def add_subnet(self,
name,
cidr_block,
is_public=False,
use_nat=False,
nat_to=None):
"""Add a subnet.
:param name: subnet logical name in the stack
:type name: str
:param cidr_block: address range of the subnet. Should be a subnet
of the vpc address range (no check done).
:type cidr_block: str
:param is_public: if True create a public subnet. This means that
a route is created automatically to the vpc internet gateway.
(default: False)
:type is_public: bool
:param use_nat: if True and is_public is True, then add a NAT
gateway that can be reused by private subnets.
(default: False)
:type use_nat: bool
:param nat_to: if is_public is False and nat_to is a string,
then create a route to the NAT gateway of the designed
public subnet.
:type nat_to: None | str
"""
# Create the subnet
self.add(SubnetStack(name, self.vpc, cidr_block))
if is_public:
# Public subnet
# Connect to the internet
self[name].add(Route(name + 'InternetRoute',
self[name].route_table,
"0.0.0.0/0",
self.gateway,
self.gate_attach))
if use_nat:
# Add if needed a NAT gateway
self[name].add(EIP(name + 'NatEIP', self.gate_attach))
self[name].add(NatGateway(name + 'NatGateway',
self[name][name + 'NatEIP'],
self[name].subnet))
elif nat_to:
assert nat_to in self, 'invalid subnet name: %s' % nat_to
assert nat_to + 'NatGateway' in self[nat_to], \
'subnet %s has no NAT gateway' % nat_to
self[name].add(Route(name + 'NatRoute',
self[name].route_table,
"0.0.0.0/0",
self[nat_to][nat_to + 'NatGateway'],
self.gate_attach))
def test_nat_gateway():
"""Create a NATGateway."""
s = Stack(name="MyStack")
s += VPC("BuildVPC", "10.10.0.0/16")
s += Subnet("BuildPublicSubnet", s["BuildVPC"], "10.10.10.0/24")
s += Subnet("BuildPrivateSubnet", s["BuildVPC"], "10.10.20.0/24")
s += InternetGateway("Gate")
s += VPCGatewayAttachment("GateAttach", s["BuildVPC"], s["Gate"])
s += RouteTable("RT", s["BuildVPC"])
s += Route("PRoute", s["RT"], "0.0.0.0/0", s["Gate"], s["GateAttach"])
s += SubnetRouteTableAssociation("RTSAssoc", s["BuildPublicSubnet"], s["RT"])
s += EIP("NatEip", s["GateAttach"])
s += NatGateway("NatGate", s["NatEip"], s["BuildPublicSubnet"])
s += RouteTable("NATRT", s["BuildVPC"])
s += Route("NATRoute", s["NATRT"], "0.0.0.0/0", s["NatGate"], s["GateAttach"])
s += SubnetRouteTableAssociation("NatRTSAssoc", s["BuildPrivateSubnet"], s["NATRT"])
assert s.body
def test_nat_gateway():
"""Create a NATGateway."""
s = Stack(name='MyStack')
s += VPC('BuildVPC', '10.10.0.0/16')
s += Subnet('BuildPublicSubnet', s['BuildVPC'], '10.10.10.0/24')
s += Subnet('BuildPrivateSubnet', s['BuildVPC'], '10.10.20.0/24')
s += InternetGateway('Gate')
s += VPCGatewayAttachment('GateAttach', s['BuildVPC'], s['Gate'])
s += RouteTable('RT', s['BuildVPC'])
s += Route('PRoute', s['RT'], '0.0.0.0/0', s['Gate'], s['GateAttach'])
s += SubnetRouteTableAssociation('RTSAssoc', s['BuildPublicSubnet'],
s['RT'])
s += EIP('NatEip', s['GateAttach'])
s += NatGateway('NatGate', s['NatEip'], s['BuildPublicSubnet'])
s += RouteTable('NATRT', s['BuildVPC'])
s += Route('NATRoute', s['NATRT'], '0.0.0.0/0', s['NatGate'],
s['GateAttach'])
s += SubnetRouteTableAssociation('NatRTSAssoc', s['BuildPrivateSubnet'],
s['NATRT'])
assert s.body
def test_create_network():
s = Stack(name='teststack')
s = Stack(name='MyStack')
s += VPC('BuildVPC', '10.10.0.0/16')
s += InternetGateway('Gate')
s += Subnet('BuildPublicSubnet', s['BuildVPC'], '10.10.10.0/24')
s += Subnet('BuildPrivateSubnet', s['BuildVPC'], '10.10.20.0/24')
s += VPCGatewayAttachment('GateAttach',
s['BuildVPC'],
s['Gate'])
s += RouteTable('RT', s['BuildVPC'])
s += Route('PRoute', s['RT'],
'0.0.0.0/0',
s['Gate'],
s['GateAttach'])
s += SubnetRouteTableAssociation('RTSAssoc',
s['BuildPublicSubnet'],
s['RT'])
assert s.body
def test_create_network():
s = Stack(name="teststack")
s = Stack(name="MyStack")
s += VPC("BuildVPC", "10.10.0.0/16")
s += InternetGateway("Gate")
s += Subnet("BuildPublicSubnet", s["BuildVPC"], "10.10.10.0/24")
s += Subnet("BuildPrivateSubnet", s["BuildVPC"], "10.10.20.0/24")
s += VPCGatewayAttachment("GateAttach", s["BuildVPC"], s["Gate"])
s += RouteTable("RT", s["BuildVPC"])
s += Route("PRoute", s["RT"], "0.0.0.0/0", s["Gate"], s["GateAttach"])
s += SubnetRouteTableAssociation("RTSAssoc", s["BuildPublicSubnet"], s["RT"])
p = PolicyDocument().append(
Allow(
to="GetObject",
on="arn:aws:s3:::abucket/*",
apply_to=Principal(PrincipalKind.SERVICE, "ec2.amazonaws.com"),
)
)
s += VPCEndpoint("S3EndPoint", "s3", s["BuildVPC"], [s["RT"]], policy_document=p)
assert s.body
def test_create_network():
s = Stack(name='teststack')
s = Stack(name='MyStack')
s += VPC('BuildVPC', '10.10.0.0/16')
s += InternetGateway('Gate')
s += Subnet('BuildPublicSubnet', s['BuildVPC'], '10.10.10.0/24')
s += Subnet('BuildPrivateSubnet', s['BuildVPC'], '10.10.20.0/24')
s += VPCGatewayAttachment('GateAttach', s['BuildVPC'], s['Gate'])
s += RouteTable('RT', s['BuildVPC'])
s += Route('PRoute', s['RT'], '0.0.0.0/0', s['Gate'], s['GateAttach'])
s += SubnetRouteTableAssociation('RTSAssoc', s['BuildPublicSubnet'],
s['RT'])
p = PolicyDocument().append(
Allow(to='GetObject',
on='arn:aws:s3:::abucket/*',
apply_to=Principal(PrincipalKind.SERVICE, 'ec2.amazonaws.com')))
s += VPCEndpoint('S3EndPoint',
's3',
s['BuildVPC'], [s['RT']],
policy_document=p)
assert s.body