Is there any way that I can assign Security Group and VPC to my web application hosted in Elastic Beanstalk using AWS CDK code

1
votes

I am new to AWS CDK.

I have created aws code pipeline using aws cdk (Typescript) and it creates whole pipeline and deploy my application to Elastic beanstalk but the problem is it does not assign any VPC or security group to it and hence makes my application public by default.

I want my application to be accessible only through my company network using VPC that is already available in our aws account (say name of VPC is "InternalPrivateVPC") not publicly.

So I am trying to find out a way to assign already available VPC and SG to my application using aws cdk code but could not find any property or class related to Elastic beanstalk class which will allow me to assign VPC and SG to application in code.

const appName = "SampleDotNetMVCWebApp";

const app = new elasticbeanstalk.CfnApplication(this, "EBApplication", {
  applicationName: appName
});

const elbEnv = new elasticbeanstalk.CfnEnvironment(this, "Environment", {
  environmentName: "SampleMVCEBEnvironment",
  applicationName: appName,
  solutionStackName: "64bit Windows Server 2012 R2 v2.5.0 running IIS 8.5"
});

Here is the whole code repo - https://github.com/dhirajkhodade/CDKDotNetWebAppEbPipeline and here is specific file which creates Elastic beanstalk app and environment - https://github.com/dhirajkhodade/CDKDotNetWebAppEbPipeline/blob/master/lib/cdk_dot_net_web_app_eb_pipeline-stack.ts

1
amazon-web-servicesamazon-ec2amazon-elastic-beanstalkamazon-vpcaws-cdk
I believe you will have to use optionSettings to provide VPC and Subnet Ids when creating CfnEnvironment. Also refer this page as to how option_settings can be provided. CDK defers to CFN attributes whenever necessary.dmahapatro
You will need ec2vpc general option settingdmahapatro

1 Answers

0
votes

I believe you will have to use optionSettings to provide VPC and Subnet Ids when creating CfnEnvironment. Also refer this page as to how option_settings can be provided. CDK defers to CFN attributes whenever necessary.

You will need ec2vpc general option setting

Something like this would work:

const elbEnv = new elasticbeanstalk.CfnEnvironment(this, "Environment", {
  environmentName: "SampleMVCEBEnvironment",
  applicationName: appName,
  solutionStackName: "64bit Windows Server 2012 R2 v2.5.0 running IIS 8.5",
  optionSettings: [
    {
      namespace: 'aws:ec2:vpc',
      optionName: 'VPCId',
      value: 'vpc-1234c'
    },
    {
      namespace: 'aws:ec2:vpc',
      optionName: 'Subnets',
      value: 'subnet-1f234567'
    },
    {
      namespace: 'aws:autoscaling:launchconfiguration',
      optionName: 'SecurityGroups',
      value: 'sg-7f12e34gd'
    },
  ]
});