def generate_template(description=None, **settings):
"""
"""
if description is None:
description = 'VPC template generated via CFN Macro'
template = Template(description)
template.set_metadata({
'Author': 'https://github.com/johnpreston',
'Version': __version__,
'Date': dt.utcnow().isoformat()
})
vpc = add_vpc(template, **settings['Properties'])
if 'VpcSettings' in settings.keys():
vpc_settings = settings['VpcSettings']
if 'DhcpOptions' in vpc_settings.keys():
add_dhcp_options(template, vpc, **vpc_settings['DhcpOptions'])
if KEYISSET('PublicVpc', vpc_settings):
add_gateway(template, vpc)
if KEYISSET('UseCloudMap', vpc_settings):
add_vpcmap(tpl, vpc)
if KEYISSET('SubnetsLayers', settings):
subnets_settings = settings['SubnetsLayers']
add_subnets(template, vpc, settings['Properties']['VpcCidr'],
subnet_settings, vpc_settings['AvailabilityZones'])
def create_template(description, metadata, outputs, resources):
"""Creates troposphere template."""
template = Template()
template.set_description(description)
template.set_metadata(metadata)
template.add_output(outputs)
for resource in resources:
template.add_resource(resource)
return template
def init_template(description=None):
"""Function to initialize the troposphere base template
:param description: Description used for the CFN
:type description: str
:returns: template
:rtype: Template
"""
if description is not None:
template = Template(description)
else:
template = Template(f"Template generated by ECS ComposeX")
template.set_metadata({"GeneratedOn": DATE})
template.set_version()
return template
def init_template(description=None):
"""Function to initialize the troposphere base template
:param description: Description used for the CFN
:type description: str
:returns: template
:rtype: Template
"""
if description is not None:
template = Template(description)
else:
template = Template("Template generated by ECS ComposeX")
template.set_metadata(
deepcopy({
"Type": "ComposeX",
"Properties": {
"Version": version,
"GeneratedOn": DATE
},
}))
template.set_version()
return template
def generate_template(environment):
'''
Generates the required template based on the given environment.
Parameters:
environment: str
The environment for which the template is to be generated.
Ex: Experimental, Development, Production
Returns:
template: obj
A Template(troposphere) object with all the requiured attributes.
'''
template = Template()
template.set_description('Service VPC')
template.set_metadata({
"DependsOn": [],
"Environment": environment,
"StackName": f'{environment}-VPC'
})
internet_gateway = template.add_resource(
InternetGateway("InternetGateway",
Tags=Tags(Environment=environment,
Name=f'{environment}-InternetGateway')))
vpc = template.add_resource(
VPC("VPC",
CidrBlock="10.0.0.0/16",
EnableDnsHostnames=True,
EnableDnsSupport=True,
InstanceTenancy="default",
Tags=Tags(Environment=environment,
Name=f'{environment}-ServiceVPC')))
gateway_attachment = template.add_resource(
VPCGatewayAttachment("VpcGatewayAttachment",
InternetGatewayId=Ref(internet_gateway),
VpcId=Ref(vpc)))
network_acl = template.add_resource(
NetworkAcl(
"VpcNetworkAcl",
VpcId=Ref(vpc),
Tags=Tags(Environment=environment,
Name=f'{environment}-NetworkAcl'),
))
network_acl_inbound_rule = template.add_resource(
NetworkAclEntry("VpcNetworkAclInboundRule",
CidrBlock="0.0.0.0/0",
Egress=False,
NetworkAclId=Ref(network_acl),
PortRange=PortRange(To='443', From='443'),
Protocol=6,
RuleAction="allow",
RuleNumber=100))
network_acl_outbound_rule = template.add_resource(
NetworkAclEntry("VpcNetworkAclOutboundRule",
CidrBlock="0.0.0.0/0",
Egress=True,
NetworkAclId=Ref(network_acl),
Protocol=6,
RuleAction="allow",
RuleNumber=200))
template.add_output([
Output("InternetGateway", Value=Ref(internet_gateway)),
Output("VPCID", Value=Ref(vpc))
])
return template
from troposphere import Template, Parameter, Output, Export, Ref, Equals, Sub
from troposphere import ec2
t = Template()
t.set_version()
t.set_description('Template generated by Troposphere')
t.set_metadata({
'Comments': 'Initial Draft',
'LastUpdated': 'Jan 1st 2015',
'UpdatedBy': 'First Last',
'Version': 'V1.0',
'Instances': {
'Description': 'Information about the instances'
},
'Databases': {
'Description': 'Information about the databases'
}
})
p_environment = t.add_parameter(
Parameter(
'Environment',
Description='Environment into which the EC2 instance will be deployed',
Type='String'))
t.add_parameter(
Parameter(
'KeyName',
Description='Name of an existing EC2 KeyPair to enable SSH '
'access to the instance',
from troposphere import Template
t = Template()
t.set_description("Example to show adding a Metadata section to the template")
t.set_metadata({
"Comments": "Initial Draft",
"LastUpdated": "Jan 1st 2015",
"UpdatedBy": "First Last",
"Version": "V1.0",
})
print(t.to_json())
from troposphere.kms import (Key as KmsKey, Alias as KmsAlias)
from troposphere.s3 import (
Bucket, LifecycleConfiguration, LifecycleRule, LifecycleRuleTransition,
VersioningConfiguration, AbortIncompleteMultipartUpload, BucketEncryption,
SseKmsEncryptedObjects, SourceSelectionCriteria, ServerSideEncryptionRule,
ServerSideEncryptionByDefault, ReplicationConfiguration,
ReplicationConfigurationRules, ReplicationConfigurationRulesDestination,
EncryptionConfiguration)
from ozone.resources.iam.roles import role_trust_policy
TPL = Template('Template to create Replicated Bucket')
TPL.set_metadata({
'Author': 'https://github.com/johnpreston',
'Date': dt.utcnow().isoformat()
})
SOURCE_REGION = TPL.add_parameter(
Parameter('SourceRegion',
Type='String',
AllowedValues=[
region['RegionName']
for region in client('ec2').describe_regions()['Regions']
]))
REPLICA_REGION = TPL.add_parameter(
Parameter('ReplicaRegion',
Type='String',
AllowedValues=[
region['RegionName']
# Common tags to tag AWS Resources with
common_tags = dict(
Environment='ApiDev',
Owner='Foo industries',
Service='ServiceVPC',
VPC='Dev'
)
# The CloudFormation template for "stack_dev"
template = Template(Description="Service VPC - used for services")
template.set_metadata({
"Build": "development",
"DependsOn": [],
"Environment": "ApiDev",
"Revision": "develop",
"StackName": "ApiDev-Dev-VPC",
"StackType": "InfrastructureResource",
"TemplateBucket": "cfn-apidev",
"TemplateName": "VPC",
"TemplatePath": "ApiDev/Dev/VPC"
})
def tags(resource_name):
""" Returns common tags along with custom name tag
for each kind of resource type.
Parameters:
resource_name: str
Name of resource
def generate_vpc_template(layers, az_count, cidr_block):
TPL = Template()
TPL.set_description('VPC - Version 2019-06-05')
TPL.set_metadata({'Author': 'https://github.com/johnpreston'})
VPC = VPCType('VPC',
CidrBlock=cidr_block,
EnableDnsHostnames=True,
EnableDnsSupport=True,
Tags=Tags(Name=Ref('AWS::StackName'),
EnvironmentName=Ref('AWS::StackName')))
IGW = InternetGateway("InternetGateway")
IGW_ATTACH = VPCGatewayAttachment("VPCGatewayAttachement",
InternetGatewayId=Ref(IGW),
VpcId=Ref(VPC))
DHCP_OPTIONS = DHCPOptions('VpcDhcpOptions',
DomainName=Sub(f'${{AWS::StackName}}.local'),
DomainNameServers=['AmazonProvidedDNS'],
Tags=Tags(Name=Sub(f'DHCP-${{{VPC.title}}}')))
DHCP_ATTACH = VPCDHCPOptionsAssociation('VpcDhcpOptionsAssociate',
DhcpOptionsId=Ref(DHCP_OPTIONS),
VpcId=Ref(VPC))
DNS_HOSTED_ZONE = HostedZone(
'VpcHostedZone',
VPCs=[HostedZoneVPCs(VPCId=Ref(VPC), VPCRegion=Ref('AWS::Region'))],
Name=Sub(f'${{AWS::StackName}}.local'),
HostedZoneTags=Tags(Name=Sub(f'ZoneFor-${{{VPC.title}}}')))
TPL.add_resource(VPC)
TPL.add_resource(IGW)
TPL.add_resource(IGW_ATTACH)
TPL.add_resource(DHCP_OPTIONS)
TPL.add_resource(DHCP_ATTACH)
TPL.add_resource(DNS_HOSTED_ZONE)
STORAGE_RTB = TPL.add_resource(
RouteTable('StorageRtb', VpcId=Ref(VPC), Tags=Tags(Name='StorageRtb')))
STORAGE_SUBNETS = []
for count, subnet_cidr in zip(az_count, layers['stor']):
subnet = Subnet(
f'StorageSubnet{alpha[count].upper()}',
CidrBlock=subnet_cidr,
VpcId=Ref(VPC),
AvailabilityZone=Sub(f'${{AWS::Region}}{alpha[count]}'),
Tags=Tags(Name=Sub(f'${{AWS::StackName}}-Storage-{alpha[count]}'),
Usage="Storage"))
subnet_assoc = TPL.add_resource(
SubnetRouteTableAssociation(
f'StorageSubnetAssoc{alpha[count].upper()}',
SubnetId=Ref(subnet),
RouteTableId=Ref(STORAGE_RTB)))
STORAGE_SUBNETS.append(subnet)
TPL.add_resource(subnet)
PUBLIC_RTB = TPL.add_resource(
RouteTable('PublicRtb', VpcId=Ref(VPC), Tags=Tags(Name='PublicRtb')))
PUBLIC_ROUTE = TPL.add_resource(
Route('PublicDefaultRoute',
GatewayId=Ref(IGW),
RouteTableId=Ref(PUBLIC_RTB),
DestinationCidrBlock='0.0.0.0/0'))
PUBLIC_SUBNETS = []
NAT_GATEWAYS = []
for count, subnet_cidr in zip(az_count, layers['pub']):
subnet = Subnet(
f'PublicSubnet{alpha[count].upper()}',
CidrBlock=subnet_cidr,
VpcId=Ref(VPC),
AvailabilityZone=Sub(f'${{AWS::Region}}{alpha[count]}'),
MapPublicIpOnLaunch=True,
Tags=Tags(Name=Sub(f'${{AWS::StackName}}-Public-{alpha[count]}')))
eip = TPL.add_resource(
EIP(f"NatGatewayEip{alpha[count].upper()}", Domain='vpc'))
nat = NatGateway(f"NatGatewayAz{alpha[count].upper()}",
AllocationId=GetAtt(eip, 'AllocationId'),
SubnetId=Ref(subnet))
subnet_assoc = TPL.add_resource(
SubnetRouteTableAssociation(
f'PublicSubnetsRtbAssoc{alpha[count].upper()}',
RouteTableId=Ref(PUBLIC_RTB),
SubnetId=Ref(subnet)))
NAT_GATEWAYS.append(nat)
PUBLIC_SUBNETS.append(subnet)
TPL.add_resource(nat)
TPL.add_resource(subnet)
APP_SUBNETS = []
APP_RTBS = []
for count, subnet_cidr, nat in zip(az_count, layers['app'], NAT_GATEWAYS):
SUFFIX = alpha[count].upper()
subnet = Subnet(
f'AppSubnet{SUFFIX}',
CidrBlock=subnet_cidr,
VpcId=Ref(VPC),
AvailabilityZone=Sub(f'${{AWS::Region}}{alpha[count]}'),
Tags=Tags(Name=Sub(f'${{AWS::StackName}}-App-{alpha[count]}')))
APP_SUBNETS.append(subnet)
rtb = RouteTable(f'AppRtb{alpha[count].upper()}',
VpcId=Ref(VPC),
Tags=Tags(Name=f'AppRtb{alpha[count].upper()}'))
APP_RTBS.append(rtb)
route = Route(f'AppRoute{alpha[count].upper()}',
NatGatewayId=Ref(nat),
RouteTableId=Ref(rtb),
DestinationCidrBlock='0.0.0.0/0')
subnet_assoc = SubnetRouteTableAssociation(
f'SubnetRtbAssoc{alpha[count].upper()}',
RouteTableId=Ref(rtb),
SubnetId=Ref(subnet))
TPL.add_resource(subnet)
TPL.add_resource(rtb)
TPL.add_resource(route)
TPL.add_resource(subnet_assoc)
APP_S3_ENDPOINT = VPCEndpoint(
'AppS3Endpoint',
VpcId=Ref(VPC),
RouteTableIds=[Ref(rtb) for rtb in APP_RTBS],
ServiceName=Sub('com.amazonaws.${AWS::Region}.s3'),
VpcEndpointType='Gateway',
)
PUBLIC_S3_ENDPOINT = VPCEndpoint(
'PublicS3Endpoint',
VpcId=Ref(VPC),
RouteTableIds=[Ref(PUBLIC_RTB)],
ServiceName=Sub('com.amazonaws.${AWS::Region}.s3'),
VpcEndpointType='Gateway',
)
STORAGE_S3_ENDPOINT = VPCEndpoint(
'StorageS3Endpoint',
VpcId=Ref(VPC),
RouteTableIds=[Ref(STORAGE_RTB)],
ServiceName=Sub('com.amazonaws.${AWS::Region}.s3'),
VpcEndpointType='Gateway')
RESOURCES = []
for count in az_count:
resource = TPL.add_resource(EIP(f'Eip{count}', Domain='vpc'))
RESOURCES.append(resource)
TPL.add_resource(APP_S3_ENDPOINT)
TPL.add_resource(PUBLIC_S3_ENDPOINT)
TPL.add_resource(STORAGE_S3_ENDPOINT)
SG_RULES = []
for subnet in layers['app']:
RULE = SecurityGroupRule(
IpProtocol="tcp",
FromPort="443",
ToPort="443",
CidrIp=subnet,
)
SG_RULES.append(RULE)
ENDPOINT_SG = TPL.add_resource(
SecurityGroup(
'VpcEndpointSecurityGroup',
VpcId=Ref(VPC),
GroupDescription='SG for all Interface VPC Endpoints',
SecurityGroupIngress=SG_RULES,
Tags=Tags(Name="sg-endpoints"),
))
APP_SNS_ENDPOINT = VPCEndpoint(
'AppSNSEndpoint',
VpcId=Ref(VPC),
SubnetIds=[Ref(subnet) for subnet in APP_SUBNETS],
SecurityGroupIds=[GetAtt(ENDPOINT_SG, 'GroupId')],
ServiceName=Sub('com.amazonaws.${AWS::Region}.sns'),
VpcEndpointType='Interface',
PrivateDnsEnabled=True)
TPL.add_resource(APP_SNS_ENDPOINT)
APP_SQS_ENDPOINT = VPCEndpoint(
'AppSQSEndpoint',
VpcId=Ref(VPC),
SubnetIds=[Ref(subnet) for subnet in APP_SUBNETS],
SecurityGroupIds=[GetAtt(ENDPOINT_SG, 'GroupId')],
ServiceName=Sub('com.amazonaws.${AWS::Region}.sqs'),
VpcEndpointType='Interface',
PrivateDnsEnabled=True)
TPL.add_resource(APP_SQS_ENDPOINT)
APP_ECR_API_ENDPOINT = VPCEndpoint(
'AppECRAPIEndpoint',
VpcId=Ref(VPC),
SubnetIds=[Ref(subnet) for subnet in APP_SUBNETS],
SecurityGroupIds=[GetAtt(ENDPOINT_SG, 'GroupId')],
ServiceName=Sub('com.amazonaws.${AWS::Region}.ecr.api'),
VpcEndpointType='Interface',
PrivateDnsEnabled=True)
TPL.add_resource(APP_ECR_API_ENDPOINT)
APP_ECR_DKR_ENDPOINT = VPCEndpoint(
'AppECRDKREndpoint',
VpcId=Ref(VPC),
SubnetIds=[Ref(subnet) for subnet in APP_SUBNETS],
SecurityGroupIds=[GetAtt(ENDPOINT_SG, 'GroupId')],
ServiceName=Sub('com.amazonaws.${AWS::Region}.ecr.dkr'),
VpcEndpointType='Interface',
PrivateDnsEnabled=True)
TPL.add_resource(APP_ECR_DKR_ENDPOINT)
APP_SECRETS_MANAGER_ENDPOINT = VPCEndpoint(
'AppSecretsManagerEndpoint',
VpcId=Ref(VPC),
SubnetIds=[Ref(subnet) for subnet in APP_SUBNETS],
SecurityGroupIds=[GetAtt(ENDPOINT_SG, 'GroupId')],
ServiceName=Sub('com.amazonaws.${AWS::Region}.secretsmanager'),
VpcEndpointType='Interface',
PrivateDnsEnabled=True)
TPL.add_resource(APP_SECRETS_MANAGER_ENDPOINT)
APP_SSM_ENDPOINT = VPCEndpoint(
'AppSSMEndpoint',
VpcId=Ref(VPC),
SubnetIds=[Ref(subnet) for subnet in APP_SUBNETS],
SecurityGroupIds=[GetAtt(ENDPOINT_SG, 'GroupId')],
ServiceName=Sub('com.amazonaws.${AWS::Region}.ssm'),
VpcEndpointType='Interface',
PrivateDnsEnabled=True)
TPL.add_resource(APP_SSM_ENDPOINT)
APP_SSM_MESSAGES_ENDPOINT = VPCEndpoint(
'AppSSMMessagesEndpoint',
VpcId=Ref(VPC),
SubnetIds=[Ref(subnet) for subnet in APP_SUBNETS],
SecurityGroupIds=[GetAtt(ENDPOINT_SG, 'GroupId')],
ServiceName=Sub('com.amazonaws.${AWS::Region}.ssmmessages'),
VpcEndpointType='Interface',
PrivateDnsEnabled=True)
TPL.add_resource(APP_SSM_MESSAGES_ENDPOINT)
################################################################################
#
# OUTPUTS
#
TPL.add_output(object_outputs(VPC, name_is_id=True))
TPL.add_output(object_outputs(APP_SQS_ENDPOINT, name_is_id=True))
TPL.add_output(object_outputs(APP_SNS_ENDPOINT, name_is_id=True))
TPL.add_output(
comments_outputs([{
'EIP':
Join(',',
[GetAtt(resource, "AllocationId") for resource in RESOURCES])
}, {
'PublicSubnets':
Join(',', [Ref(subnet) for subnet in PUBLIC_SUBNETS])
}, {
'StorageSubnets':
Join(',', [Ref(subnet) for subnet in STORAGE_SUBNETS])
}, {
'ApplicationSubnets':
Join(',', [Ref(subnet) for subnet in APP_SUBNETS])
}, {
'StackName': Ref('AWS::StackName')
}, {
'VpcZoneId': Ref(DNS_HOSTED_ZONE)
}]))
return TPL
class EnvironmentTemplate:
def __init__(self, Env=os.environ.get('ENV', 'Development')):
self.env = Env
url_config = os.getcwd() + '/config/config.ini'
p = MyParser()
self.config = p.readconfig(url_config, self.env)
self.template = Template()
self.template.set_description("Service VPC")
self.template.set_metadata({
"DependsOn": [],
"Environment": Env,
"StackName": "%s-VPC" % Env
})
self.vpc = None
self.gateway = None
self.gateway_attachment = None
""" private method to set tags for the resources"""
def __set_tags(self, name):
tags = [{
"Key": "Environment",
"Value": self.env
}, {
"Key": "Name",
"Value": "%s-%s" % (self.env, name)
}]
return tags
""" create gateway within the vpc"""
def create_gateway(self, name=GATEWAY):
self.gateway = self.template.add_resource(
ec2.InternetGateway(name, Tags=self.__set_tags("InternetGateway")))
self.template.add_output(Output(
GATEWAY_ID,
Value=self.gateway.Ref(),
))
self.gateway_attachment = self.template.add_resource(
ec2.VPCGatewayAttachment(
VPC_GATEWAYATTACHMENT,
VpcId=self.vpc.Ref(),
InternetGatewayId=self.gateway.Ref(),
))
""" create vpc n/w access list,inboud and outbound rule"""
def create_network(self):
self.vpc_nw_acl = self.template.add_resource(
ec2.NetworkAcl(VPC_NETWORK_ACCESS_LIST,
VpcId=self.vpc.Ref(),
Tags=self.__set_tags("NetworkAcl")))
self.inbound_rule = self.template.add_resource(
ec2.NetworkAclEntry(VPC_NETWORK_ACL_INBOUND_RULE,
NetworkAclId=self.vpc_nw_acl.Ref(),
RuleNumber=100,
Protocol="6",
PortRange=PortRange(To="443", From="443"),
Egress="false",
RuleAction="allow",
CidrBlock="0.0.0.0/0"))
self.outbound_rule = self.template.add_resource(
ec2.NetworkAclEntry(VPC_NETWORK_ACL_OUTBOUND_RULE,
NetworkAclId=self.vpc_nw_acl.Ref(),
RuleNumber=200,
Protocol="6",
Egress="true",
RuleAction="allow",
CidrBlock="0.0.0.0/0"))
""" create vpc for given template"""
def create_vpc(self, name=VPC_NAME):
self.vpc = self.template.add_resource(
ec2.VPC(name,
CidrBlock=self.config['vpc_cidrblock'],
EnableDnsSupport=True,
EnableDnsHostnames=True,
InstanceTenancy="default",
Tags=self.__set_tags("ServiceVPC")))
# Just about everything needs this, so storing it on the object
self.template.add_output(Output(VPC_ID, Value=self.vpc.Ref()))
""" write template json to the file"""
def write_to_file(self, filename):
with open(filename, 'w') as f:
f.write(
json.dumps(json.loads(self.template.to_json()),
indent=2,
sort_keys=True))
