#16

Author: kazuhitogo

cdk/lib/constructs/network.ts

@@ -18,10 +18,10 @@ export class Network extends Construct {
   constructor(scope: Construct, id: string, props: NetworkProps) {
     super(scope, id);
 
-    // VPC (1 public subnet and 1 private subnet)
+    // VPC (1 public subnet, 1 private subnet with NAT Gateway, and 1 isolated subnet)
     const vpc = new Vpc(this, 'Vpc', {
       maxAzs: 2,
-      natGateways: 0,
+      natGateways: 1,
       subnetConfiguration: [
         {
           cidrMask: 24,
@@ -31,6 +31,11 @@ export class Network extends Construct {
         {
           cidrMask: 24,
           name: 'private',
+          subnetType: SubnetType.PRIVATE_WITH_EGRESS,
+        },
+        {
+          cidrMask: 24,
+          name: 'isolated',
           subnetType: SubnetType.PRIVATE_ISOLATED,
         },
       ],
@@ -60,7 +65,7 @@ export class Network extends Construct {
       this,
       'InstanceConnectEndpoint',
       {
-        subnetId: vpc.isolatedSubnets[0].subnetId,
+        subnetId: vpc.privateSubnets[0].subnetId,
         preserveClientIp: false,
         securityGroupIds: [sgIce.securityGroupId],
       }

cdk/lib/constructs/oracle-db-instance.ts

@@ -37,7 +37,6 @@ export class OracleDbInstance extends Construct {
 
   readonly outputs: {
     ScriptBucketName: string;
-    OracleInstancePublicIP: string;
     OracleInstanceId: string;
     OracleKeyPairRetrievalCommand: string;
     SSHCommand: string;
@@ -162,7 +161,7 @@ export class OracleDbInstance extends Construct {
       userData: userDataScript,
       role: instanceRole,
       vpcSubnets: {
-        subnetType: SubnetType.PUBLIC,
+        subnetType: SubnetType.PRIVATE_WITH_EGRESS,
       },
       detailedMonitoring: true,
       // Increase root volume size to accommodate Oracle XE
@@ -184,7 +183,6 @@ export class OracleDbInstance extends Construct {
 
     this.outputs = {
       ScriptBucketName: scriptBucket.bucketName,
-      OracleInstancePublicIP: oracleInstance.instancePublicIp,
       OracleInstanceId: oracleInstance.instanceId,
       OracleKeyPairRetrievalCommand: Fn.join('', [
         'aws ssm get-parameter --name /ec2/keypair/',
@@ -194,8 +192,7 @@ export class OracleDbInstance extends Construct {
         ' --with-decryption --query Parameter.Value --output text > ../oracle-xe-key.pem && chmod 400 ../oracle-xe-key.pem',
       ]),
       SSHCommand: Fn.join('', [
-        'ssh -i oracle-xe-key.pem ec2-user@',
-        oracleInstance.instancePublicIp,
+        'ssh -F ssh-config oracle',
       ]),
     };
 

cdk/lib/sql-converter-agent-stack.ts

@@ -41,13 +41,6 @@ export class SqlConverterAgentStack extends Stack {
       description: 'ScriptBucketName',
     });
 
-    // Output the EC2 instance public IP
-    new CfnOutput(this, 'OracleInstancePublicIP', {
-      exportName: 'OracleInstancePublicIP',
-      value: oracleDb.outputs.OracleInstancePublicIP,
-      description: 'Public IP address of the Oracle XE instance',
-    });
-
     // Output the EC2 instance ID
     new CfnOutput(this, 'OracleInstanceId', {
       exportName: 'OracleInstanceId',