def createCouchbaseVPCGatewayAttachment(t, gateway, vpc): couchbaseVPCGatewayAttachment = t.add_resource(ec2.VPCGatewayAttachment( 'VPCGATEWAYATTACHMENT', InternetGatewayId=Ref(gateway), VpcId=Ref(vpc) )) return couchbaseVPCGatewayAttachment
def create_vpc(self): """Create the VPC resources.""" template = self.template variables = self.get_variables() self.template.add_version(AWS_TEMPLATE_VERSION) self.template.add_description('Create a VPC') vpc = ec2.VPC( VPC_NAME, CidrBlock=variables['VpcCidr'], EnableDnsSupport=True, EnableDnsHostnames=True, Tags=[ec2.Tag('Name', variables['VpcName'] + '-LATESTREPO')] ) template.add_resource(vpc) template.add_output( Output( OUTPUT_VPC_ID, Value=VPC_ID ) ) # create the internet gateway if needed if variables["UseInternetGW"]: template.add_resource(ec2.InternetGateway('InternetGatway')) template.add_resource( ec2.VPCGatewayAttachment( 'GatewayAttach', VpcId=Ref(VPC_NAME), InternetGatewayId=Ref('InternetGatway') ) )
def gen_internet_gateway_attachment(self): self.internet_gateway_attachment = ec2.VPCGatewayAttachment( "InternetGatewayAttachment", VpcId=Ref(self.vpc), InternetGatewayId=Ref(self.internet_gateway), ) self.template.add_resource(self.internet_gateway_attachment)
def create_gateway(self): t = self.template t.add_resource(ec2.InternetGateway(GATEWAY)) t.add_resource( ec2.VPCGatewayAttachment(GW_ATTACH, VpcId=VPC_ID, InternetGatewayId=Ref(GATEWAY)))
def resources(self, stack: Stack) -> list[AWSObject]: """Return resources associated with the construct.""" igw = ec2.InternetGateway(name_to_id(f"{self.name_prefix}-igw")) attachement = ec2.VPCGatewayAttachment( name_to_id(f"{self.name_prefix}-igw-attachement"), InternetGatewayId=Ref(igw), VpcId=Ref(self.vpc), ) route_table = ec2.RouteTable( name_to_id(f"{self.name_prefix}-igw-route-table"), VpcId=Ref(self.vpc) ) route = ec2.Route( name_to_id(f"{self.name_prefix}-igw-route"), RouteTableId=Ref(route_table), DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(igw), ) route_table_associations = ( ec2.SubnetRouteTableAssociation( name_to_id(f"{self.name_prefix}-{num}"), RouteTableId=Ref(route_table), SubnetId=Ref(subnet), ) for subnet, num in zip(self.subnets, range(len(self.subnets))) ) return [igw, attachement, route_table, route, *route_table_associations]
def create_routing_resources(self): """Create VPC routing resource Handles the creation of VPC resources that need to be used throughout the stack and include the following: - internet gateway - vpc gateway attachment - public route table - public route """ gateway = self.create_resource( ec2.InternetGateway('InternetGateway', Tags=self.get_tags())) gateway_attachment = self.create_resource( ec2.VPCGatewayAttachment('VPCGatewayAttachment', VpcId=Ref(self.vpc), InternetGatewayId=Ref(gateway))) public_route_table = self.create_resource( ec2.RouteTable('PublicRouteTable', VpcId=Ref(self.vpc))) self.create_resource( ec2.Route('PublicRoute', RouteTableId=Ref(public_route_table), DestinationCidrBlock=ALLOW_ALL_CIDR, DependsOn=gateway_attachment.title, GatewayId=Ref(gateway))) return public_route_table
def associate_vpc_igw(prefix, template, subnet, gw): title = resource_title.vpc_gateway_title(prefix) vpc_gw = ec2.VPCGatewayAttachment(title) vpc_gw.InternetGatewayId = Ref(gw) vpc_gw.VpcId = GetAtt(subnet, 'VpcId') template.add_resource(vpc_gw) return vpc_gw
def resources(self, stack: Stack) -> list[AWSObject]: """Return resources associated with the construct.""" igw = ec2.InternetGateway(name_to_id(f"{self.name_prefix}-igw")) attachement = ec2.VPCGatewayAttachment( name_to_id(f"{self.name_prefix}-igw-attachement"), InternetGatewayId=Ref(igw), VpcId=Ref(self.vpc), ) route = ec2.Route( name_to_id(f"{self.name_prefix}-igw-route"), RouteTableId=Ref(self.route_table), DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(igw), ) result = [igw, attachement, route] # If a new route table has to be created associate it with provided subnets if self.add_route_table_to_stack: result.append(self.route_table) assert self.subnets is not None result.extend([ ec2.SubnetRouteTableAssociation( name_to_id(f"{self.name_prefix}-{num}"), RouteTableId=Ref(self.route_table), SubnetId=Ref(subnet), ) for subnet, num in zip(self.subnets, range(len(self.subnets))) ]) return result
def create_routing_resources(self): gateway = self.create_resource( ec2.InternetGateway( 'InternetGateway', Tags=self.get_tags() ) ) gateway_attachment = self.create_resource( ec2.VPCGatewayAttachment( 'VPCGatewayAttachment', VpcId=Ref(self.vpc), InternetGatewayId=Ref(gateway) ) ) public_route_table = self.create_resource( ec2.RouteTable( 'PublicRouteTable', VpcId=Ref(self.vpc)) ) self.create_resource( ec2.Route( 'PublicRoute', RouteTableId=Ref(public_route_table), DestinationCidrBlock=ALLOW_ALL_CIDR, DependsOn=gateway_attachment.title, GatewayId=Ref(gateway) ) ) return public_route_table
def add_igw_attachment(self): name, tags = self._name_tags('igw_attachment') self.igw_attachment = self.t.add_resource( ec2.VPCGatewayAttachment( name, VpcId=Ref(self.vpc), InternetGatewayId=Ref(self.igw_gateway), # Doesn't support: Tags=Tags(**tags), ))
def build_public_gateway(vpc): public_gateway = ec2.InternetGateway(name="InternetGateway", Tags=[{ "Key": "Application", "Value": Ref("AWS::StackId") }]) attachment = ec2.VPCGatewayAttachment( name="AttachInternetGateway", VpcId=Ref(vpc), InternetGatewayId=Ref(public_gateway)) return [attachment, public_gateway]
def create_gateway(self, name=GATEWAY): self.gateway = self.template.add_resource( ec2.InternetGateway(name, Tags=self.__set_tags("InternetGateway"))) self.template.add_output(Output( GATEWAY_ID, Value=self.gateway.Ref(), )) self.gateway_attachment = self.template.add_resource( ec2.VPCGatewayAttachment( VPC_GATEWAYATTACHMENT, VpcId=self.vpc.Ref(), InternetGatewayId=self.gateway.Ref(), ))
def add_igw(self): t = self.template self.igw = t.add_resource( ec2.InternetGateway( 'InternetGateway', Tags=self.defaultTags + [ ec2.Tag('Name', Join("", [self.namePrefix, 'InternetGateway'])) ])) self.igwAttachment = t.add_resource( ec2.VPCGatewayAttachment('InternetGatewayAttachment', VpcId=Ref(self.vpc), InternetGatewayId=Ref(self.igw)))
def create_vpc(t, env, env_number, subnet_mapping, subnet_config): ''' Creates the VPC along with the subnets, IGW and RouteTables ''' vpc_objects = {} vpc_objects['vpc'] = t.add_resource( ec2.VPC("{}VPC".format(env.upper()), CidrBlock="10.{}.0.0/16".format(env_number), InstanceTenancy="default", Tags=Tags(Name="{}VPC".format(env.upper())))) vpc_objects['igw'] = t.add_resource(ec2.InternetGateway("InternetGateway")) vpc_objects['igw_attachment'] = t.add_resource( ec2.VPCGatewayAttachment( "IGWAttachment", VpcId=Ref(vpc_objects['vpc']), InternetGatewayId=Ref(vpc_objects['igw']), )) # Create Subnets vpc_objects['subnets'] = {} vpc_objects['nat_eip'] = {} for subid in subnet_config: vpc_objects['subnets'][subid] = t.add_resource( ec2.Subnet(subid, CidrBlock=subnet_config[subid]['subnet'], VpcId=Ref(vpc_objects['vpc']), AvailabilityZone="{}".format( subnet_config[subid]['az_name']), Tags=Tags(Name="{}Subnet".format(subid)))) # Create NAT Gateways if subnet_config[subid]['service'] == 'nat': az = subnet_config[subid]['az_number'] nat_eip_name = '{}{}NatEIP'.format(env.title(), az) vpc_objects['nat_eip'][nat_eip_name] = t.add_resource( ec2.EIP(nat_eip_name, Domain="vpc")) t.add_resource( ec2.NatGateway('{}{}NatGW'.format(env.title(), az), AllocationId=GetAtt( vpc_objects['nat_eip'][nat_eip_name], 'AllocationId'), SubnetId=Ref(vpc_objects['subnets'][subid]))) return t, vpc_objects
def add_vpn_gateway(self, vpn_conf): """ Not surprisingly, adds a VPN gateway to the network created by this template. @param vpn_conf [dict] - collection of vpn-level configuration values. """ if 'vpn_name' in vpn_conf: vpn_name = vpn_conf.get('vpn_name') else: vpn_name = self.__class__.__name__ + 'Gateway' gateway = self.add_resource( ec2.VPNGateway('vpnGateway', Type=vpn_conf.get('vpn_type', 'ipsec.1'), Tags=[ec2.Tag(key='Name', value=vpn_name)])) gateway_connection = self.add_resource( ec2.VPCGatewayAttachment('vpnGatewayAttachment', VpcId=self.vpc_id, InternetGatewayId=self.igw, VpnGatewayId=gateway))
def create_internet_gateway(self): t = self.template self.gateway = t.add_resource(ec2.InternetGateway("InternetGateway")) t.add_output(Output( "InternetGatewayId", Value=self.gateway.Ref(), )) self.gateway_attachment = t.add_resource( ec2.VPCGatewayAttachment( "VPCGatewayAttachment", VpcId=self.vpc.Ref(), InternetGatewayId=self.gateway.Ref(), )) t.add_output( Output( "VPCGatewayAttachmentId", Value=self.gateway_attachment.Ref(), ))
def main(): """ Creates a troposphere template and then adds a single s3 bucket """ template = Template() vpc = template.add_resource(ec2.VPC('MyVPC', CidrBlock='10.0.0.0/16')) internet_gateway = template.add_resource(ec2.InternetGateway('MyInternetGateway')) template.add_resource(ec2.VPCGatewayAttachment('MyVPCGatewayAttachment', InternetGatewayId=Ref(internet_gateway), VpcId=Ref(vpc), DependsOn=internet_gateway.title)) security_group = template.add_resource(ec2.SecurityGroup('mySecGroup', GroupDescription='Security group', VpcId=Ref(vpc), )) subnet = template.add_resource(ec2.Subnet('MyPubSub', AvailabilityZone='ap-southeast-2a', VpcId=Ref(vpc), CidrBlock='10.0.1.0/24')) template.add_resource(ec2.Instance( 'myinstance', KeyName='INSERT_YOUR_KEYPAIR_HERE', ImageId='ami-dc361ebf', InstanceType='t2.nano', NetworkInterfaces=[ec2.NetworkInterfaceProperty( GroupSet=[Ref(security_group)], AssociatePublicIpAddress=True, DeviceIndex='0', DeleteOnTermination=True, SubnetId=Ref(subnet))], SourceDestCheck=True, DependsOn=internet_gateway.title )) SNS(template=template) print(template.to_json(indent=2, separators=(',', ': ')))
def define_vpc(self, vpc_config): vpc = ec2.VPC(vpc_config["name"], DeletionPolicy=self.deletion_policy) vpc.CidrBlock = vpc_config["cidr_block"] vpc.EnableDnsSupport = vpc_config["dns_support"] vpc.EnableDnsHostnames = vpc_config["dns_hostnames"] vpc.Tags = self._get_tags(vpc_config) self._add_resource(vpc) if vpc_config["internet_gateway"]: ig = ec2.InternetGateway(vpc_config["internet_gateway"]["name"], DeletionPolicy=self.deletion_policy) ig.Tags = self._get_tags(vpc_config["internet_gateway"]) self.template.add_resource(ig) iga = ec2.VPCGatewayAttachment( "%sAttachment" % vpc_config["internet_gateway"]["name"], DependsOn=ig.name, DeletionPolicy=self.deletion_policy) iga.VpcId = Ref(vpc) iga.InternetGatewayId = Ref(ig) self.template.add_resource(iga)
def configure_vpc(cfn_template, cluster_name): vpc = ec2.VPC("DustVPC") vpc.CidrBlock = "10.0.0.0/16" vpc.Tags = [ec2.Tag("Name:", cluster_name)] cfn_template.add_resource(vpc) vpc_id = Ref(vpc) subnet = ec2.Subnet('dustSubnet') subnet.VpcId = vpc_id subnet.CidrBlock = "10.0.0.0/24" cfn_template.add_resource(subnet) vpc_subnet = Ref(subnet) net_gateway = ec2.InternetGateway('dustGateway') cfn_template.add_resource(net_gateway) attach_net_gateway = ec2.VPCGatewayAttachment('dustAttachGateway') attach_net_gateway.VpcId = vpc_id attach_net_gateway.InternetGatewayId = Ref(net_gateway) cfn_template.add_resource(attach_net_gateway) route_table = ec2.RouteTable('dustRoutetable') route_table.VpcId = vpc_id cfn_template.add_resource(route_table) route = ec2.Route('dustRoute') route.RouteTableId = Ref(route_table) route.DestinationCidrBlock = "0.0.0.0/0" route.GatewayId = Ref(net_gateway) route.DependsOn = "dustAttachGateway" cfn_template.add_resource(route) attach_route = ec2.SubnetRouteTableAssociation('dustAttachRouteTable') attach_route.SubnetId = vpc_subnet attach_route.RouteTableId = Ref(route_table) cfn_template.add_resource(attach_route) return vpc_id, vpc_subnet
def create_routing(): return [ ec2.InternetGateway( 'internetGateway', Tags=_tags(), ), ec2.VPCGatewayAttachment( 'vpcToInternetGateway', InternetGatewayId=Ref('internetGateway'), VpcId=Ref('vpc'), ), ec2.RouteTable( 'routeTable', VpcId=Ref('vpc'), Tags=_tags(), ), ec2.Route( 'routeToInternetGateway', DestinationCidrBlock='0.0.0.0/0', GatewayId=Ref('internetGateway'), RouteTableId=Ref('routeTable'), ), ]
)) private_net = t.add_resource( ec2.Subnet( 'PrivateSubnet', CidrBlock=Ref(private_subnet), MapPublicIpOnLaunch=False, VpcId=Ref(vpc), )) igw = t.add_resource(ec2.InternetGateway('InternetGateway', )) net_gw_vpc_attachment = t.add_resource( ec2.VPCGatewayAttachment( "NatAttachment", VpcId=Ref(vpc), InternetGatewayId=Ref(igw), )) private_route_table = t.add_resource( ec2.RouteTable( 'PrivateRouteTable', VpcId=Ref(vpc), )) public_route_table = t.add_resource( ec2.RouteTable( 'PublicRouteTable', VpcId=Ref(vpc), ))
def __init__(self): super(VPC, self).__init__() self.vpc = ec2.VPC( "VPC", CidrBlock="172.1.0.0/16", InstanceTenancy="default", EnableDnsSupport=True, EnableDnsHostnames=True, Tags=Tags(Name=Ref("AWS::StackName")), ) self.internet_gateway = ec2.InternetGateway( "InternetGateway", Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-internet-gateway"]), ), ) self.internet_gateway_attachment = ec2.VPCGatewayAttachment( "InternetGatewayAttachment", InternetGatewayId=Ref(self.internet_gateway), VpcId=Ref(self.vpc), ) self.public_route_table = ec2.RouteTable( "PublicRouteTable", VpcId=Ref(self.vpc), Tags=Tags(Name=Join( "-", [Ref("AWS::StackName"), "public-route-table"]), ), ) self.private_route_table = ec2.RouteTable( "PrivateRouteTable", VpcId=Ref(self.vpc), Tags=Tags(Name=Join( "-", [Ref("AWS::StackName"), "private-route-table"]), ), ) self.vpc_s3_endpoint = ec2.VPCEndpoint( "VPCS3Endpoint", ServiceName=Join( "", ["com.amazonaws.", Ref("AWS::Region"), ".s3"]), VpcId=Ref(self.vpc), RouteTableIds=[ Ref(self.public_route_table), Ref(self.private_route_table) ], ) self.route_to_internet = ec2.Route( "RouteToInternet", DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(self.internet_gateway), RouteTableId=Ref(self.public_route_table), DependsOn=self.internet_gateway_attachment.title, ) # private subnets self.private_subnet_1 = ec2.Subnet( "PrivateSubnet1", AvailabilityZone=Select(0, GetAZs()), CidrBlock="172.1.1.0/24", MapPublicIpOnLaunch=False, Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-private-subnet-1"]), ), VpcId=Ref(self.vpc), ) self.private_subnet_1_route_table_association = ec2.SubnetRouteTableAssociation( "PrivateSubnet1RouteTableAssociation", RouteTableId=Ref(self.private_route_table), SubnetId=Ref(self.private_subnet_1), ) self.private_subnet_2 = ec2.Subnet( "PrivateSubnet2", AvailabilityZone=Select(1, GetAZs()), CidrBlock="172.1.2.0/24", MapPublicIpOnLaunch=False, Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-private-subnet-2"]), ), VpcId=Ref(self.vpc), ) self.private_subnet_2_route_table_association = ec2.SubnetRouteTableAssociation( "PrivateSubnet2RouteTableAssociation", RouteTableId=Ref(self.private_route_table), SubnetId=Ref(self.private_subnet_2), ) self.private_network_aCL = ec2.NetworkAcl( "PrivateNetworkACL", VpcId=Ref(self.vpc), Tags=Tags(Name=Join("", [Ref("AWS::StackName"), "-private-nacl"]), ), ) self.private_subnet_1_network_acl_association = ec2.SubnetNetworkAclAssociation( "PrivateSubnet1NetworkAclAssociation", SubnetId=Ref(self.private_subnet_1), NetworkAclId=Ref(self.private_network_aCL), ) self.private_subnet_2_network_acl_association = ec2.SubnetNetworkAclAssociation( "PrivateSubnet2NetworkAclAssociation", SubnetId=Ref(self.private_subnet_2), NetworkAclId=Ref(self.private_network_aCL), ) self.private_network_acl_entry_in = ec2.NetworkAclEntry( "PrivateNetworkAclEntryIn", CidrBlock="172.1.0.0/16", Egress=False, NetworkAclId=Ref(self.private_network_aCL), Protocol=-1, RuleAction="allow", RuleNumber=200, ) self.private_network_acl_entry_out = ec2.NetworkAclEntry( "PrivateNetworkAclEntryOut", CidrBlock="172.1.0.0/16", Egress=True, NetworkAclId=Ref(self.private_network_aCL), Protocol=-1, RuleAction="allow", RuleNumber=200, ) # public subnets self.public_subnet_1 = ec2.Subnet( "PublicSubnet1", AvailabilityZone=Select(0, GetAZs()), CidrBlock="172.1.128.0/24", MapPublicIpOnLaunch=True, Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-public-subnet-1"]), ), VpcId=Ref(self.vpc), ) self.public_subnet_1_route_table_association = ec2.SubnetRouteTableAssociation( "PublicSubnet1RouteTableAssociation", RouteTableId=Ref(self.public_route_table), SubnetId=Ref(self.public_subnet_1), ) self.public_subnet_2 = ec2.Subnet( "PublicSubnet2", AvailabilityZone=Select(1, GetAZs()), CidrBlock="172.1.129.0/24", MapPublicIpOnLaunch=True, Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-public-subnet-2"]), ), VpcId=Ref(self.vpc), ) self.public_subnet_2_route_table_association = ec2.SubnetRouteTableAssociation( "PublicSubnet2RouteTableAssociation", RouteTableId=Ref(self.public_route_table), SubnetId=Ref(self.public_subnet_2), )
def dump_base_yaml(cfn_file): template = Template() vpc_cidr_param = template.add_parameter( Parameter( "vpcCidrParam", Description="string of vpc cidr block to use", Type="String", )) subnet_cidr_param = template.add_parameter( Parameter( "subnetCidrParam", Description="string of subnet cidr block to use", Type="String", )) igw = template.add_resource( ec2.InternetGateway( "Igw", Tags=resource_tags, )) vpc = template.add_resource( ec2.VPC( "Vpc", CidrBlock=Ref(vpc_cidr_param), EnableDnsSupport=True, EnableDnsHostnames=True, InstanceTenancy="default", Tags=resource_tags, )) igwa = template.add_resource( ec2.VPCGatewayAttachment( "IgwA", VpcId=Ref(vpc), InternetGatewayId=Ref(igw), )) route_tbl = template.add_resource( ec2.RouteTable( "RouteTable", VpcId=Ref(vpc), Tags=resource_tags, )) default_route = template.add_resource( ec2.Route("defaultRoute", DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(igw), RouteTableId=Ref(route_tbl))) subnet = template.add_resource( ec2.Subnet( "Subnet", VpcId=Ref(vpc), CidrBlock=Ref(subnet_cidr_param), MapPublicIpOnLaunch=True, AvailabilityZone=Select(0, GetAZs()), Tags=resource_tags, )) route_tbl_asoc = template.add_resource( ec2.SubnetRouteTableAssociation("RouteTblSubnetAsoc", RouteTableId=Ref(route_tbl), SubnetId=Ref(subnet))) priv_route_tbl = template.add_resource( ec2.RouteTable( "PrivRouteTable", VpcId=Ref(vpc), Tags=resource_tags, )) priv_subnet = template.add_resource( ec2.Subnet( "PrivSubnet", VpcId=Ref(vpc), CidrBlock="10.10.1.0/24", MapPublicIpOnLaunch=False, AvailabilityZone=Select(0, GetAZs()), Tags=resource_tags, )) route_tbl_asoc = template.add_resource( ec2.SubnetRouteTableAssociation("RouteTblPrivSubnetAsoc", RouteTableId=Ref(priv_route_tbl), SubnetId=Ref(priv_subnet))) ngw_elastic_ip = template.add_resource( ec2.EIP( "MyNgwEip", Tags=resource_tags, )) nat_gateway = template.add_resource( ec2.NatGateway( "MyNatGateway", AllocationId=GetAtt(ngw_elastic_ip, "AllocationId"), SubnetId=Ref(subnet), )) private_out_route = template.add_resource( ec2.Route("privateOutRoute", DestinationCidrBlock="0.0.0.0/0", NatGatewayId=Ref(nat_gateway), RouteTableId=Ref(priv_route_tbl))) first_network_acl = template.add_resource( ec2.NetworkAcl( "MyFirstNetAcl", Tags=resource_tags, VpcId=Ref(vpc), )) network_out_second_acl_entry = template.add_resource( ec2.NetworkAclEntry( "MyPrivOutNetAclEntry", NetworkAclId=Ref(first_network_acl), CidrBlock="0.0.0.0/0", Protocol=-1, Egress=True, RuleAction="allow", RuleNumber=100, )) network_inbound_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyInNetAclEntry", NetworkAclId=Ref(first_network_acl), CidrBlock="74.77.86.69/32", Protocol=6, RuleAction="allow", RuleNumber=100, PortRange=ec2.PortRange(From=22, To=22))) private_to_public_client_ports_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyPriv2PubClientPortsNetAclEntry", NetworkAclId=Ref(first_network_acl), CidrBlock="10.10.1.0/24", Protocol=6, RuleAction="allow", RuleNumber=101, PortRange=ec2.PortRange(From=1024, To=65535))) public_to_internet_client_ports_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyPub2DefaultClientPortsNetAclEntry", NetworkAclId=Ref(first_network_acl), CidrBlock="0.0.0.0/0", Protocol=6, RuleAction="allow", RuleNumber=102, PortRange=ec2.PortRange(From=1024, To=65535))) public_to_private_icmpv4_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyPubIcmpv4NetAclEntry", NetworkAclId=Ref(first_network_acl), CidrBlock="10.10.1.0/24", Protocol=1, Icmp=ec2.ICMP(Code=-1, Type=-1), RuleAction="allow", RuleNumber=103)) second_network_acl = template.add_resource( ec2.NetworkAcl( "MySecondNetAcl", Tags=resource_tags, VpcId=Ref(vpc), )) network_out_second_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyPriv2InternetClientPortsNetAclEntry", NetworkAclId=Ref(second_network_acl), CidrBlock="0.0.0.0/0", Protocol=6, RuleAction="allow", RuleNumber=100, PortRange=ec2.PortRange(From=1024, To=65535))) public_to_private_ssh_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyPrivSshNetAclEntry", NetworkAclId=Ref(second_network_acl), CidrBlock="10.10.0.0/24", Protocol=6, RuleAction="allow", RuleNumber=101, PortRange=ec2.PortRange(From=22, To=22))) public_to_private_http_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyPrivHttpNetAclEntry", NetworkAclId=Ref(second_network_acl), CidrBlock="10.10.0.0/24", Protocol=6, RuleAction="allow", RuleNumber=102, PortRange=ec2.PortRange(From=80, To=80))) private_to_public_icmpv4_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyPrivIcmpv4NetAclEntry", NetworkAclId=Ref(second_network_acl), CidrBlock="10.10.0.0/24", Protocol=1, Icmp=ec2.ICMP(Code=-1, Type=-1), RuleAction="allow", RuleNumber=103)) network_out_second_acl_entry = template.add_resource( ec2.NetworkAclEntry( "MyPubOutNetAclEntry", NetworkAclId=Ref(second_network_acl), CidrBlock="0.0.0.0/0", Protocol=-1, Egress=True, RuleAction="allow", RuleNumber=100, )) subnet_nacl_asociation = template.add_resource( ec2.SubnetNetworkAclAssociation("subNaclAsoc", NetworkAclId=Ref(first_network_acl), SubnetId=Ref(subnet))) priv_subnet_nacl_asociation = template.add_resource( ec2.SubnetNetworkAclAssociation("privSubNaclAsoc", NetworkAclId=Ref(second_network_acl), SubnetId=Ref(priv_subnet))) template.add_output([ Output( "VpcId", Description="InstanceId of the newly created EC2 instance", Value=Ref(vpc), Export=Export("VpcId-jdix"), ), Output( "SubnetId", Description="InstanceId of the newly created EC2 instance", Value=Ref(subnet), Export=Export("SubnetId-jdix"), ), Output( "PrivSubnetId", Description="InstanceId of the newly created EC2 instance", Value=Ref(priv_subnet), Export=Export("PrivSubnetId-jdix"), ), ]) template_out_yaml(cfn_file, template)
def add_resources(self): """ Add All Cloudformation Resources. This will include vpc, igw, and any other network resources """ self.vpc = self.template.add_resource( ec2.VPC( "VPC", CidrBlock=Ref(self.VpcCidr), EnableDnsSupport=True, Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-VPC"), )) self.PubSubnet1 = self.template.add_resource( ec2.Subnet( "PubSubnet1", CidrBlock=Ref(self.PubSub1Cidr), VpcId=Ref(self.vpc), AvailabilityZone="us-east-1a", Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PubSubnet1"), )) self.PubSubnet2 = self.template.add_resource( ec2.Subnet( "PubSubnet2", VpcId=Ref(self.vpc), CidrBlock=Ref(self.PubSub2Cidr), AvailabilityZone="us-east-1b", Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PubSubnet2"), )) self.PrivSubnet1 = self.template.add_resource( ec2.Subnet( "PrivSubnet1", VpcId=Ref(self.vpc), CidrBlock=Ref(self.PrivSub1Cidr), AvailabilityZone="us-east-1a", Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PrivSubnet1"), )) self.PrivSubnet2 = self.template.add_resource( ec2.Subnet( "PrivSubnet2", CidrBlock=Ref(self.PrivSub2Cidr), VpcId=Ref(self.vpc), AvailabilityZone="us-east-1b", Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PrivSubnet2"), )) self.IGW = self.template.add_resource( ec2.InternetGateway( "IGW", Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-IGW"), )) self.IGWAttachment = self.template.add_resource( ec2.VPCGatewayAttachment( "IGWAttachment", VpcId=Ref(self.vpc), InternetGatewayId=Ref(self.IGW), )) self.EIP1 = self.template.add_resource(ec2.EIP( "EIP1", Domain="vpc", )) self.EIP2 = self.template.add_resource(ec2.EIP( "EIP2", Domain="vpc", )) self.NAT1 = self.template.add_resource( ec2.NatGateway( "NAT", AllocationId=GetAtt(self.EIP1, "AllocationId"), SubnetId=Ref(self.PubSubnet1), Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-NAT1"), )) self.NAT2 = self.template.add_resource( ec2.NatGateway( "NAT2", AllocationId=GetAtt(self.EIP2, "AllocationId"), SubnetId=Ref(self.PubSubnet2), Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-NAT2"), )) self.PrivRT1 = self.template.add_resource( ec2.RouteTable( "PrivRT1", VpcId=Ref(self.vpc), Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PRIVRT1"), )) self.PrivRT2 = self.template.add_resource( ec2.RouteTable( "PrivRT2", VpcId=Ref(self.vpc), Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PRIVRT2"), )) self.NatRoute = self.template.add_resource( ec2.Route( "NatRoute", RouteTableId=Ref(self.PrivRT1), DestinationCidrBlock="0.0.0.0/0", NatGatewayId=Ref(self.NAT1), )) self.Nat2Route = self.template.add_resource( ec2.Route( "NatRoute2", RouteTableId=Ref(self.PrivRT2), DestinationCidrBlock="0.0.0.0/0", NatGatewayId=Ref(self.NAT2), )) self.PrivRT1Association = self.template.add_resource( ec2.SubnetRouteTableAssociation( "PrivRT1Association", SubnetId=Ref(self.PrivSubnet1), RouteTableId=Ref(self.PrivRT1), )) self.PrivRT2Association = self.template.add_resource( ec2.SubnetRouteTableAssociation( "PrivRT2Association", SubnetId=Ref(self.PrivSubnet2), RouteTableId=Ref(self.PrivRT2), )) self.PubRT1 = self.template.add_resource( ec2.RouteTable( "PubRT1", VpcId=Ref(self.vpc), Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PUBRT1"), )) self.PubRT2 = self.template.add_resource( ec2.RouteTable( "PubRT2", VpcId=Ref(self.vpc), Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PUBRT2"), )) self.PubRT1IGWattachment = self.template.add_resource( ec2.Route( "PubRT1IGWAttachment", DependsOn=["IGWAttachment"], RouteTableId=Ref(self.PubRT1), DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(self.IGW), )) self.PubRT2IGWattachment = self.template.add_resource( ec2.Route( "PubRT2IGWAttachment", DependsOn=["IGWAttachment"], RouteTableId=Ref(self.PubRT2), DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(self.IGW), )) self.PubRT1Association = self.template.add_resource( ec2.SubnetRouteTableAssociation( "PubRT1Associate", SubnetId=Ref(self.PubSubnet1), RouteTableId=Ref(self.PubRT1), )) self.PubRT2Asocation = self.template.add_resource( ec2.SubnetRouteTableAssociation( "PubR2Associate", SubnetId=Ref(self.PubSubnet2), RouteTableId=Ref(self.PubRT2), ))
def create_vpc_template(template=None): if not template: template = Template() template.add_description( 'AWS cloud formation script template.at creates a VPC with a NAT Gg' ) template.add_version('2010-09-09') vpc_cidr_block = template.add_parameter( Parameter( 'VPCCIDR', Default=vpc_config['cidr_block'], Description='The IP address space for this VPC, in CIDR notation', Type='String', )) vpc = template.add_resource( ec2.VPC('VPC', CidrBlock=Ref(vpc_cidr_block), Tags=Tags(vpc_config['tags']))) igw = template.add_resource(ec2.InternetGateway('InternetGateway', )) template.add_resource( ec2.VPCGatewayAttachment( "NatAttachment", VpcId=Ref(vpc), InternetGatewayId=Ref(igw), )) template.add_output(Output('VPCId', Value=Ref(vpc), Description='VPC Id')) public_security_group = template.add_resource( ec2.SecurityGroup( security_group_config['public']['name'], GroupDescription='{} public security group'.format( vpc_config['name']), SecurityGroupIngress=[ ec2.SecurityGroupRule(IpProtocol='tcp', ToPort=r['port'], FromPort=r['port'], CidrIp=r['cidr_block']) for r in security_group_config['public']['ingress_rules'] ], VpcId=Ref(vpc), Tags=Tags( dict(Name='public {} security group'.format( vpc_config['name']))), )) template.add_output( Output('PublicSecurityGroupId', Value=Ref(public_security_group), Description='Public Security Group Id')) private_security_group = template.add_resource( ec2.SecurityGroup( security_group_config['private']['name'], GroupDescription='{} private security group'.format( vpc_config['name']), SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol='tcp', ToPort=r['port'], FromPort=r['port'], SourceSecurityGroupId=Ref(public_security_group)) for r in security_group_config['private']['ingress_rules'] ], VpcId=Ref(vpc), Tags=Tags( dict(Name='private {} security group'.format( vpc_config['name']))), )) for i, sub_net in enumerate(sub_nets): public_subnet = template.add_parameter( Parameter( 'PublicSubnetCidr{}'.format(i), Type='String', Description='Public Subnet CIDR', Default=sub_net['public_cidr'], )) public_net = template.add_resource( ec2.Subnet( 'PublicSubnet{}'.format(i), AvailabilityZone=sub_net['region'], CidrBlock=Ref(public_subnet), MapPublicIpOnLaunch=False, VpcId=Ref(vpc), Tags=Tags(dict(Name='Public Subnet {}'.format(i))), )) public_route_table = template.add_resource( ec2.RouteTable( 'PublicRouteTable{}'.format(i), VpcId=Ref(vpc), )) template.add_resource( ec2.SubnetRouteTableAssociation( 'PublicRouteAssociation{}'.format(i), SubnetId=Ref(public_net), RouteTableId=Ref(public_route_table), )) template.add_resource( ec2.Route( 'PublicDefaultRoute{}'.format(i), RouteTableId=Ref(public_route_table), DestinationCidrBlock='0.0.0.0/0', GatewayId=Ref(igw), )) template.add_output( Output('PublicSubnet{}'.format(i), Value=Ref(public_subnet), Description='Subnet Id')) if private_sub_net: private_subnet = template.add_parameter( Parameter( 'PrivateSubnetCidr{}'.format(i), Type='String', Description='Private Subnet CIDR', Default=sub_net['private_cidr'], )) private_net = template.add_resource( ec2.Subnet( 'PrivateSubnet{}'.format(i), CidrBlock=Ref(private_subnet), MapPublicIpOnLaunch=False, VpcId=Ref(vpc), Tags=Tags(dict(Name='Private Subnet {}'.format(i))), )) private_route_table = template.add_resource( ec2.RouteTable( 'PrivateRouteTable{}'.format(i), VpcId=Ref(vpc), )) template.add_resource( ec2.SubnetRouteTableAssociation( 'PrivateRouteAssociation{}'.format(i), SubnetId=Ref(private_net), RouteTableId=Ref(private_route_table), )) template.add_output( Output('PrivateSubnet{}'.format(i), Value=Ref(private_subnet), Description='Subnet Id')) if nat_gateway and private_sub_net: nat_eip = template.add_resource( ec2.EIP( 'NatEip{}'.format(i), Domain="vpc", )) nat = template.add_resource( ec2.NatGateway( 'Nat{}'.format(i), AllocationId=GetAtt(nat_eip, 'AllocationId'), SubnetId=Ref(public_net), )) template.add_resource( ec2.Route( 'NatRoute{}'.format(i), RouteTableId=Ref(private_route_table), DestinationCidrBlock='0.0.0.0/0', NatGatewayId=Ref(nat), )) template.add_output( Output( 'NatEip{}'.format(i), Value=Ref(nat_eip), Description='Nat Elastic IP', )) write_json_to_file('vpc.json', template)
def sg_subnet_vpc(self, template, provision_refs): ref_stack_id = Ref('AWS::StackId') if 'aws_vpc_id' in self.app.config['provision']: vpc = self.app.config['provision']['aws_vpc_id'] use_subnet = self.app.config['provision']['aws_subnet_id'] use_subnet2 = self.app.config['provision']['aws_subnet2_id'] use_sg = self.app.config['provision']['aws_sg_id'] use_alb_sg = self.app.config['provision']['alb_sg_id'] self.app.log.info( 'Using your AWS subnet, make sure the routes and ports are configured correctly' ) else: vpc = Ref( template.add_resource( ec2.VPC('VPC', CidrBlock='10.0.0.0/16', Tags=Tags(Application=ref_stack_id)))) internet_gateway = template.add_resource( ec2.InternetGateway('InternetGateway', Tags=Tags(Application=ref_stack_id))) template.add_resource( ec2.VPCGatewayAttachment( 'AttachGateway', VpcId=vpc, InternetGatewayId=Ref(internet_gateway))) route_table = template.add_resource( ec2.RouteTable('RouteTable', VpcId=vpc, Tags=Tags(Application=ref_stack_id))) subnet = template.add_resource( ec2.Subnet('Subnet', CidrBlock='10.0.0.0/24', VpcId=vpc, AvailabilityZone=Select(0, GetAZs("")), Tags=Tags(Application=ref_stack_id))) subnet2 = template.add_resource( ec2.Subnet('Subnet2', CidrBlock='10.0.1.0/24', VpcId=vpc, AvailabilityZone=Select(1, GetAZs("")), Tags=Tags(Application=ref_stack_id))) template.add_resource( ec2.Route( 'Route', DependsOn='AttachGateway', GatewayId=Ref('InternetGateway'), DestinationCidrBlock='0.0.0.0/0', RouteTableId=Ref(route_table), )) template.add_resource( ec2.SubnetRouteTableAssociation( 'SubnetRouteTableAssociation', SubnetId=Ref(subnet), RouteTableId=Ref(route_table), )) template.add_resource( ec2.SubnetRouteTableAssociation( 'Subnet2RouteTableAssociation', SubnetId=Ref(subnet2), RouteTableId=Ref(route_table), )) network_acl = template.add_resource( ec2.NetworkAcl( 'NetworkAcl', VpcId=vpc, Tags=Tags(Application=ref_stack_id), )) template.add_resource( ec2.NetworkAclEntry( 'InboundSSHNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='100', Protocol='6', PortRange=ec2.PortRange(From='22', To='22'), Egress='false', RuleAction='allow', CidrBlock='0.0.0.0/0', )) template.add_resource( ec2.NetworkAclEntry( 'InboundResponsePortsNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='101', Protocol='6', PortRange=ec2.PortRange(From='1024', To='65535'), Egress='false', RuleAction='allow', CidrBlock='0.0.0.0/0', )) template.add_resource( ec2.NetworkAclEntry( 'InboundICMPNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='102', Protocol='1', Icmp=ec2.ICMP(Code=-1, Type=-1), Egress='false', RuleAction='allow', CidrBlock='0.0.0.0/0', )) # Only used when Blockscout is deployed template.add_resource( ec2.NetworkAclEntry( 'InboundHttpsNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='103', Protocol='6', PortRange=ec2.PortRange(From='443', To='443'), Egress='false', RuleAction='allow', CidrBlock='0.0.0.0/0', )) template.add_resource( ec2.NetworkAclEntry( 'OutBoundHTTPNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='100', Protocol='6', PortRange=ec2.PortRange(From='80', To='80'), Egress='true', RuleAction='allow', CidrBlock='0.0.0.0/0', )) template.add_resource( ec2.NetworkAclEntry( 'OutBoundHTTPSNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='101', Protocol='6', PortRange=ec2.PortRange(From='443', To='443'), Egress='true', RuleAction='allow', CidrBlock='0.0.0.0/0', )) template.add_resource( ec2.NetworkAclEntry( 'OutBoundResponsePortsNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='102', Protocol='6', PortRange=ec2.PortRange(From='1024', To='65535'), Egress='true', RuleAction='allow', CidrBlock='0.0.0.0/0', )) template.add_resource( ec2.NetworkAclEntry( 'OutboundICMPNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='103', Protocol='1', Icmp=ec2.ICMP(Code=-1, Type=-1), Egress='true', RuleAction='allow', CidrBlock='0.0.0.0/0', )) template.add_resource( ec2.SubnetNetworkAclAssociation( 'SubnetNetworkAclAssociation', SubnetId=Ref(subnet), NetworkAclId=Ref(network_acl), )) template.add_resource( ec2.SubnetNetworkAclAssociation( 'Subnet2NetworkAclAssociation', SubnetId=Ref(subnet2), NetworkAclId=Ref(network_acl), )) use_subnet = Ref(subnet) use_subnet2 = Ref(subnet2) alb_security_group = template.add_resource( ec2.SecurityGroup( 'ALBSecurityGroup', GroupDescription= 'ALB allows traffic from public, is used to terminate SSL', SecurityGroupIngress=[ ec2.SecurityGroupRule(IpProtocol='tcp', FromPort='46658', ToPort='46658', CidrIp='0.0.0.0/0'), ], VpcId=vpc, )) use_alb_sg = Ref(alb_security_group) instance_security_group = template.add_resource( ec2.SecurityGroup( 'InstanceSecurityGroup', GroupDescription='Enable tendermint and SSH for all nodes', SecurityGroupIngress=[ ec2.SecurityGroupRule(IpProtocol='tcp', FromPort='22', ToPort='22', CidrIp='0.0.0.0/0'), ec2.SecurityGroupRule(IpProtocol='tcp', FromPort='46656', ToPort='46656', CidrIp='0.0.0.0/0'), ec2.SecurityGroupRule(IpProtocol='tcp', FromPort='46658', ToPort='46658', CidrIp='0.0.0.0/0'), ec2.SecurityGroupRule(IpProtocol='icmp', FromPort='-1', ToPort='-1', CidrIp='0.0.0.0/0'), ], VpcId=vpc, )) use_sg = Ref(instance_security_group) provision_refs.vpc = vpc provision_refs.security_group_ec2 = use_sg provision_refs.security_group_alb = use_alb_sg provision_refs.subnets.append(use_subnet) provision_refs.subnets.append(use_subnet2)
ToPort="65535", IpProtocol="udp", CidrIp=FindInMap("SubnetConfig", "Public", "CIDR"), FromPort="0" ), ec2.SecurityGroupRule( ToPort="22", IpProtocol="tcp", CidrIp=Ref(SSHLocation), FromPort="22" ), ec2.SecurityGroupRule( ToPort="8080", IpProtocol="tcp", CidrIp=Ref(AmbariAccessLocation), FromPort="8080" ), ], VpcId=Ref(VPC), GroupDescription="Access for the Ambari Nodes", )) AttachGateway = t.add_resource(ec2.VPCGatewayAttachment( "AttachGateway", VpcId=Ref(VPC), InternetGatewayId=Ref(InternetGateway), )) ## Functions to generate blockdevicemappings ## count: the number of devices to map ## devicenamebase: "/dev/sd" or "/dev/xvd" ## volumesize: "100" ## volumetype: "gp2" def my_block_device_mappings_root(devicenamebase,volumesize,volumetype): block_device_mappings_root = (ec2.BlockDeviceMapping( DeviceName=devicenamebase + "a1", Ebs=ec2.EBSBlockDevice(VolumeSize=volumesize, VolumeType=volumetype) )) return block_device_mappings_root def my_block_device_mappings_ebs(diskcount,devicenamebase,volumesize,volumetype): block_device_mappings_ebs = []
def main(): template = Template() vpc = template.add_resource( ec2.VPC('MyVPC', CidrBlock='10.0.0.0/16', EnableDnsSupport='true', EnableDnsHostnames='true')) internet_gateway = template.add_resource( ec2.InternetGateway('MyInternetGateway', Tags=Tags(Name='MyInternetGateway'))) template.add_resource( ec2.VPCGatewayAttachment('MyVPCGatewayAttachment', InternetGatewayId=Ref(internet_gateway), VpcId=Ref(vpc), DependsOn=internet_gateway.title)) security_group = template.add_resource( ec2.SecurityGroup( 'mySecGroup', GroupDescription='Security group', VpcId=Ref(vpc), )) template.add_resource( ec2.SecurityGroupEgress('mySecGroupOut', CidrIp='0.0.0.0/0', IpProtocol='tcp', FromPort='0', ToPort='0', GroupId=Ref(security_group))) template.add_resource( ec2.SecurityGroupIngress('mySecGroupIn', CidrIp='0.0.0.0/0', IpProtocol='tcp', FromPort='0', ToPort='0', GroupId=Ref(security_group))) public_subnets = [ template.add_resource( ec2.Subnet('MyPubSub1', AvailabilityZone='ap-southeast-2a', VpcId=Ref(vpc), CidrBlock='10.0.1.0/24')), template.add_resource( ec2.Subnet('MyPubSub2', AvailabilityZone='ap-southeast-2b', VpcId=Ref(vpc), CidrBlock='10.0.2.0/24')), template.add_resource( ec2.Subnet('MyPubSub3', AvailabilityZone='ap-southeast-2c', VpcId=Ref(vpc), CidrBlock='10.0.3.0/24')) ] template.add_resource( elb.LoadBalancer('myLoadBalancer', CrossZone=True, HealthCheck=elb.HealthCheck( Target='HTTP:80/index.html', HealthyThreshold='10', UnhealthyThreshold='2', Interval='300', Timeout='60'), Listeners=[ elb.Listener(LoadBalancerPort='80', Protocol='HTTP', InstancePort='80', InstanceProtocol='HTTP') ], Scheme='internet-facing', SecurityGroups=[Ref(security_group)], Subnets=[Ref(subnet) for subnet in public_subnets])) template.add_resource( ec2.Instance('myinstance', KeyName='INSERT_YOUR_KEYPAIR_HERE', ImageId='ami-dc361ebf', InstanceType='t2.nano', NetworkInterfaces=[ ec2.NetworkInterfaceProperty( GroupSet=[Ref(security_group)], AssociatePublicIpAddress=True, DeviceIndex='0', DeleteOnTermination=True, SubnetId=Ref(public_subnets[0])) ], SourceDestCheck=True, DependsOn=internet_gateway.title)) HostedZone(template=template, domain='mypublic.hz', vpcs=None) HostedZone(template=template, domain='myprivate.hz', vpcs=[Ref(vpc)]) print(template.to_json(indent=2, separators=(',', ': ')))
def dump_base_yaml(cfn_file): template = Template() vpc_cidr_param = template.add_parameter( Parameter( "vpcCidrParam", Description="string of vpc cidr block to use", Type="String", )) subnet_cidr_param = template.add_parameter( Parameter( "subnetCidrParam", Description="string of subnet cidr block to use", Type="String", )) igw = template.add_resource( ec2.InternetGateway( "Igw", Tags=resource_tags, )) vpc = template.add_resource( ec2.VPC( "Vpc", CidrBlock=Ref(vpc_cidr_param), EnableDnsSupport=True, EnableDnsHostnames=True, InstanceTenancy="default", Tags=resource_tags, )) igwa = template.add_resource( ec2.VPCGatewayAttachment( "IgwA", VpcId=Ref(vpc), InternetGatewayId=Ref(igw), )) route_tbl = template.add_resource( ec2.RouteTable( "RouteTable", VpcId=Ref(vpc), Tags=resource_tags, )) default_route = template.add_resource( ec2.Route("defaultRoute", DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(igw), RouteTableId=Ref(route_tbl))) subnet = template.add_resource( ec2.Subnet( "Subnet", VpcId=Ref(vpc), CidrBlock=Ref(subnet_cidr_param), MapPublicIpOnLaunch=True, AvailabilityZone=Select(0, GetAZs()), Tags=resource_tags, )) route_tbl_asoc = template.add_resource( ec2.SubnetRouteTableAssociation("RouteTblSubnetAsoc", RouteTableId=Ref(route_tbl), SubnetId=Ref(subnet))) priv_route_tbl = template.add_resource( ec2.RouteTable( "PrivRouteTable", VpcId=Ref(vpc), Tags=resource_tags, )) priv_subnet = template.add_resource( ec2.Subnet( "PrivSubnet", VpcId=Ref(vpc), CidrBlock="10.10.1.0/24", MapPublicIpOnLaunch=False, AvailabilityZone=Select(0, GetAZs()), Tags=resource_tags, )) route_tbl_asoc = template.add_resource( ec2.SubnetRouteTableAssociation("RouteTblPrivSubnetAsoc", RouteTableId=Ref(priv_route_tbl), SubnetId=Ref(priv_subnet))) ngw_elastic_ip = template.add_resource( ec2.EIP( "MyNgwEip", Tags=resource_tags, )) nat_gateway = template.add_resource( ec2.NatGateway( "MyNatGateway", AllocationId=GetAtt(ngw_elastic_ip, "AllocationId"), SubnetId=Ref(subnet), )) private_out_route = template.add_resource( ec2.Route("privateOutRoute", DestinationCidrBlock="0.0.0.0/0", NatGatewayId=Ref(nat_gateway), RouteTableId=Ref(priv_route_tbl))) template.add_output([ Output( "VpcId", Description="InstanceId of the newly created EC2 instance", Value=Ref(vpc), Export=Export("VpcId-jdix"), ), Output( "SubnetId", Description="InstanceId of the newly created EC2 instance", Value=Ref(subnet), Export=Export("SubnetId-jdix"), ), Output( "PrivSubnetId", Description="InstanceId of the newly created EC2 instance", Value=Ref(priv_subnet), Export=Export("PrivSubnetId-jdix"), ), ]) template_out_yaml(cfn_file, template)
def add_resource(self): t = self.template self.PublicRouteTable = t.add_resource(ec2.RouteTable( "PublicRouteTable", VpcId=Ref("VPC"), Tags=Tags( Application=Ref("AWS::StackName"), Network="Public", Environment=Ref(self.Environment), Name=Join("-", ["RT-PU-1", Ref(self.Project)]), ), )) self.GatewayToInternet = t.add_resource(ec2.VPCGatewayAttachment( "GatewayToInternet", VpcId=Ref("VPC"), InternetGatewayId=Ref("InternetGateway"), )) self.PubSubnet1 = t.add_resource(ec2.Subnet( "PubSubnet1", Tags=Tags( Application=Ref("AWS::StackName"), Environment=Ref(self.Environment), Network="Public", Name=Join("-", ["NT-PU-1", Ref(self.Project)]), ), VpcId=Ref("VPC"), CidrBlock=Ref(self.PublicSubnet1), AvailabilityZone=Ref(self.AvailabilityZone1), MapPublicIpOnLaunch=True, )) self.PubSubnet2 = t.add_resource(ec2.Subnet( "PubSubnet2", Tags=Tags( Application=Ref("AWS::StackName"), Environment=Ref(self.Environment), Network="Public", Name=Join("-", ["NT-PU-2", Ref(self.Project)]), ), VpcId=Ref("VPC"), CidrBlock=Ref(self.PublicSubnet2), AvailabilityZone=Ref(self.AvailabilityZone2), MapPublicIpOnLaunch=True, )) self.PriSubnet2 = t.add_resource(ec2.Subnet( "PriSubnet2", Tags=Tags( Application=Ref("AWS::StackName"), Environment=Ref(self.Environment), Network="Private", Name=Join("-", ["NT-PR-2", Ref(self.Project)]), ), VpcId=Ref("VPC"), CidrBlock=Ref(self.PrivateSubnet2), AvailabilityZone=Ref(self.AvailabilityZone2), )) self.PriSubnet1 = t.add_resource(ec2.Subnet( "PriSubnet1", Tags=Tags( Application=Ref("AWS::StackName"), Environment=Ref(self.Environment), Network="Private", Name=Join("-", ["NT-PR-1", Ref(self.Project)]), ), VpcId=Ref("VPC"), CidrBlock=Ref(self.PrivateSubnet1), AvailabilityZone=Ref(self.AvailabilityZone1), )) self.PrivateRouteTable2 = t.add_resource(ec2.RouteTable( "PrivateRouteTable2", VpcId=Ref("VPC"), Tags=Tags( Application=Ref("AWS::StackName"), Environment=Ref(self.Environment), Network="Private", Name=Join("-", ["RT-PR-2", Ref(self.Project)]), ), )) self.PublicRoute = t.add_resource(ec2.Route( "PublicRoute", GatewayId=Ref("InternetGateway"), DestinationCidrBlock="0.0.0.0/0", RouteTableId=Ref(self.PublicRouteTable), )) self.PrivateRouteTable1 = t.add_resource(ec2.RouteTable( "PrivateRouteTable1", VpcId=Ref("VPC"), Tags=Tags( Application=Ref("AWS::StackName"), Environment=Ref(self.Environment), Network="Private", Name=Join("-", ["RT-PR-1", Ref(self.Project)]), ), )) self.PriSubnet2RTAssoc = t.add_resource(ec2.SubnetRouteTableAssociation( "PriSubnet2RTAssoc", SubnetId=Ref(self.PriSubnet2), RouteTableId=Ref(self.PrivateRouteTable2), )) self.InternetGateway = t.add_resource(ec2.InternetGateway( "InternetGateway", Tags=Tags( Application=Ref("AWS::StackName"), Environment=Ref(self.Environment), Network="Public", Name=Join("-", ["IGW", Ref(self.Project)]), ), )) self.VPC = t.add_resource(ec2.VPC( "VPC", CidrBlock=Ref(self.VpcCidr), EnableDnsSupport=True, EnableDnsHostnames=True, Tags=Tags( Name=Join("-", ["VPC", Ref(self.Project)]), Environment=Ref(self.Environment), Application=Ref("AWS::StackName"), ), )) self.PubSubnet2RTAssoc = t.add_resource(ec2.SubnetRouteTableAssociation( "PubSubnet2RTAssoc", SubnetId=Ref(self.PubSubnet2), RouteTableId=Ref(self.PublicRouteTable), )) self.PubSubnet1RTAssoc = t.add_resource(ec2.SubnetRouteTableAssociation( "PubSubnet1RTAssoc", SubnetId=Ref(self.PubSubnet1), RouteTableId=Ref(self.PublicRouteTable), )) self.PriSubnet1RTAssoc = t.add_resource(ec2.SubnetRouteTableAssociation( "PriSubnet1RTAssoc", SubnetId=Ref(self.PriSubnet1), RouteTableId=Ref(self.PrivateRouteTable1), ))