Skip to content

Commit b35e4cb

Browse files
author
Richard Bangay
committed
amend userData string to be single strinfg and not concatenated array. Run the update snapshot task.
1 parent bd7943e commit b35e4cb

File tree

2 files changed

+100
-48
lines changed

2 files changed

+100
-48
lines changed

cdk/lib/__snapshots__/manage-frontend.test.ts.snap

+69-14
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ Object {
2121
"GuEc2App",
2222
"GuCertificate",
2323
"GuInstanceRole",
24+
"GuSsmSshPolicy",
2425
"GuDescribeEC2Policy",
2526
"GuLoggingStreamNameParameter",
2627
"GuLogShippingPolicy",
@@ -134,6 +135,11 @@ Object {
134135
},
135136
},
136137
"MaxSize": "6",
138+
"MetricsCollection": Array [
139+
Object {
140+
"Granularity": "1Minute",
141+
},
142+
],
137143
"MinSize": "3",
138144
"Tags": Array [
139145
Object {
@@ -1805,20 +1811,6 @@ Object {
18051811
],
18061812
"Version": "2012-10-17",
18071813
},
1808-
"ManagedPolicyArns": Array [
1809-
Object {
1810-
"Fn::Join": Array [
1811-
"",
1812-
Array [
1813-
"arn:",
1814-
Object {
1815-
"Ref": "AWS::Partition",
1816-
},
1817-
":iam::aws:policy/AmazonSSMManagedInstanceCore",
1818-
],
1819-
],
1820-
},
1821-
],
18221814
"Path": "/",
18231815
"Tags": Array [
18241816
Object {
@@ -1921,6 +1913,7 @@ Object {
19211913
},
19221914
"Port": 443,
19231915
"Protocol": "HTTPS",
1916+
"SslPolicy": "ELBSecurityPolicy-TLS13-1-2-2021-06",
19241917
},
19251918
"Type": "AWS::ElasticLoadBalancingV2::Listener",
19261919
},
@@ -1931,6 +1924,14 @@ Object {
19311924
"Key": "deletion_protection.enabled",
19321925
"Value": "true",
19331926
},
1927+
Object {
1928+
"Key": "routing.http.x_amzn_tls_version_and_cipher_suite.enabled",
1929+
"Value": "true",
1930+
},
1931+
Object {
1932+
"Key": "routing.http.drop_invalid_header_fields.enabled",
1933+
"Value": "true",
1934+
},
19341935
],
19351936
"Scheme": "internet-facing",
19361937
"SecurityGroups": Array [
@@ -2231,6 +2232,42 @@ Object {
22312232
},
22322233
"Type": "AWS::IAM::Policy",
22332234
},
2235+
"SsmSshPolicy4CFC977E": Object {
2236+
"Properties": Object {
2237+
"PolicyDocument": Object {
2238+
"Statement": Array [
2239+
Object {
2240+
"Action": Array [
2241+
"ec2messages:AcknowledgeMessage",
2242+
"ec2messages:DeleteMessage",
2243+
"ec2messages:FailMessage",
2244+
"ec2messages:GetEndpoint",
2245+
"ec2messages:GetMessages",
2246+
"ec2messages:SendReply",
2247+
"ssm:UpdateInstanceInformation",
2248+
"ssm:ListInstanceAssociations",
2249+
"ssm:DescribeInstanceProperties",
2250+
"ssm:DescribeDocumentParameters",
2251+
"ssmmessages:CreateControlChannel",
2252+
"ssmmessages:CreateDataChannel",
2253+
"ssmmessages:OpenControlChannel",
2254+
"ssmmessages:OpenDataChannel",
2255+
],
2256+
"Effect": "Allow",
2257+
"Resource": "*",
2258+
},
2259+
],
2260+
"Version": "2012-10-17",
2261+
},
2262+
"PolicyName": "ssm-ssh-policy",
2263+
"Roles": Array [
2264+
Object {
2265+
"Ref": "InstanceRoleManagefrontendC8EBF20D",
2266+
},
2267+
],
2268+
},
2269+
"Type": "AWS::IAM::Policy",
2270+
},
22342271
"TargetGroupManagefrontend7AE2B787": Object {
22352272
"Properties": Object {
22362273
"HealthCheckIntervalSeconds": 10,
@@ -2345,6 +2382,9 @@ Object {
23452382
"Type": "AWS::EC2::SecurityGroupIngress",
23462383
},
23472384
"supportPRODmanagefrontend8911518E": Object {
2385+
"DependsOn": Array [
2386+
"InstanceRoleManagefrontendC8EBF20D",
2387+
],
23482388
"Properties": Object {
23492389
"LaunchTemplateData": Object {
23502390
"IamInstanceProfile": Object {
@@ -2359,6 +2399,9 @@ Object {
23592399
"Ref": "AMIManagefrontend",
23602400
},
23612401
"InstanceType": "t4g.small",
2402+
"MetadataOptions": Object {
2403+
"InstanceMetadataTags": "enabled",
2404+
},
23622405
"SecurityGroupIds": Array [
23632406
Object {
23642407
"Fn::GetAtt": Array [
@@ -2377,6 +2420,10 @@ Object {
23772420
Object {
23782421
"ResourceType": "instance",
23792422
"Tags": Array [
2423+
Object {
2424+
"Key": "App",
2425+
"Value": "manage-frontend",
2426+
},
23802427
Object {
23812428
"Key": "gu:cdk:version",
23822429
"Value": "TEST",
@@ -2402,6 +2449,10 @@ Object {
24022449
Object {
24032450
"ResourceType": "volume",
24042451
"Tags": Array [
2452+
Object {
2453+
"Key": "App",
2454+
"Value": "manage-frontend",
2455+
},
24052456
Object {
24062457
"Key": "gu:cdk:version",
24072458
"Value": "TEST",
@@ -2482,6 +2533,10 @@ systemctl start manage-frontend
24822533
Object {
24832534
"ResourceType": "launch-template",
24842535
"Tags": Array [
2536+
Object {
2537+
"Key": "App",
2538+
"Value": "manage-frontend",
2539+
},
24852540
Object {
24862541
"Key": "gu:cdk:version",
24872542
"Value": "TEST",

cdk/lib/manage-frontend.ts

+31-34
Original file line numberDiff line numberDiff line change
@@ -50,41 +50,38 @@ export class ManageFrontend extends GuStack {
5050
default: `/${this.stage}/${this.stack}/${app}/serverRavenDSN`,
5151
});
5252

53-
const userData = UserData.forLinux();
53+
const userData = UserData.forLinux({ shebang: '#!/bin/bash -ev' });
5454
userData.addCommands(
55-
[
56-
`#!/bin/bash -ev`,
57-
`# get runnable tar from S3`,
58-
`aws --region ${this.region} s3 cp s3://membership-dist/${this.stack}/${this.stage}/${app}/manage-frontend.zip /tmp`,
59-
`mkdir /etc/gu`,
60-
`unzip /tmp/manage-frontend.zip -d /etc/gu/dist/`,
61-
`# add user`,
62-
`groupadd manage-frontend`,
63-
`useradd -r -s /usr/bin/nologin -g manage-frontend manage-frontend`,
64-
`touch /var/log/manage-frontend.log`,
65-
`chown -R manage-frontend:manage-frontend /etc/gu`,
66-
`chown manage-frontend:manage-frontend /var/log/manage-frontend.log`,
67-
`# write out systemd file`,
68-
`cat >/etc/systemd/system/manage-frontend.service <<EOL`,
69-
`[Service]`,
70-
`ExecStart=/usr/bin/node /etc/gu/dist/server.js`,
71-
`Restart=always`,
72-
`StandardOutput=syslog`,
73-
`StandardError=syslog`,
74-
`SyslogIdentifier=manage-frontend`,
75-
`User=manage-frontend`,
76-
`Group=manage-frontend`,
77-
`Environment=STAGE=${this.stage}`,
78-
`Environment=CLIENT_DSN=${clientRavenDSN.valueAsString}`,
79-
`Environment=SERVER_DSN=${serverRavenDSN.valueAsString}`,
80-
`[Install]`,
81-
`WantedBy=multi-user.target`,
82-
`EOL`,
83-
`# RUN`,
84-
`systemctl enable manage-frontend`,
85-
`systemctl start manage-frontend`,
86-
`/opt/cloudwatch-logs/configure-logs application ${this.stack} ${this.stage} ${app} /var/log/manage-frontend.log`,
87-
].join('\n'),
55+
`# get runnable tar from S3
56+
aws --region ${this.region} s3 cp s3://membership-dist/${this.stack}/${this.stage}/${app}/manage-frontend.zip /tmp
57+
mkdir /etc/gu
58+
unzip /tmp/manage-frontend.zip -d /etc/gu/dist/
59+
# add user
60+
groupadd manage-frontend
61+
useradd -r -s /usr/bin/nologin -g manage-frontend manage-frontend
62+
touch /var/log/manage-frontend.log
63+
chown -R manage-frontend:manage-frontend /etc/gu
64+
chown manage-frontend:manage-frontend /var/log/manage-frontend.log
65+
# write out systemd file
66+
cat >/etc/systemd/system/manage-frontend.service <<EOL
67+
[Service]
68+
ExecStart=/usr/bin/node /etc/gu/dist/server.js
69+
Restart=always
70+
StandardOutput=syslog
71+
StandardError=syslog
72+
SyslogIdentifier=manage-frontend
73+
User=manage-frontend
74+
Group=manage-frontend
75+
Environment=STAGE=${this.stage}
76+
Environment=CLIENT_DSN=${clientRavenDSN.valueAsString}
77+
Environment=SERVER_DSN=${serverRavenDSN.valueAsString}
78+
[Install]
79+
WantedBy=multi-user.target
80+
EOL
81+
# RUN
82+
systemctl enable manage-frontend
83+
systemctl start manage-frontend
84+
/opt/cloudwatch-logs/configure-logs application ${this.stack} ${this.stage} ${app} /var/log/manage-frontend.log`,
8885
);
8986

9087
const logGroup = new LogGroup(this, 'ManageFrontendLogGroup', {

0 commit comments

Comments
 (0)