In this post, you learn how to use AWS CDK to spin up windows EC2 instances in AWS. EC2 is the Virtual Machine (Iaas) offering from AWS and today celebrates its 15th Birthday. This tutorial might incure costs in your account, so don’t forget to run “CDK destroy” at the end.
First thing’s first, let’s initialize an empty CDK typescript project: cdk init –language=typescript.
Then we go to package.json to declare the dependencies for our project. Add the following modulesto the dependencies:
"@aws-cdk/core": "*",
"@aws-cdk/aws-ec2": "*",
"@aws-cdk/aws-iam": "*",
This is an optional step, but go ahead and run “npm install” in the root directory of your project. This will download the dependencies and give you intellisense which comes very handy. Then go to the lib folder and the typescript file for your application stack.
Add the following import statements to before class declaration:
import * as ec2 from "@aws-cdk/aws-ec2";
import * as cdk from '@aws-cdk/core';
import * as iam from '@aws-cdk/aws-iam'
import { WindowsVersion } from "@aws-cdk/aws-ec2";
We begin by creating our Virtual private cloud:
const vpc = new ec2.Vpc(this, 'MyVPC', {
natGateways: 0,
subnetConfiguration: [{
cidrMask: 24,
name: "subnat1",
subnetType: ec2.SubnetType.PUBLIC
}]
});
This statement create a VPC with 2 subnets and a CIDR range of 24 (256 IPs in total). As we want to connect to our windows machine via RDP, we need to add the security group. The RDP runs on TCP and uses the port number 3389. You can change the statement “ec2.Peer.anyIpv4()” if you want to allow inbound communication only from specific IPs.
const securityGroup = new ec2.SecurityGroup(this, 'SecurityGroup', {
vpc,
description: 'Allow RDP (3389)',
allowAllOutbound: true
});
securityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(3389), 'Allow SSH Access')
Then we add our IAM role:
const role = new iam.Role(this, 'ec2Role', {
assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com')
})
role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore'))
We then define the AMI (Amazon Machine Image) as follows:
const ami = new ec2.WindowsImage(WindowsVersion.WINDOWS_SERVER_2016_ENGLISH_P3); Here I obted for Windows Server 2016, but you can use any one you like.
Then we glue everything together. The following statement brings the vpc and vpc,ami, securitygroup and role we defined earlier and creates our vm.
const ec2Instance = new ec2.Instance(this, 'Instance', {
vpc,
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.MICRO),
machineImage: ami,
securityGroup: securityGroup,
role: role
});
Just to be safe, verify your instanceType for the AMI you want to choose. Not all instance classes and sizes are designed for certain amis.
new cdk.CfnOutput(this, 'IP Address', { value: ec2Instance.instancePublicIp }); The line above gives you the ip of your server which let's your run scripts. Now we are ready to verify our cdk stack. First run 'npm run build' which compiles typescript to javascript. Then run cdk synth. This should give a cloud formation template. If it returns an error, go to previous steps and verify your work. Before you can deploy this applicaion, you need to bootsrap your environment. To do that, run the following.
cdk bootstrap aws://youraccountID/yourregion
set CDK_NEW_BOOTSTRAP=1
cdk bootstrap aws://youraccountID/yourregion
Now you are ready to deploy your cdk app.
cdk deploy
Some more useful cdk commands:
cdk ls //lists the stacks in your application
cdk diff //shows the difference of your current deployed stack and your local stack
cdk doctor //*kind of* verifies your cdk stack for warnings
The source code on github: https://github.com/pedramha/Ec2-cdk