many-yak-61188
07/09/2021, 1:21 PMbillowy-army-68599
07/09/2021, 1:32 PMmany-yak-61188
07/09/2021, 1:34 PMbillowy-army-68599
07/09/2021, 1:43 PMmany-yak-61188
07/09/2021, 1:43 PMimport * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
import * as fs from 'fs';
// Allocate a new VPC with the default settings:
const vpc = new awsx.ec2.Vpc("ci-cd", {
// runners will be available in multiple zones
numberOfAvailabilityZones: 2,
// this is the smallest cidr block that we can use - 64 IPs
// split across 4 subnets - 16 per subnet, minimum enforced by aws
cidrBlock: "10.0.0.0/26"
});
// Export a few resulting fields to make them easy to use:
export const vpcId: pulumi.Output<string> = vpc.id;
export const vpcPrivateSubnetIds: Promise<pulumi.Output<string>[]> = vpc.privateSubnetIds;
export const vpcPublicSubnetIds: Promise<pulumi.Output<string>[]> = vpc.publicSubnetIds;
// create a security group allowing inbound http(s) / ssh traffic, all outbound traffic
const group = new aws.ec2.SecurityGroup("allow-http-ssh", {
ingress: [
{ protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] },
{ protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] },
{ protocol: "tcp", fromPort: 443, toPort: 443, cidrBlocks: ["0.0.0.0/0"] },
],
egress: [
{ protocol: "-1", fromPort: 0, toPort: 0, cidrBlocks: ["0.0.0.0/0"] },
],
});
// create an ec2 instance in each private subnet for github runner
const userData = fs.readFileSync('./user_data.sh','utf8');
billowy-army-68599
07/09/2021, 1:44 PMmany-yak-61188
07/09/2021, 1:44 PMbillowy-army-68599
07/09/2021, 2:30 PMmany-yak-61188
07/09/2021, 2:33 PMinstanceSecurityGroups
needs to be specified somewhere in the CF template. It's not used right nowbillowy-army-68599
07/09/2021, 3:06 PMmany-yak-61188
07/09/2021, 3:30 PM