const createServerlessDatabaseCluster = (
scope: Construct,
props: {
vpc: IVpc;
}
): IServerlessCluster => {
const clusterId: string = uniqueResourceName('DB');
const credentials = Credentials.fromGeneratedSecret('importerdbuser');
const cluster: ServerlessCluster = new ServerlessCluster(scope, clusterId, {
engine: DatabaseClusterEngine.AURORA_POSTGRESQL,
parameterGroup: ParameterGroup.fromParameterGroupName(
scope,
'ParameterGroup',
'default.aurora-postgresql10'
),
vpc: props.vpc,
defaultDatabaseName: 'importer',
credentials,
enableDataApi: true
});
return cluster;
};
const createServerlessClusterBastianHost = (
scope: Construct,
props: {
vpc: IVpc;
serverlessCluster: IServerlessCluster;
}
): BastionHostAuroraServerlessForward => {
const securityGroup = SecurityGroup.fromSecurityGroupId(
scope,
'AuroraSecurityGroup',
'odsufa5addasdj',
{ mutable: false }
);
const serverlessCluster = ServerlessCluster.fromServerlessClusterAttributes(scope, 'Aurora', {
clusterIdentifier: props.serverlessCluster.clusterIdentifier,
port: props.serverlessCluster.clusterEndpoint.port,
clusterEndpointAddress: props.serverlessCluster.clusterEndpoint.hostname,
securityGroups: [securityGroup]
});
const bastianHost: BastionHostAuroraServerlessForward = new BastionHostAuroraServerlessForward(
scope,
'BastionHost',
{
vpc: props.vpc,
serverlessCluster
}
);
return bastianHost;
};
const vpc = new Vpc(this, 'TheVPC', {});
const databaseCluster = createServerlessDatabaseCluster(this, { vpc });
createServerlessClusterBastianHost(this, { vpc, serverlessCluster: databaseCluster });
aws ssm \
--profile aws_my-sso-profile \
start-session \
--target i-0fdba891c51868e23 \
--document-name AWS-StartPortForwardingSession \
--parameters '{"portNumber": ["5432"], "localPortNumber":["5432"]}'
Starting session with SessionId: xxx
Port 5432 opened for sessionId xxx.
Waiting for connections...
Connection accepted for session [xxx]
[profile aws_my-sso-profile]
sso_start_url = https://xxxx.awsapps.com/start
sso_region = eu-central-1
sso_account_name = aws_xxxx
sso_account_id = xxxxx
sso_role_name = AdminPermissionSet
region = eu-central-1
credential_process = aws-sso-util credential-process --profile aws_xxxx
sso_auto_populated = true