Beispiel #1
0
    def create_elb(self, subnet1, subnet2, elb_sg):
        load_balancer = self.t.add_resource(
            LoadBalancer(
                "LoadBalancer",
                ConnectionDrainingPolicy=ConnectionDrainingPolicy(
                    Enabled=True,
                    Timeout=120,
                ),
                Subnets=[Ref(subnet1), Ref(subnet2)],
                HealthCheck=HealthCheck(
                    Target="TCP:80",
                    HealthyThreshold="2",
                    UnhealthyThreshold="9",
                    Interval="20",
                    Timeout="15",
                ),
                Listeners=[
                    Listener(
                        LoadBalancerPort="80",
                        InstancePort="80",
                        Protocol="HTTP",
                    ),
                ],
                CrossZone=True,
                SecurityGroups=[Ref(elb_sg)],
                LoadBalancerName="webapp-elb",
                Scheme="internet-facing",
            ))

        return load_balancer
Beispiel #2
0
    def add_elb(self):
        t = self.template

        self.elbSg = t.add_resource(
            SecurityGroup(
                'ElbSecurityGroup',
                VpcId=Ref(self.vpcIdParam),
                GroupDescription='Security group for ELB.',
                SecurityGroupIngress=[
                    SecurityGroupRule(ToPort='80',
                                      FromPort='80',
                                      IpProtocol='tcp',
                                      CidrIp="0.0.0.0/0")
                    #TODO HTTPS
                ],
                Tags=self.defaultTags +
                [Tag('Name', Join("", [self.namePrefix, 'ElbSecurityGroup']))
                 ]))

        self.elbListener = Listener('ElbListener',
                                    LoadBalancerPort="80",
                                    InstancePort="80",
                                    Protocol="HTTP",
                                    InstanceProtocol="HTTP")

        self.elbHealthCheck = HealthCheck(Target="TCP:80",
                                          Timeout="2",
                                          Interval="5",
                                          HealthyThreshold="2",
                                          UnhealthyThreshold="2")

        publicSubnetIds = [
            self.sceptreUserData['subnets']['publicInfraAZ1Id'],
            self.sceptreUserData['subnets']['publicInfraAZ2Id'],
            self.sceptreUserData['subnets']['publicInfraAZ3Id']
        ]

        self.elb = t.add_resource(
            LoadBalancer('Elb',
                         Listeners=[self.elbListener],
                         Scheme='internet-facing',
                         HealthCheck=self.elbHealthCheck,
                         CrossZone=True,
                         Subnets=publicSubnetIds,
                         SecurityGroups=[Ref(self.elbSg)],
                         Tags=self.defaultTags +
                         [Tag('Name', Join("", [self.namePrefix, 'Elb']))]))
        return 0
def define_networking(t):
    t.add_resource(
        VPC("VPC",
            CidrBlock=Ref(t.parameters["vpcCidrBlock"]),
            InstanceTenancy="default",
            EnableDnsSupport=True,
            EnableDnsHostnames=False,
            Tags=troposphere.cloudformation.Tags(Name=Join(
                " ", ["BIG-IQ VPC:", Ref("AWS::StackName")]))))

    t.add_resource(
        Subnet("Subnet1",
               CidrBlock=Ref(t.parameters["subnet1CidrBlock"]),
               VpcId=Ref(t.resources["VPC"]),
               AvailabilityZone=Ref(t.parameters["subnet1Az"]),
               Tags=Tags(
                   Name=Join(" ", ["BIG-IQ Subnet 1:",
                                   Ref("AWS::StackName")]))))

    t.add_resource(
        Subnet("Subnet2",
               CidrBlock=Ref(t.parameters["subnet2CidrBlock"]),
               VpcId=Ref(t.resources["VPC"]),
               AvailabilityZone=Ref(t.parameters["subnet2Az"]),
               Tags=Tags(
                   Name=Join(" ", ["Big-IQ Subnet 2:",
                                   Ref("AWS::StackName")]))))

    t.add_resource(
        RouteTable("RouteTable1",
                   VpcId=Ref(t.resources["VPC"]),
                   Tags=Tags(Name=Join(
                       " ", ["BIG-IQ Route Table 1:",
                             Ref("AWS::StackName")]))))

    t.add_resource(
        RouteTable("RouteTable2",
                   VpcId=Ref(t.resources["VPC"]),
                   Tags=Tags(Name=Join(
                       " ", ["BIG-IQ Route Table 2:",
                             Ref("AWS::StackName")]))))

    t.add_resource(
        SubnetRouteTableAssociation("Subnet1RouteTableAssociation",
                                    SubnetId=Ref(t.resources["Subnet1"]),
                                    RouteTableId=Ref(
                                        t.resources["RouteTable1"])))

    t.add_resource(
        SubnetRouteTableAssociation("Subnet2RouteTableAssociation",
                                    SubnetId=Ref(t.resources["Subnet2"]),
                                    RouteTableId=Ref(
                                        t.resources["RouteTable2"])))

    t.add_resource(
        InternetGateway(
            "IGW",
            Tags=Tags(Name=Join(
                " ", ["BIG-IQ Internet Gateway:",
                      Ref("AWS::StackName")]))))

    t.add_resource(
        VPCGatewayAttachment("IGWAttachment",
                             VpcId=Ref(t.resources["VPC"]),
                             InternetGatewayId=Ref(t.resources["IGW"])))

    t.add_resource(
        Route("Route1Default",
              DestinationCidrBlock="0.0.0.0/0",
              RouteTableId=Ref(t.resources["RouteTable1"]),
              GatewayId=Ref(t.resources["IGW"])))

    t.add_resource(
        Route("Route2Default",
              DestinationCidrBlock="0.0.0.0/0",
              RouteTableId=Ref(t.resources["RouteTable2"]),
              GatewayId=Ref(t.resources["IGW"])))

    t.add_resource(NetworkAcl("VPCAcl", VpcId=Ref(t.resources["VPC"])))

    t.add_resource(
        SecurityGroup(
            "SecurityGroup",
            GroupName=Join(" ",
                           ["BIG-IQ SG:", Ref("AWS::StackName")]),
            GroupDescription="vpc-sg",
            VpcId=Ref(t.resources["VPC"]),
            SecurityGroupIngress=[
                SecurityGroupRule(IpProtocol="tcp",
                                  FromPort="443",
                                  ToPort="443",
                                  CidrIp="0.0.0.0/0"),
                SecurityGroupRule(IpProtocol="tcp",
                                  FromPort="80",
                                  ToPort="80",
                                  CidrIp="0.0.0.0/0"),
                SecurityGroupRule(IpProtocol="tcp",
                                  FromPort="22",
                                  ToPort="22",
                                  CidrIp="0.0.0.0/0"),
                SecurityGroupRule(
                    IpProtocol=
                    "tcp",  # TODO Determine actual ports which should be open
                    FromPort="1",
                    ToPort="65356",
                    CidrIp=Ref(t.parameters["vpcCidrBlock"]))
            ]))

    t.add_resource(
        SecurityGroup("ElbSecurityGroup",
                      GroupName=Join(
                          " ", ["ELB-SG-", Ref("AWS::StackName")]),
                      GroupDescription="vpc-sg",
                      VpcId=Ref(t.resources["VPC"]),
                      SecurityGroupIngress=[]))

    t.add_resource(
        LoadBalancer(
            "ClassicELB",
            SecurityGroups=[Ref(t.resources["ElbSecurityGroup"])],
            HealthCheck=HealthCheck(HealthyThreshold="10",
                                    Interval="30",
                                    Target="TCP:22",
                                    Timeout="5",
                                    UnhealthyThreshold="2"),
            Listeners=[
                Listener(LoadBalancerPort="80",
                         InstancePort="80",
                         Protocol="TCP",
                         InstanceProtocol="TCP")
            ],
            LoadBalancerName=Join("", ["ELB-", Ref("AWS::StackName")]),
            Scheme="internet-facing",
            Subnets=[Ref(t.resources["Subnet1"]),
                     Ref(t.resources["Subnet2"])]))
from troposphere import Template
from troposphere.elasticloadbalancing import Listener, LoadBalancer

t = Template()

t.add_description("ELB with Proxy Protocol enabled for ports 80 and 443")

elb = t.add_resource(LoadBalancer(
    "ElasticLoadBalancer",
    Listeners=[
        Listener(
            LoadBalancerPort="80",
            InstancePort="80",
            Protocol="TCP"
        ),
        Listener(
            LoadBalancerPort="443",
            InstancePort="443",
            Protocol="TCP"
        ),
    ],
    Policies=[
        {
            "PolicyName": "EnableProxyProtocol",
            "PolicyType": "ProxyProtocolPolicyType",
            "Attributes": [{
                "Name": "ProxyProtocol",
                "Value": "true"
            }],
            "InstancePorts": ["80", "443"]
        }
Beispiel #5
0
    loadbalancer = []
    targetgroup = []

    if "elb" in rolemap[role]:
        elb_identifier = ""
        if rolemap[role]["elb"]["subnet"] in public_prefixes:
            elb_identifier = "pubsub" + rolemap[role]["elb"]["subnet"].upper()

        elb = t.add_resource(
            LoadBalancer(
                "elb" + role.upper(),
                Subnets=Split(",", Ref(elb_identifier)),
                Listeners=[
                    Listener(
                        LoadBalancerPort=80,
                        InstancePort=80,
                        Protocol='HTTP',
                    ),
                ],
                SecurityGroups=[Ref("defaultSG"),
                                Ref(elbSecurityGroup)],
                HealthCheck=HealthCheck(
                    Target=rolemap[role]["elb"]["healthcheck"],
                    HealthyThreshold="2",
                    UnhealthyThreshold="2",
                    Interval="10",
                    Timeout="5"),
                ConnectionDrainingPolicy=ConnectionDrainingPolicy(Enabled=True,
                                                                  Timeout=300),
                CrossZone=True,
                Tags=Tags(Environment=Ref("environment"), Service=role)))
Beispiel #6
0
    def add_kippo_sensors(self):
        # Create the ELB
        self.template.add_resource(
            LoadBalancer(
                'Elb',
                Listeners=[
                    Listener(
                        InstancePort=80,
                        LoadBalancerPort=80,
                        Protocol='http',
                    ),
                    Listener(
                        InstancePort=443,
                        LoadBalancerPort=443,
                        Protocol='tcp',  # Plain TCP forwarding for HTTPS/SSL
                    ),
                ],
                CrossZone=True,
                Subnets=Ref('ElbSubnetIdList'),
                SecurityGroups=[Ref('ElbSecurityGroup')],
                Scheme='internet-facing',
                HealthCheck=HealthCheck(
                    Target='HTTP:80/kippo-graph/',
                    HealthyThreshold=2,
                    UnhealthyThreshold=5,
                    Interval=120,
                    Timeout=60,
                ),
            ))

        self.template.add_output(
            Output(
                'ElbEndpoint',
                Description='ELB endpoint address',
                Value=GetAtt('Elb', 'DNSName'),
            ))

        self.template.add_resource(
            LaunchConfiguration(
                'LaunchConfiguration',
                KeyName=Ref('KeyName'),
                ImageId=FindInMap('Ec2AmiMap', Ref('AWS::Region'), 'AmiId'),
                InstanceType=Ref('Ec2InstanceType'),
                SecurityGroups=[Ref('Ec2SecurityGroup')],
                AssociatePublicIpAddress=True,
                UserData=Base64(
                    Join('\n', [
                        '#cloud-config',
                        'repo_upgrade: security',
                        'runcmd:',
                        ' - "/usr/bin/wget -O /tmp/configure_kippo_sensor.sh https://raw.githubusercontent.com/cdodd/aws-kippo-cluster/master/bootstrap/configure_kippo_sensor.sh"',
                        Join(
                            '',
                            [
                                ' - "bash /tmp/configure_kippo_sensor.sh',
                                ' ',
                                GetAtt('RdsInstance', 'Endpoint.Address'),
                                ' ',
                                Ref('RdsRootPassword'),
                                ' ',
                                Ref('RealSshPort'),
                                '"',
                            ],
                        ),
                    ])),
            ))

        self.template.add_resource(
            AutoScalingGroup(
                'Asg',
                DesiredCapacity=Ref('KippoSensorCount'),
                HealthCheckGracePeriod=1800,
                HealthCheckType='ELB',
                LaunchConfigurationName=Ref('LaunchConfiguration'),
                LoadBalancerNames=[Ref('Elb')],
                MaxSize=Ref('KippoSensorCount'),
                MinSize=Ref('KippoSensorCount'),
                Tags=[Tag(key='Name', value='kippo-sensor', propogate='true')],
                VPCZoneIdentifier=Ref('Ec2SubnetIdList'),
            ))
Beispiel #7
0
t.add_resource(elb_ingress_rule)

# ssh for each home egress point
home_ssh_rules = []
for (ip, name) in home_egress_ips:
    rule = SecurityGroupIngress(name)
    rule.CidrIp = ip
    rule.FromPort = 22
    rule.ToPort = 22
    rule.GroupId = Ref(home_ssh)
    rule.IpProtocol = 'tcp'
    home_ssh_rules.append(rule)
    t.add_resource(rule)

# load balancer
elb_listener_80 = Listener(config['name'] + 'Ssl')
elb_listener_80.InstancePort = 80
elb_listener_80.LoadBalancerPort = 80
elb_listener_80.Protocol = 'HTTP'
elb_listener_80.InstanceProtocol = 'HTTP'

load_balancer = LoadBalancer(config['name'] + "Elb")
load_balancer.CrossZone = True
load_balancer.Listeners = [elb_listener_80]
load_balancer.Subnets = [Ref(subnet.title) for subnet in app_subnets]
load_balancer.SecurityGroups = [Ref(elb_sg)]
t.add_resource(load_balancer)

# launch configuration for consul server
consul_block_device = EBSBlockDevice(config['name'] + 'Ebs')
consul_block_device.DeleteOnTermination = config['consul_launch_config']['block_device']['delete_on_termination']