search

rayova / cdk-ecs-keycloak

Spin up high availability Keycloak clusters on AWS ECS with Fargate
Apache License 2.0
38 stars 5 forks source link

Remove NAT Gateway #333

Closed Yusadolat closed 2 years ago

Yusadolat commented 2 years ago

Hi there, Thanks for putting this together. Is there a way to remove NAT Gateway from the provision instance. NAT Gateway seems too pricey.

misterjoshua commented 2 years ago

Yes, this should be possible when you provide a VPC. For instance, if you want to replace NAT Gateway with NAT Instances, you can do this:

const vpc = new ec2.Vpc(this, 'Vpc', {
  // This replaces the nat gateway with nat instances.
  natGatewayProvider: ec2.NatInstanceProvider.instance({
    instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.NANO),
  }),
  subnetConfiguration: [
    {
      name: 'public',
      subnetType: ec2.SubnetType.PUBLIC,
    },
    {
      name: 'private',
      subnetType: ec2.SubnetType.PRIVATE_WITH_NAT,
    },
  ],
});

new keycloak.KeycloakCluster(this, 'Keycloak', {
  // Provide an existing VPC so the cluster and database can reuse it
  vpcProvider: keycloak.VpcProvider.fromVpc(vpc),
});

Please let me know whether this will work for you.

Yusadolat commented 2 years ago

Thanks for the response. I'm actually looking a way not use use NAT Gateway at all. I want to have public IPs for my ECS and Database.

misterjoshua commented 2 years ago

Thanks for the response. I'm actually looking a way not use use NAT Gateway at all. I want to have public IPs for my ECS and Database.

Gotcha. Perhaps something like this:

const vpc = new ec2.Vpc(this, 'Vpc', {
  subnetConfiguration: [
    {
      name: 'public',
      subnetType: ec2.SubnetType.PUBLIC,
    },
  ],
});

new keycloak.KeycloakCluster(this, 'Keycloak', {
  vpcProvider: keycloak.VpcProvider.fromVpc(vpc),
  vpcTaskAssignPublicIp: true,
  vpcTaskSubnets: {
    subnetType: ec2.SubnetType.PUBLIC,
  },
});
Yusadolat commented 2 years ago

Yeah, Thanks so much for your time.