Added PostgreSQL RDS database. Added channels protected endpoints. Added scripts and docker config to run application locally in dev mode.

2025-05-21 14:02:01 -05:00
parent b947ac67f0
commit 489281f3eb
18 changed files with 409 additions and 125 deletions
--- a/infrastructure/stack.py
+++ b/infrastructure/stack.py
@@ -6,6 +6,7 @@ from aws_cdk import (
    aws_ec2 as ec2,
    aws_iam as iam,
    aws_cognito as cognito,
+    aws_rds as rds,
    CfnOutput
 )
 from constructs import Construct
@@ -181,10 +182,56 @@ class IptvUpdaterStack(Stack):
        )
        userdata.add_commands(str(userdata_file, 'utf-8'))

-        # Update instance with userdata
+        # Create RDS Security Group
+        rds_sg = ec2.SecurityGroup(
+            self, "RdsSecurityGroup",
+            vpc=vpc,
+            description="Security group for RDS PostgreSQL"
+        )
+        rds_sg.add_ingress_rule(
+            security_group,
+            ec2.Port.tcp(5432),
+            "Allow PostgreSQL access from EC2 instance"
+        )
+
+        # Create RDS PostgreSQL instance (free tier compatible - db.t3.micro)
+        db = rds.DatabaseInstance(
+            self, "IptvUpdaterDB",
+            engine=rds.DatabaseInstanceEngine.postgres(
+                version=rds.PostgresEngineVersion.VER_13
+            ),
+            instance_type=ec2.InstanceType.of(
+                ec2.InstanceClass.BURSTABLE2,
+                ec2.InstanceSize.MICRO
+            ),
+            vpc=vpc,
+            security_groups=[rds_sg],
+            allocated_storage=10,
+            max_allocated_storage=10,
+            database_name="iptv_updater",
+            removal_policy=RemovalPolicy.DESTROY,
+            deletion_protection=False,
+            publicly_accessible=False
+        )
+
+        # Add RDS permissions to instance role
+        role.add_managed_policy(
+            iam.ManagedPolicy.from_aws_managed_policy_name(
+                "AmazonRDSFullAccess"
+            )
+        )
+
+        # Update instance with userdata and DB connection info
+        userdata.add_commands(
+            f'echo "DB_HOST={db.db_instance_endpoint_address}" >> /etc/environment',
+            f'echo "DB_NAME=iptv_updater" >> /etc/environment',
+            f'echo "DB_USER={db.secret.secret_value_from_json("username").to_string()}" >> /etc/environment',
+            f'echo "DB_PASSWORD={db.secret.secret_value_from_json("password").to_string()}" >> /etc/environment'
+        )
        instance.add_user_data(userdata.render())

        # Outputs
+        CfnOutput(self, "DBEndpoint", value=db.db_instance_endpoint_address)
        CfnOutput(self, "InstancePublicIP", value=eip.attr_public_ip)
        CfnOutput(self, "UserPoolId", value=user_pool.user_pool_id)
        CfnOutput(self, "UserPoolClientId", value=client.user_pool_client_id)