Updated READMEs

william-munoz · Feb 14, 2021 · 65692ae · 65692ae
1 parent 4b859f5
commit 65692ae
Show file tree

Hide file tree

Showing 13 changed files with 439 additions and 0 deletions.
diff --git a/608-Capturing-Logs-From-Containers-Running-On-ECS/README.md b/608-Capturing-Logs-From-Containers-Running-On-ECS/README.md
@@ -0,0 +1,81 @@
+# Capturing logs from containers running on Amazon ECS
+## Preparation
+### In the root of the Chapter 4 repo cd to the “408-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-408” folder and follow the subsequent steps: 
+    cd 408-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-408
+    python3 -m venv .env
+    source .env/bin/activate
+    python -m pip install --upgrade pip setuptools wheel
+    python -m pip install -r requirements.txt
+    cdk deploy
+###  Run the script, and copy the output to your terminal to export variables:
+    python helper.py
+
+### Navigate up to the main directory for this recipe (out of the “cdk-AWS-Cookbook-408” folder)
+    cd ..
+
+## Steps
+
+### Create the ECS service-linked role if it does not exist:
+    aws iam list-roles --path-prefix /aws-service-role/ecs.amazonaws.com/
+    aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com
+
+### Create an IAM role using the statement in the file task-execution-assume-role.json
+    aws iam create-role --role-name AWSCookbook408ECS \
+    --assume-role-policy-document file://task-execution-assume-role.json
+
+### Attach the AWS managed IAM policy for ECS task execution to the IAM role that you just created: 
+    aws iam attach-role-policy --role-name AWSCookbook408ECS --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
+
+### Create a Log Group in CloudWatch: 
+    aws logs create-log-group --log-group-name AWSCookbook408ECS
+
+### Register the ask definition
+    aws ecs register-task-definition --execution-role-arn \
+    "arn:aws:iam::$AWS_ACCOUNT_ID:role/AWSCookbook408ECS" \
+    --cli-input-json file://taskdef.json
+
+### Run the ECS task on the ECS cluster that you created earlier in this recipe with the AWS CDK:
+    aws ecs run-task --cluster $ECSClusterName \
+    --launch-type FARGATE --network-configuration "awsvpcConfiguration={subnets=[$VPCPublicSubnets],securityGroups=[$VPCDefaultSecurityGroup],assignPublicIp=ENABLED}" --task-definition awscookbook408
+
+### Check the task status using the Task ARN
+    aws ecs list-tasks --cluster $ECSClusterName
+
+### Then use the task ARN to check for the “RUNNING” state with the describe-tasks command output:
+    aws ecs describe-tasks --cluster $ECSClusterName --tasks <<TaskARN>>
+
+### After the task has reached the “RUNNING” state (approximately 15 seconds), use the following commands to view logs. 
+    aws logs describe-log-streams --log-group-name AWSCookbook408ECS
+
+### Note the logStreamName from the output and then run the get-log-events command
+    aws logs get-log-events --log-group-name AWSCookbook408ECS \
+    --log-stream-name <<logStreamName>>
+
+### Finally, Observe the log output returned in the previous command.
+
+## Clean up 
+### Stop the ECS task:
+    aws ecs stop-task --cluster $ECSClusterName --task <<TaskARN>>
+
+### Delete the IAM Policy Attachment and Role:
+    aws iam detach-role-policy --role-name AWSCookbook408ECS --policy-arn \
+    arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
+    aws iam delete-role --role-name AWSCookbook408ECS
+
+### Delete Log Group:
+    aws logs delete-log-group --log-group-name AWSCookbook408ECS
+
+### Deregister the Task Definition 
+    aws ecs deregister-task-definition --task-definition awscookbook408:1
+
+### Go to the cdk-AWS-Cookbook-408 directory
+    cd cdk-AWS-Cookbook-408/
+
+### To clean up the environment variables, run the helper.py script in this recipe’s cdk- folder with the --unset flag, and copy the output to your terminal to export variables:
+    python helper.py --unset
+
+### Use the AWS CDK to destroy the remaining resources:
+    cdk destroy
+
+### Deactivate your python virtual environment:
+    deactivate
diff --git a/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/.gitignore b/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/.gitignore
@@ -0,0 +1,11 @@
+*.swp
+package-lock.json
+__pycache__
+.pytest_cache
+.env
+.venv
+*.egg-info
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
diff --git a/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/README.md b/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/README.md
@@ -0,0 +1,58 @@
+
+# Welcome to your CDK Python project!
+
+This is a blank project for Python development with CDK.
+
+The `cdk.json` file tells the CDK Toolkit how to execute your app.
+
+This project is set up like a standard Python project.  The initialization
+process also creates a virtualenv within this project, stored under the `.venv`
+directory.  To create the virtualenv it assumes that there is a `python3`
+(or `python` for Windows) executable in your path with access to the `venv`
+package. If for any reason the automatic creation of the virtualenv fails,
+you can create the virtualenv manually.
+
+To manually create a virtualenv on MacOS and Linux:
+
+```
+$ python3 -m venv .venv
+```
+
+After the init process completes and the virtualenv is created, you can use the following
+step to activate your virtualenv.
+
+```
+$ source .venv/bin/activate
+```
+
+If you are a Windows platform, you would activate the virtualenv like this:
+
+```
+% .venv\Scripts\activate.bat
+```
+
+Once the virtualenv is activated, you can install the required dependencies.
+
+```
+$ pip install -r requirements.txt
+```
+
+At this point you can now synthesize the CloudFormation template for this code.
+
+```
+$ cdk synth
+```
+
+To add additional dependencies, for example other CDK libraries, just add
+them to your `setup.py` file and rerun the `pip install -r requirements.txt`
+command.
+
+## Useful commands
+
+ * `cdk ls`          list all stacks in the app
+ * `cdk synth`       emits the synthesized CloudFormation template
+ * `cdk deploy`      deploy this stack to your default AWS account/region
+ * `cdk diff`        compare deployed stack with current state
+ * `cdk docs`        open CDK documentation
+
+Enjoy!
diff --git a/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/app.py b/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/app.py
@@ -0,0 +1,11 @@
+#!/usr/bin/env python3
+
+from aws_cdk import core
+
+from cdk_aws_cookbook_608.cdk_aws_cookbook_608_stack import CdkAwsCookbook608Stack
+
+
+app = core.App()
+CdkAwsCookbook608Stack(app, "cdk-aws-cookbook-608")
+
+app.synth()
diff --git a/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/cdk.json b/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/cdk.json
@@ -0,0 +1,12 @@
+{
+  "app": "python3 app.py",
+  "context": {
+    "@aws-cdk/core:enableStackNameDuplicates": "true",
+    "aws-cdk:enableDiffNoFail": "true",
+    "@aws-cdk/core:stackRelativeExports": "true",
+    "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": true,
+    "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": true,
+    "@aws-cdk/aws-kms:defaultKeyPolicies": true,
+    "@aws-cdk/aws-s3:grantWriteWithoutAcl": true
+  }
+}
diff --git a/...Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/cdk_aws_cookbook_608/__init__.py b/...Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/cdk_aws_cookbook_608/__init__.py
diff --git a/...rs-Running-On-ECS/cdk-AWS-Cookbook-608/cdk_aws_cookbook_608/cdk_aws_cookbook_608_stack.py b/...rs-Running-On-ECS/cdk-AWS-Cookbook-608/cdk_aws_cookbook_608/cdk_aws_cookbook_608_stack.py
@@ -0,0 +1,66 @@
+from aws_cdk import (
+    aws_ec2 as ec2,
+    aws_ecs as ecs,
+    core,
+)
+
+
+class CdkAwsCookbook608Stack(core.Stack):
+
+    def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None:
+        super().__init__(scope, construct_id, **kwargs)
+
+        # create VPC
+        vpc = ec2.Vpc(
+            self,
+            'AWS-Cookbook-VPC'
+        )
+
+        InterfaceEndpointSecurityGroup = ec2.SecurityGroup(
+            self,
+            'InterfaceEndpointSecurityGroup',
+            description='Security Group for the VPC Endpoints',
+            allow_all_outbound=True,
+            vpc=vpc
+        )
+
+        InterfaceEndpointSecurityGroup.connections.allow_from(
+            ec2.Peer.ipv4(vpc.vpc_cidr_block), ec2.Port.tcp(443), "Ingress")
+
+        vpc.add_interface_endpoint(
+            'CloudWatchLogsEndpoint',
+            service=ec2.InterfaceVpcEndpointAwsService('logs'),
+            private_dns_enabled=True,
+            security_groups=[InterfaceEndpointSecurityGroup],
+            subnets=ec2.SubnetSelection(
+                one_per_az=True,
+                subnet_type=ec2.SubnetType.PRIVATE
+            ),
+        )
+
+        # create ECS Cluster
+        ecs_cluster = ecs.Cluster(
+            self,
+            'AWS-Cookbook-EcsCluster',
+            vpc=vpc
+        )
+
+        core.CfnOutput(
+            self,
+            'ECSClusterName',
+            value=ecs_cluster.cluster_name
+        )
+
+        public_subnets = vpc.select_subnets(subnet_type=ec2.SubnetType.PUBLIC)
+
+        core.CfnOutput(
+            self,
+            'VPCPublicSubnets',
+            value=', '.join(map(str, public_subnets.subnet_ids))
+        )
+
+        core.CfnOutput(
+            self,
+            'VPCDefaultSecurityGroup',
+            value=vpc.vpc_default_security_group
+        )
diff --git a/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/helper.py b/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/helper.py
@@ -0,0 +1,33 @@
+import os
+import boto3
+import argparse
+
+parser = argparse.ArgumentParser(description="Generate commands to set and unset environment variables")
+parser.add_argument('--unset', action='store_true', help="Generate commands to unset environment variables by setting this flag")
+
+args = parser.parse_args()
+
+os.environ['AWS_DEFAULT_REGION'] = os.environ.get('AWS_REGION')
+
+cfn = boto3.client('cloudformation')
+stackname = os.path.basename(os.getcwd()).lower()
+response = cfn.describe_stacks(StackName=stackname)
+unsets = []
+sets = []
+
+outputs = response["Stacks"][0]["Outputs"]
+print("Copy and paste the commands below into your terminal")
+print("")
+for output in outputs:
+    if ', ' in output["OutputValue"]:
+        sets.append(output["OutputKey"] + "='" + ', '.join('"{}"'.format(word) for word in output["OutputValue"].split(", ")) + "'")
+    else:
+        sets.append(output["OutputKey"] + "='" + output["OutputValue"] + "'")
+    unsets.append("unset " + output["OutputKey"])
+
+if (args.unset):
+    print('\n'.join(map(str, unsets)))
+else:
+    print('\n'.join(map(str, sets)))
+
+print("")
diff --git a/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/requirements.txt b/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/requirements.txt
@@ -0,0 +1,57 @@
+-e .
+boto3
+botocore
+jsii
+attr
+attrs
+cattrs
+constructs
+typing_extensions
+jmespath
+publication
+python-dateutil
+s3transfer
+six
+typing-extensions
+urllib3
+aws_cdk.core
+aws-cdk.assets
+aws-cdk.aws-apigateway
+aws-cdk.aws-apigatewayv2
+aws-cdk.aws-applicationautoscaling
+aws-cdk.aws-autoscaling
+aws-cdk.aws-autoscaling-common
+aws-cdk.aws-autoscaling-hooktargets
+aws-cdk.aws-certificatemanager
+aws-cdk.aws-cloudformation
+aws-cdk.aws-cloudfront
+aws-cdk.aws-cloudwatch
+aws-cdk.aws-codeguruprofiler
+aws-cdk.aws-cognito
+aws-cdk.aws-ecr
+aws-cdk.aws-efs
+aws-cdk.aws-elasticloadbalancing
+aws-cdk.aws-elasticloadbalancingv2
+aws-cdk.aws-events
+aws-cdk.aws-iam
+aws-cdk.aws-kms
+aws-cdk.aws-lambda
+aws-cdk.aws-logs
+aws-cdk.aws-route53
+aws-cdk.aws-route53-targets
+aws-cdk.aws-s3
+aws-cdk.aws-s3-assets
+aws-cdk.aws-sam
+aws-cdk.aws-secretsmanager
+aws-cdk.aws-servicediscovery
+aws-cdk.aws-sns
+aws-cdk.aws-sns-subscriptions
+aws-cdk.aws-sqs
+aws-cdk.aws-ssm
+aws-cdk.cloud-assembly-schema
+aws-cdk.custom-resources
+aws-cdk.cx-api
+aws-cdk.region-info
+aws_cdk.aws_ec2
+aws_cdk.aws_ecs
+aws_cdk.aws_ecr_assets
diff --git a/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/setup.py b/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/setup.py
@@ -0,0 +1,45 @@
+import setuptools
+
+
+with open("README.md") as fp:
+    long_description = fp.read()
+
+
+setuptools.setup(
+    name="cdk_aws_cookbook_608",
+    version="0.0.1",
+
+    description="An empty CDK Python app",
+    long_description=long_description,
+    long_description_content_type="text/markdown",
+
+    author="author",
+
+    package_dir={"": "cdk_aws_cookbook_608"},
+    packages=setuptools.find_packages(where="cdk_aws_cookbook_608"),
+
+    install_requires=[
+        "aws-cdk.core==1.88.0",
+    ],
+
+    python_requires=">=3.6",
+
+    classifiers=[
+        "Development Status :: 4 - Beta",
+
+        "Intended Audience :: Developers",
+
+        "License :: OSI Approved :: Apache Software License",
+
+        "Programming Language :: JavaScript",
+        "Programming Language :: Python :: 3 :: Only",
+        "Programming Language :: Python :: 3.6",
+        "Programming Language :: Python :: 3.7",
+        "Programming Language :: Python :: 3.8",
+
+        "Topic :: Software Development :: Code Generators",
+        "Topic :: Utilities",
+
+        "Typing :: Typed",
+    ],
+)
diff --git a/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/source.bat b/608-Capturing-Logs-From-Containers-Running-On-ECS/cdk-AWS-Cookbook-608/source.bat
@@ -0,0 +1,13 @@
+@echo off
+
+rem The sole purpose of this script is to make the command
+rem
+rem     source .venv/bin/activate
+rem
+rem (which activates a Python virtualenv on Linux or Mac OS X) work on Windows.
+rem On Windows, this command just runs this batch file (the argument is ignored).
+rem
+rem Now we don't need to document a Windows command for activating a virtualenv.
+
+echo Executing .venv\Scripts\activate.bat for you
+.venv\Scripts\activate.bat