_ARTIFACTS_S3_ROOT_URL/ecs-additions ./ecs-additions
+- chmod a+x /opt/ecs-additions/provision.sh
+- /opt/ecs-additions/provision.sh
+
+--==BOUNDARY==--

src/aws-genomics-cdk/bin/aws-genomics-cdk.ts

@@ -0,0 +1,23 @@
+#!/usr/bin/env node
+import "source-map-support/register";
+import * as cdk from "@aws-cdk/core";
+import { AwsGenomicsCdkStack } from "../lib/aws-genomics-cdk-stack";
+import * as config from "../app.config.json";
+
+const env = {
+  account: process.env.CDK_DEFAULT_ACCOUNT ?? config.accountID,
+  region: process.env.CDK_DEFAULT_REGION ?? config.region,
+};
+
+const app = new cdk.App();
+const genomicsStack = new AwsGenomicsCdkStack(
+  app,
+  `${config.projectName}CdkStack`,
+  {
+    env: env,
+  }
+);
+
+for (let i = 0; i < config.tags.length; i++) {
+  cdk.Tags.of(genomicsStack).add(config.tags[i].name, config.tags[i].value);
+}