Skip to content

Main dfd #446

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 9 commits into
base: main
Choose a base branch
from
Draft

Main dfd #446

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
2e5d819
Update Ingress gateway walkthrough to use appmesh prod cli
rajal-amzn Jul 10, 2020
08e2500
Setting Healthcheck StartPeriod as 60s
rajal-amzn Jul 13, 2020
4894c93
Merge pull request #1 from aws/master
rajal-amzn Dec 22, 2020
5b3a5be
* Chaging mesh service discovery to Cloudmap
rajal-amzn Dec 22, 2020
716fa9b
[Blogpost] Traffic Encryption in AWS App Mesh across accounts using A…
gmridula Apr 12, 2021
9a5874f
Merge branch 'master' of https://github.com/aws/aws-app-mesh-examples
rajal-amzn Jun 4, 2021
32cd56c
Merge branch 'main' of https://github.com/aws/aws-app-mesh-examples i…
rajal-amzn Jun 4, 2021
2029382
Merge branch 'main' of https://github.com/aws/aws-app-mesh-examples i…
rajal-amzn Aug 26, 2021
3d7dd6d
Merge branch 'aws-main'
rajal-amzn Aug 26, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions ...-service-connectivity/yelb/deployments/platformdeployment/AWS/ECS/mesh/yelb-appmesh-db.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@

#Gets the yelb db endpoint from yelb-fargate cloudformation stack
export YELB_DB_ENDPOINT=$(aws cloudformation describe-stacks --stack-name yelb-fargate --query "Stacks[0].Outputs[?OutputKey=='YelbDBEndpointUrl'].OutputValue" --output text)

Expand Down
100 changes: 100 additions & 0 deletions walkthroughs/eks-app-mesh-cross-account-acm/cleanup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
#!/bin/bash

set -e
export AWS_PAGER=""

echo "Deleting the EKS clusters"
eksctl delete -p frontend cluster -f /tmp/eks-frontend-configuration.yml
eksctl delete -p backend cluster -f /tmp/eks-backend-configuration.yml

echo "Deleting the App Mesh virtual services"
aws --profile frontend appmesh delete-virtual-service \
--mesh-name am-multi-account-mesh \
--virtual-service-name yelb-db

aws --profile frontend appmesh delete-virtual-service \
--mesh-name am-multi-account-mesh \
--virtual-service-name redis-server

aws --profile frontend appmesh delete-virtual-service \
--mesh-name am-multi-account-mesh \
--virtual-service-name yelb-appserver

aws --profile frontend appmesh delete-virtual-service \
--mesh-name am-multi-account-mesh \
--virtual-service-name yelb-ui

echo "Deleting the App Mesh virtual router"
aws --profile frontend appmesh delete-route \
--mesh-name am-multi-account-mesh \
--virtual-router-name yelb-appserver-virtual-router \
--route-name route-to-yelb-appserver

aws --profile frontend appmesh delete-virtual-router \
--mesh-name am-multi-account-mesh \
--virtual-router-name yelb-appserver-virtual-router

echo "Deleting the App Mesh virtual nodes"
aws --profile frontend appmesh delete-virtual-node \
--mesh-name am-multi-account-mesh \
--virtual-node-name redis-server_yelb

aws --profile frontend appmesh delete-virtual-node \
--mesh-name am-multi-account-mesh \
--virtual-node-name yelb-db_yelb

aws --profile frontend appmesh delete-virtual-node \
--mesh-name am-multi-account-mesh \
--virtual-node-name yelb-appserver_yelb

aws --profile frontend appmesh delete-virtual-node \
--mesh-name am-multi-account-mesh \
--virtual-node-name yelb-ui_yelb

echo "Deleting the App Mesh mesh"
aws --profile frontend appmesh delete-mesh \
--mesh-name am-multi-account-mesh

echo "Deleting Cloud Map Services"
NAMESPACE=$(aws --profile backend servicediscovery list-namespaces | \
jq -r ' .Namespaces[] | select ( .Properties.HttpProperties.HttpName == "am-multi-account.local" ) | .Id ');
SERVICE_ID=$(aws --profile backend servicediscovery list-services --filters Name="NAMESPACE_ID",Values=$NAMESPACE,Condition="EQ" | jq -r ' .Services[] | [ .Id ] | @tsv ' )
aws --profile backend servicediscovery list-instances --service-id $SERVICE_ID | jq -r ' .Instances[] | [ .Id ] | @tsv ' |\
while IFS=$'\t' read -r instanceId; do
aws --profile backend servicediscovery deregister-instance --service-id $SERVICE_ID --instance-id $instanceId
done
aws --profile backend servicediscovery list-services \
--filters Name="NAMESPACE_ID",Values=$NAMESPACE,Condition="EQ" | \
jq -r ' .Services[] | [ .Id ] | @tsv ' | \
while IFS=$'\t' read -r serviceId; do
aws --profile backend servicediscovery delete-service \
--id $serviceId
done

echo "Deleting CloudFormation templates"
aws --profile backend cloudformation delete-stack \
--stack-name am-multi-account-routes
aws --profile backend cloudformation wait stack-delete-complete \
--stack-name am-multi-account-routes

aws --profile backend cloudformation delete-stack \
--stack-name am-multi-account-infra
aws --profile backend cloudformation wait stack-delete-complete \
--stack-name am-multi-account-infra

aws --profile frontend cloudformation delete-stack \
--stack-name am-multi-account-shared-mesh
aws --profile frontend cloudformation wait stack-delete-complete \
--stack-name am-multi-account-shared-mesh

aws --profile frontend cloudformation delete-stack \
--stack-name am-multi-account-routes
aws --profile frontend cloudformation wait stack-delete-complete \
--stack-name am-multi-account-routes

aws --profile frontend cloudformation delete-stack \
--stack-name am-multi-account-infra
aws --profile frontend cloudformation wait stack-delete-complete \
--stack-name am-multi-account-infra

echo "Cleanup finished"
112 changes: 112 additions & 0 deletions walkthroughs/eks-app-mesh-cross-account-acm/eks/setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
#!/bin/bash

set -e

echo "Creating a ClusterConfig file for the Frontend cluster..."

FRONTEND_AWS_REGION=$(aws --profile frontend configure get region);
FRONTEND_PRIVSUB1_ID=$(aws --profile frontend cloudformation list-exports | jq -r '.Exports[] | select(.Name=="am-multi-account:PrivateSubnet1") | .Value');
FRONTEND_PRIVSUB2_ID=$(aws --profile frontend cloudformation list-exports | jq -r '.Exports[] | select(.Name=="am-multi-account:PrivateSubnet2") | .Value');
FRONTEND_PUBSUB1_ID=$(aws --profile frontend cloudformation list-exports | jq -r '.Exports[] | select(.Name=="am-multi-account:PublicSubnet1") | .Value');
FRONTEND_PUBSUB2_ID=$(aws --profile frontend cloudformation list-exports | jq -r '.Exports[] | select(.Name=="am-multi-account:PublicSubnet2") | .Value');
FRONTEND_PRIVSUB1_AZ=$(aws --profile frontend ec2 describe-subnets --subnet-ids $FRONTEND_PRIVSUB1_ID | jq -r .Subnets[].AvailabilityZone);
FRONTEND_PRIVSUB2_AZ=$(aws --profile frontend ec2 describe-subnets --subnet-ids $FRONTEND_PRIVSUB2_ID | jq -r .Subnets[].AvailabilityZone);
FRONTEND_PUBSUB1_AZ=$(aws --profile frontend ec2 describe-subnets --subnet-ids $FRONTEND_PUBSUB1_ID | jq -r .Subnets[].AvailabilityZone);
FRONTEND_PUBSUB2_AZ=$(aws --profile frontend ec2 describe-subnets --subnet-ids $FRONTEND_PUBSUB2_ID | jq -r .Subnets[].AvailabilityZone);
FRONTEND_NODES_IAM_POLICY=$(aws --profile frontend cloudformation list-exports | jq -r '.Exports[] | select(.Name=="am-multi-account:NodesSDPolicy") | .Value');

cat > /tmp/eks-frontend-configuration.yml <<-EKS_FRONTEND_CONF
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: am-multi-account-1
region: $FRONTEND_AWS_REGION
version: "1.18"
vpc:
subnets:
private:
$FRONTEND_PRIVSUB1_AZ: { id: $FRONTEND_PRIVSUB1_ID }
$FRONTEND_PRIVSUB2_AZ: { id: $FRONTEND_PRIVSUB2_ID }
public:
$FRONTEND_PUBSUB1_AZ: { id: $FRONTEND_PUBSUB1_ID }
$FRONTEND_PUBSUB2_AZ: { id: $FRONTEND_PUBSUB2_ID }
nodeGroups:
- name: am-multi-account-1-ng
labels: { role: workers }
instanceType: t3.large
desiredCapacity: 3
ssh:
allow: false
privateNetworking: true
iam:
attachPolicyARNs:
- $FRONTEND_NODES_IAM_POLICY
- arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
- arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess
- arn:aws:iam::aws:policy/AWSAppMeshFullAccess
withAddonPolicies:
xRay: true
cloudWatch: true
externalDNS: true
EKS_FRONTEND_CONF

echo "Creating the Frontend EKS cluster..."
eksctl create -p frontend cluster -f /tmp/eks-frontend-configuration.yml

echo "Creating a ClusterConfig file for the Backend cluster..."

BACKEND_AWS_REGION=$(aws --profile backend configure get region);
BACKEND_PRIVSUB1_ID=$(aws --profile backend cloudformation list-exports | jq -r '.Exports[] | select(.Name=="am-multi-account:PrivateSubnet1") | .Value');
BACKEND_PRIVSUB2_ID=$(aws --profile backend cloudformation list-exports | jq -r '.Exports[] | select(.Name=="am-multi-account:PrivateSubnet2") | .Value');
BACKEND_PUBSUB1_ID=$(aws --profile backend cloudformation list-exports | jq -r '.Exports[] | select(.Name=="am-multi-account:PublicSubnet1") | .Value');
BACKEND_PUBSUB2_ID=$(aws --profile backend cloudformation list-exports | jq -r '.Exports[] | select(.Name=="am-multi-account:PublicSubnet2") | .Value');
BACKEND_PRIVSUB1_AZ=$(aws --profile backend ec2 describe-subnets --subnet-ids $BACKEND_PRIVSUB1_ID | jq -r .Subnets[].AvailabilityZone);
BACKEND_PRIVSUB2_AZ=$(aws --profile backend ec2 describe-subnets --subnet-ids $BACKEND_PRIVSUB2_ID | jq -r .Subnets[].AvailabilityZone);
BACKEND_PUBSUB1_AZ=$(aws --profile backend ec2 describe-subnets --subnet-ids $BACKEND_PUBSUB1_ID | jq -r .Subnets[].AvailabilityZone);
BACKEND_PUBSUB2_AZ=$(aws --profile backend ec2 describe-subnets --subnet-ids $BACKEND_PUBSUB2_ID | jq -r .Subnets[].AvailabilityZone);
BACKEND_NODES_IAM_POLICY=$(aws --profile backend cloudformation list-exports | jq -r '.Exports[] | select(.Name=="am-multi-account:NodesSDPolicy") | .Value');
BACKEND_NODES_SECURITY_GROUP=$(aws --profile backend cloudformation list-exports | jq -r '.Exports[] | select(.Name=="am-multi-account:NodesSecurityGroup") | .Value');

cat > /tmp/eks-backend-configuration.yml <<-EKS_BACKEND_CONF
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: am-multi-account-2
region: $BACKEND_AWS_REGION
version: "1.18"
vpc:
subnets:
private:
$BACKEND_PRIVSUB1_AZ: { id: $BACKEND_PRIVSUB1_ID }
$BACKEND_PRIVSUB2_AZ: { id: $BACKEND_PRIVSUB2_ID }
public:
$BACKEND_PUBSUB1_AZ: { id: $BACKEND_PUBSUB1_ID }
$BACKEND_PUBSUB2_AZ: { id: $BACKEND_PUBSUB2_ID }
nodeGroups:
- name: am-multi-account-2-ng
labels: { role: workers }
instanceType: t3.large
desiredCapacity: 3
ssh:
allow: false
privateNetworking: true
securityGroups:
withShared: true
withLocal: true
attachIDs: ['$BACKEND_NODES_SECURITY_GROUP']
iam:
attachPolicyARNs:
- $BACKEND_NODES_IAM_POLICY
- arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
- arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess
- arn:aws:iam::aws:policy/AWSAppMeshFullAccess
withAddonPolicies:
xRay: true
cloudWatch: true
externalDNS: true
EKS_BACKEND_CONF

echo "Creating the Backend EKS cluster..."
eksctl create -p backend cluster -f /tmp/eks-backend-configuration.yml
29 changes: 29 additions & 0 deletions walkthroughs/eks-app-mesh-cross-account-acm/infrastructure/backend_vpc_peering_routes.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
Parameters:
ProjectName:
Type: String
Description: Project name to link stacks
Default: am-multi-account

PeerCIDR:
Type: String
Default: 10.192.0.0/16

Resources:

PeerRoute1:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Fn::ImportValue: !Sub '${ProjectName}:PrivateRouteTable1'
DestinationCidrBlock: !Ref PeerCIDR
VpcPeeringConnectionId:
Fn::ImportValue: !Sub '${ProjectName}:VPCPeeringConnectionId'

PeerRoute2:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Fn::ImportValue: !Sub '${ProjectName}:PrivateRouteTable2'
DestinationCidrBlock: !Ref PeerCIDR
VpcPeeringConnectionId:
Fn::ImportValue: !Sub '${ProjectName}:VPCPeeringConnectionId'
30 changes: 30 additions & 0 deletions walkthroughs/eks-app-mesh-cross-account-acm/infrastructure/frontend_vpc_peering_routes.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
Parameters:
ProjectName:
Type: String
Description: Project name to link stacks
Default: am-multi-account

PeerCIDR:
Type: String
Default: 10.193.0.0/16

VPCPeeringConnectionId:
Type: String

Resources:

PeerRoute1:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Fn::ImportValue: !Sub '${ProjectName}:PrivateRouteTable1'
DestinationCidrBlock: !Ref PeerCIDR
VpcPeeringConnectionId: !Ref VPCPeeringConnectionId

PeerRoute2:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Fn::ImportValue: !Sub '${ProjectName}:PrivateRouteTable2'
DestinationCidrBlock: !Ref PeerCIDR
VpcPeeringConnectionId: !Ref VPCPeeringConnectionId
Loading