Skip to content

Commit

Permalink
Merge pull request #51 from codeforjapan/refactor/change-schedule-tas…
Browse files Browse the repository at this point in the history
…k-to-public

Refactor/change schedule task to public
  • Loading branch information
ayuki-joto authored Jun 25, 2024
2 parents 052946e + 49b3cc7 commit 40273e2
Show file tree
Hide file tree
Showing 8 changed files with 676 additions and 432 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/dev_synth.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
uses: youyo/aws-cdk-github-actions@v2
with:
cdk_subcommand: 'synth'
cdk_version: '2.135.0'
cdk_version: '2.147.1'
working_dir: 'cdk'
cdk_args: '--context stage=dev'
env:
Expand Down
3 changes: 3 additions & 0 deletions lib/decidim-stack.ts
Original file line number Diff line number Diff line change
Expand Up @@ -419,6 +419,9 @@ export class DecidimStack extends cdk.Stack {
targets: [new EcsTask({
cluster: cluster,
taskDefinition: taskDefinition,
subnetSelection: {
subnets: props.vpc.publicSubnets
},
containerOverrides: [
{
containerName: 'appContainer',
Expand Down
21 changes: 15 additions & 6 deletions lib/network.ts
Original file line number Diff line number Diff line change
Expand Up @@ -59,12 +59,21 @@ export class NetworkStack extends Stack {
}
)
sgForDecidimService.addIngressRule(sgForAlb, ec2.Port.tcp(80))
sgForDecidimService.addIngressRule(fromPeer, ec2.Port.tcp(465))
sgForDecidimService.addIngressRule(fromPeer, ec2.Port.tcp(587))
sgForDecidimService.addIngressRule(fromPeer, ec2.Port.tcp(2465))
sgForDecidimService.addIngressRule(fromPeer, ec2.Port.tcp(2587))
this.sgForDecidimService = sgForDecidimService

const sgForSes = new ec2.SecurityGroup(
this,
`${ props.stage }SecurityGroupForSesService`,
{
vpc,
securityGroupName: `${ props.stage }ForSesService`
}
)
sgForSes.addIngressRule(sgForDecidimService, ec2.Port.tcp(465))
sgForSes.addIngressRule(sgForDecidimService, ec2.Port.tcp(587))
sgForSes.addIngressRule(sgForDecidimService, ec2.Port.tcp(2465))
sgForSes.addIngressRule(sgForDecidimService, ec2.Port.tcp(2587))

// SG for Rds
const sgForRds = new ec2.SecurityGroup(
this,
Expand Down Expand Up @@ -108,7 +117,7 @@ export class NetworkStack extends Stack {
{
vpc,
service: ec2.InterfaceVpcEndpointAwsService.SES,
securityGroups: [sgForDecidimService],
securityGroups: [sgForSes],
subnets: {
subnetType: ec2.SubnetType.PUBLIC
}
Expand Down Expand Up @@ -185,7 +194,7 @@ export class NetworkStack extends Stack {
const vpc = new ec2.Vpc(this, `Vpc`, {
ipAddresses: IpAddresses.cidr("10.0.0.0/16"),
vpcName: `${ props.stage }${ props.serviceName }`,
natGateways: 1,
natGateways: 0,
subnetConfiguration: [
{
cidrMask: 24,
Expand Down
Loading

0 comments on commit 40273e2

Please sign in to comment.