def add_ec2_instance(self): instance_metadata = Metadata( Init({ 'config': InitConfig( packages={'yum': { 'openvpn': [] }}, files=InitFiles({ '/etc/openvpn/server.conf': InitFile(content=Join('\n', [ 'port 1194', 'proto tcp-server', 'dev tun1', 'ifconfig 172.16.1.2 172.16.1.3', 'status server-tcp.log', 'verb 3', 'secret /etc/openvpn/static.key', 'keepalive 10 60', 'ping-timer-rem', 'persist-tun', 'persist-key', 'user nobody', 'group nobody', 'daemon', ]), mode='000644', owner='root', group='root'), '/etc/openvpn/client.ovpn': InitFile(content=Join('\n', [ 'proto tcp-client', 'remote {{public_ip}}', 'port 1194', 'dev tun', 'secret /tmp/secret.key', 'ifconfig 10.4.0.2 10.4.0.1', ]), mode='000644', owner='root', group='root'), '/etc/cfn/cfn-hup.conf': InitFile(content=Join('', [ '[main]\n', 'stack=', Ref('AWS::StackId'), '\n', 'region=', Ref('AWS::Region'), '\n', ]), mode='000400', owner='root', group='root'), '/etc/cfn/hooks.d/cfn-auto-reloader.conf': InitFile(content=Join('', [ '[cfn-auto-reloader-hook]\n', 'triggers=post.update\n', 'path=Resources.OpenVpn.Metadata.AWS::CloudFormation::Init\n', 'action=/opt/aws/bin/cfn-init -v --stack ', Ref('AWS::StackName'), '--resource OpenVpn ', ' --region ', Ref('AWS::Region'), '\n', 'runas=root\n', ])) }), services={ 'sysvinit': InitServices({ 'openvpn': InitService(enabled=True, ensureRunning=True, files=['/etc/openvpn/server.conf']), 'cfn-hup': InitService( enabled=True, ensureRunning=True, files=[ '/etc/cfn/cfn-hup.conf', '/etc/cfn/hooks.d/cfn-auto-reloader.conf' ]) }) }) })) self.ec2_instance = self.template.add_resource( ec2.Instance( "OpenVpn", ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t2.micro", KeyName=self.sceptre_user_data["keyname"], SecurityGroupIds=[Ref(self.securityGroup)], IamInstanceProfile=Ref(self.cfninstanceprofile), SubnetId=ImportValue('deploy-dev-vpc-PublicSubnet'), Metadata=instance_metadata, UserData=Base64( Join('', [ '#!/bin/bash -xe\n', 'yum install easy-rsa -y --enablerepo=epel\n', 'yum update -y aws-cfn-bootstrap\n', '/opt/aws/bin/cfn-init -v --stack ', Ref('AWS::StackName'), ' --resource OpenVpn --region ', Ref('AWS::Region'), '\n', '/opt/aws/bin/cfn-signal -e $? --stack ', Ref('AWS::StackName'), ' --resource OpenVpn --region ', Ref('AWS::Region'), '\n', 'cd /etc/openvpn\n', 'openvpn --genkey --secret static.key\n', 'aws s3 cp static.key s3://', ImportValue('deploy-dev-s3bucket-s3bucketname'), '/\n', 'sudo modprobe iptable_nat', '\n', 'echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward', '\n', 'sudo iptables -t nat -A POSTROUTING -s 10.4.0.1/2 -o eth0 -j MASQUERADE', '\n', 'external_ip=`curl http://169.254.169.254/latest/meta-data/public-ipv4`', '\n', 'sed -i "s|{{public_ip}}|$external_ip|g" /etc/openvpn/client.ovpn', '\n', 'aws s3 cp client.ovpn s3://', ImportValue('deploy-dev-s3bucket-s3bucketname'), '\n', ])), CreationPolicy=CreationPolicy(ResourceSignal=ResourceSignal( Timeout='PT15M')), Tags=Tags(Name="vpn-server"), ))
"ap-southeast-1": { "AMI": "ami-74dda626" }, "ap-northeast-1": { "AMI": "ami-dcfa4edd" } }) ebs = ec2.EBSBlockDevice(VolumeSize=20, VolumeType="gp2", DeletionPolicy="Snapshot") ec2_instance = template.add_resource( ec2.Instance("Ec2Instance", ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t1.micro", KeyName=Ref(keyname_param), SecurityGroups=["default"], UserData=Base64("80"), BlockDeviceMappings=[ ec2.BlockDeviceMapping(DeviceName="/dev/sdf", Ebs=ebs) ])) template.add_output([ Output( "InstanceId", Description="InstanceId of the newly created EC2 instance", Value=Ref(ec2_instance), ), Output( "AZ", Description="Availability Zone of the newly created EC2 instance", Value=GetAtt(ec2_instance, "AvailabilityZone"),
ud = Base64( Join('\n', [ "#!/bin/bash", "sudo yum install --enablerepo=epel -y nodejs", "wget http://bit.ly/2vESNuc -O /home/ec2-user/helloworld.js", "wget http://bit.ly/2vVvT18 -O /etc/init/helloworld.conf", "start helloworld" ])) t.add_resource( ec2.Instance( "instance", ImageId="ami-e251209a", InstanceType="t2.micro", NetworkInterfaces=[ ec2.NetworkInterfaceProperty(AssociatePublicIpAddress="true", GroupSet=[Ref("SecurityGroup")], SubnetId="subnet-72379639", DeviceIndex="0"), ], KeyName=Ref("KeyPair"), UserData=ud, )) t.add_output( Output( "InstancePublicIp", Description="Public IP of our instance.", Value=GetAtt("instance", "PublicIp"), )) t.add_output(
def dump_lab_yaml(cfn_file): template = Template() key_name_param = template.add_parameter( Parameter( "keyName", Description="string of vpc cidr block to use", Type="String", )) ami_id_param = template.add_parameter( Parameter("AmiId", Description="string of vpc cidr block to use", Type="AWS::EC2::Image::Id")) instance_type_param = template.add_parameter( Parameter( "InstanceType", Description="string of vpc cidr block to use", Type="String", )) sg = template.add_resource( ec2.SecurityGroup( "MySg", GroupDescription="who cares", VpcId=ImportValue("VpcId-jdix"), Tags=resource_tags, )) sshIn = template.add_resource( ec2.SecurityGroupIngress("MySshIn", CidrIp="0.0.0.0/0", IpProtocol="tcp", FromPort=22, ToPort=22, GroupId=Ref(sg))) pingIn = template.add_resource( ec2.SecurityGroupIngress("MyPingIn", CidrIp="0.0.0.0/0", IpProtocol="icmp", FromPort=-1, ToPort=-1, GroupId=Ref(sg))) instance = template.add_resource( ec2.Instance( "MyInstance", ImageId=Ref(ami_id_param), SubnetId=ImportValue("SubnetId-jdix"), InstanceType=Ref(instance_type_param), KeyName=Ref(key_name_param), Tags=resource_tags, SecurityGroupIds=[Ref(sg)], )) priv_instance = template.add_resource( ec2.Instance( "MyPrivInstance", ImageId=Ref(ami_id_param), SubnetId=ImportValue("PrivSubnetId-jdix"), InstanceType=Ref(instance_type_param), KeyName=Ref(key_name_param), Tags=resource_tags, SecurityGroupIds=[Ref(sg)], )) instance_elastic_ip = template.add_resource( ec2.EIP( "MyEip", InstanceId=Ref(instance), Tags=resource_tags, )) template.add_output([ Output( "InstanceId", Description="InstanceId of the newly created EC2 instance", Value=Ref(instance), Export=Export("InstanceId-jdix"), ), Output( "InstancePrivateIP", Description="InstanceId of the newly created EC2 instance", Value=GetAtt(instance, "PrivateIp"), Export=Export("InstancePrivateIP-jdix"), ) ]) template_out_yaml(cfn_file, template)
def gen_template(config): num_couchbase_servers = config.server_number couchbase_instance_type = config.server_type num_sync_gateway_servers = config.sync_gateway_number sync_gateway_server_type = config.sync_gateway_type num_gateloads = config.load_number gateload_instance_type = config.load_type num_lbs = config.lb_number lb_instance_type = config.lb_type t = Template() t.add_description( 'An Ec2-classic stack with Couchbase Server, Sync Gateway + load testing tools ' ) def createCouchbaseSecurityGroups(t): # Couchbase security group secGrpCouchbase = ec2.SecurityGroup('CouchbaseSecurityGroup') secGrpCouchbase.GroupDescription = "Allow access to Couchbase Server" secGrpCouchbase.SecurityGroupIngress = [ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="22", ToPort="22", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="8091", ToPort="8091", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( # sync gw user port IpProtocol="tcp", FromPort="4984", ToPort="4984", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( # sync gw admin port IpProtocol="tcp", FromPort="4985", ToPort="4985", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( # expvars IpProtocol="tcp", FromPort="9876", ToPort="9876", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( # couchbase server IpProtocol="tcp", FromPort="4369", ToPort="4369", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( # couchbase server IpProtocol="tcp", FromPort="5984", ToPort="5984", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( # couchbase server IpProtocol="tcp", FromPort="8092", ToPort="8092", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( # couchbase server IpProtocol="tcp", FromPort="11209", ToPort="11209", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( # couchbase server IpProtocol="tcp", FromPort="11210", ToPort="11210", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( # couchbase server IpProtocol="tcp", FromPort="11211", ToPort="11211", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( # couchbase server IpProtocol="tcp", FromPort="21100", ToPort="21299", CidrIp="0.0.0.0/0", ) ] # Add security group to template t.add_resource(secGrpCouchbase) return secGrpCouchbase # # Parameters # keyname_param = t.add_parameter( Parameter( 'KeyName', Type='String', Description='Name of an existing EC2 KeyPair to enable SSH access') ) secGrpCouchbase = createCouchbaseSecurityGroups(t) # Create an IAM Role to give the EC2 instance permissions to # push Cloudwatch Logs, which avoids the need to bake in the # AWS_KEY + AWS_SECRET_KEY into an ~/.aws/credentials file or # env variables mobileTestKitRole = iam.Role( 'MobileTestKit', ManagedPolicyArns=['arn:aws:iam::aws:policy/CloudWatchFullAccess'], AssumeRolePolicyDocument={ 'Version': '2012-10-17', 'Statement': [{ 'Action': 'sts:AssumeRole', 'Principal': { 'Service': 'ec2.amazonaws.com' }, 'Effect': 'Allow', }] }) t.add_resource(mobileTestKitRole) # The InstanceProfile instructs the EC2 instance to use # the mobileTestKitRole created above. It will be referenced # in the instance.IamInstanceProfile property for all EC2 instances created instanceProfile = iam.InstanceProfile( 'EC2InstanceProfile', Roles=[Ref(mobileTestKitRole)], ) t.add_resource(instanceProfile) # Couchbase Server Instances for i in xrange(num_couchbase_servers): name = "couchbaseserver{}".format(i) instance = ec2.Instance(name) instance.ImageId = "ami-6d1c2007" # centos7 instance.InstanceType = couchbase_instance_type instance.SecurityGroups = [Ref(secGrpCouchbase)] instance.KeyName = Ref(keyname_param) instance.Tags = Tags(Name=name, Type="couchbaseserver") instance.IamInstanceProfile = Ref(instanceProfile) instance.BlockDeviceMappings = [ ec2.BlockDeviceMapping(DeviceName="/dev/sda1", Ebs=ec2.EBSBlockDevice( DeleteOnTermination=True, VolumeSize=200, VolumeType="gp2")) ] t.add_resource(instance) # Sync Gw instances (ubuntu ami) for i in xrange(num_sync_gateway_servers): name = "syncgateway{}".format(i) instance = ec2.Instance(name) instance.ImageId = "ami-6d1c2007" # centos7 instance.InstanceType = sync_gateway_server_type instance.SecurityGroups = [Ref(secGrpCouchbase)] instance.KeyName = Ref(keyname_param) instance.IamInstanceProfile = Ref(instanceProfile) instance.BlockDeviceMappings = [ ec2.BlockDeviceMapping(DeviceName="/dev/sda1", Ebs=ec2.EBSBlockDevice( DeleteOnTermination=True, VolumeSize=200, VolumeType="gp2")) ] # Make syncgateway0 a cache writer, and the rest cache readers # See https://github.com/couchbase/sync_gateway/wiki/Distributed-channel-cache-design-notes if i == 0: instance.Tags = Tags(Name=name, Type="syncgateway", CacheType="writer") else: instance.Tags = Tags(Name=name, Type="syncgateway") t.add_resource(instance) # Gateload instances (ubuntu ami) for i in xrange(num_gateloads): name = "gateload{}".format(i) instance = ec2.Instance(name) instance.ImageId = "ami-6d1c2007" # centos7 instance.InstanceType = gateload_instance_type instance.SecurityGroups = [Ref(secGrpCouchbase)] instance.KeyName = Ref(keyname_param) instance.IamInstanceProfile = Ref(instanceProfile) instance.Tags = Tags(Name=name, Type="gateload") instance.BlockDeviceMappings = [ ec2.BlockDeviceMapping(DeviceName="/dev/sda1", Ebs=ec2.EBSBlockDevice( DeleteOnTermination=True, VolumeSize=200, VolumeType="gp2")) ] t.add_resource(instance) # Load Balancer instances (ubuntu ami) for i in xrange(num_lbs): name = "loadbalancer{}".format(i) instance = ec2.Instance(name) instance.ImageId = "ami-6d1c2007" # centos7 instance.InstanceType = lb_instance_type instance.SecurityGroups = [Ref(secGrpCouchbase)] instance.KeyName = Ref(keyname_param) instance.IamInstanceProfile = Ref(instanceProfile) instance.Tags = Tags(Name=name, Type="loadbalancer") instance.BlockDeviceMappings = [ ec2.BlockDeviceMapping(DeviceName="/dev/sda1", Ebs=ec2.EBSBlockDevice( DeleteOnTermination=True, VolumeSize=200, VolumeType="gp2")) ] t.add_resource(instance) return t.to_json()
def setUp(self): self.instance = ec2.Instance('Instance', UserData='') dir = os.path.dirname(__file__) self.filepath = os.path.join(dir, 'userdata_test_scripts/')
], )) ud = Base64( Join('\n', [ "#!/bin/bash", "sudo yum install --enablerepo=epel -y nodejs", "wget http://bit.ly/2vESNuc -O /home/ec2-user/helloworld.js", "wget http://bit.ly/2vVvT18 -O /etc/init/helloworld.conf", "sudo start helloworld" ])) t.add_resource( ec2.Instance( "instance", ImageId="ami-f469ad94", InstanceType="t2.small", SecurityGroups=[Ref("SecurityGroup")], KeyName=Ref("KeyPair"), UserData=ud, )) t.add_output( Output( "InstancePublicIp", Description="Public IP of our instance.", Value=GetAtt("instance", "PublicIp"), )) t.add_output( Output( "WebUrl", Description="Application endpoint",
def create_bastion(self): bastion_security_group_name = 'sgBastion' bastion_security_group = self.add_resource( ec2.SecurityGroup( bastion_security_group_name, GroupDescription='Enables access to the BastionHost', VpcId=Ref(self.vpc), SecurityGroupIngress=[ ec2.SecurityGroupRule(IpProtocol='tcp', CidrIp=Ref(self.ip_access), FromPort=p, ToPort=p) for p in [GRAPHITE_WEB, KIBANA, SSH] ] + [ ec2.SecurityGroupRule(IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p) for p in [GRAPHITE, RELP, STATSITE] ] + [ ec2.SecurityGroupRule(IpProtocol='udp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p) for p in [STATSITE] ], SecurityGroupEgress=[ ec2.SecurityGroupRule(IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p) for p in [POSTGRESQL, REDIS, SSH] ] + [ ec2.SecurityGroupRule(IpProtocol='tcp', CidrIp=ALLOW_ALL_CIDR, FromPort=p, ToPort=p) for p in [HTTP, HTTPS] ], Tags=self.get_tags(Name=bastion_security_group_name))) bastion_host_name = 'BastionHost' bastion_host = self.add_resource( ec2.Instance(bastion_host_name, BlockDeviceMappings=[{ "DeviceName": "/dev/sda1", "Ebs": { "VolumeType": "gp2", "VolumeSize": "256" } }], InstanceType=Ref(self.bastion_instance_type), KeyName=Ref(self.keyname), IamInstanceProfile=Ref(self.bastion_instance_profile), ImageId=Ref(self.bastion_host_ami), NetworkInterfaces=[ ec2.NetworkInterfaceProperty( Description='ENI for BastionHost', GroupSet=[Ref(bastion_security_group)], SubnetId=Ref(self.PUBLIC_SUBNETS[0]), AssociatePublicIpAddress=True, DeviceIndex=0, DeleteOnTermination=True) ], Tags=self.get_tags(Name=bastion_host_name))) return bastion_host, bastion_security_group
ToPort=ApplicationPort, CidrIp="0.0.0.0/0") ])) ud = Base64( Join('\n', [ "#!/bin/bash", "sudo yum install --enablerepo=epel -y git", "sudo yum install --enablerepo=epel -y ansible", AnsiblePullCmd, "echo '*/10 * * * * {}' > /etc/cron.d/ansible-pull".format( AnsiblePullCmd) ])) t.add_resource( ec2.Instance("instance", ImageId="ami-a0cfeed8", InstanceType="t2.micro", SecurityGroups=[Ref("SecurityGroup")], KeyName=Ref("KeyPair"), UserData=ud)) t.add_output( Output("InstancePublicIp", Description="Public IP of our instance.", Value=GetAtt("instance", "PublicIp"))) t.add_output( Output("WebUrl", Description="Application endpoint", Value=Join("", [ "http://", GetAtt("instance", "PublicDnsName"), ":", ApplicationPort ])))
"AMI": "ami-3e3be423" }, "ap-southeast-1": { "AMI": "ami-74dda626" }, "ap-northeast-1": { "AMI": "ami-dcfa4edd" } }) ec2_instance = template.add_resource( ec2.Instance( "Ec2Instance", ImageId='ami-25681456', InstanceType='t2.micro', KeyName='dev-ec2', SecurityGroupIds=["sg-8eec36e8"], # hard coded to glomex default sg SubnetId='subnet-b6eaa5d2', # hard coded to glomex subnet eu-west-1a UserData=Base64("80"), Tags=[ec2.Tag('Name', 'gcdt-test-ec2-ebs-tagging')])) template.add_output([ Output( "InstanceId", Description="InstanceId of the newly created EC2 instance", Value=Ref(ec2_instance), ), ]) def generate_template():
VpcId='vpc-cb0bf3af', GroupDescription='Allow SSH, HTTP and HTTPS', SecurityGroupIngress=ingress, SecurityGroupEgress=egress, Tags=Tags(Name='AmazonLinuxMachine SG', Application=Ref('AWS::StackName'))) ec2_instance = ec2.Instance( 'AmazonLinuxMachine', SecurityGroupIds=[Ref(amazon_linux_SG)], KeyName='tutorial-serverless', InstanceType='t2.micro', InstanceInitiatedShutdownBehavior='stop', DisableApiTermination=True, SubnetId='subnet-d9ed25af', Tags=Tags(Name='Amazon Linux Machine', Application=Ref('AWS::StackId'), Details='Created by Cloud Formation'), SourceDestCheck=False, ImageId='ami-f9dd458a', UserData=Base64( Join("", [ "#!/bin/bash\n", "yum install python27-devel python27-pip gcc", "yum install libjpeg-devel zlib-devel python-pip" "pip install -U pip", "pip install virtualenv" ]))) tutorial_images = Bucket('ttrserverlessimages', BucketName="ttrserverlessimages") tutorial_imagescover = Bucket('ttrserverlessimagescover', BucketName="ttrserverlessimagescover") tutorial_imagesprofile = Bucket('ttrserverlessimagesprofile',
t.add_resource( IAMPolicy( "Policy", PolicyName="AllowS3", PolicyDocument=Policy(Statement=[ Statement(Effect=Allow, Action=[Action("s3", "*")], Resource=["*" ]), Statement( Effect=Allow, Action=[Action("logs", "*")], Resource=["*"]) ]), Roles=[Ref("Role")])) t.add_resource( ec2.Instance("KubernetesMaster", ImageId="ami-8ec0e1f4", UserData=ud, InstanceType=Ref("InstanceType"), KeyName=Ref("KeyPair"), IamInstanceProfile=Ref("MasterInstanceProfile"), NetworkInterfaces=[ ec2.NetworkInterfaceProperty( GroupSet=[Ref("MasterNodes")], AssociatePublicIpAddress='false', SubnetId="subnet-d1c1d09a", DeviceIndex='0', ) ])) print t.to_json()
"sudo yum -y install java-1.8.0", "sudo yum -y remove java-1.7.0-openjdk", "curl --silent --location https://rpm.nodesource.com/setup_10.x | sudo bash -", "sudo yum -y install nodejs", "yum install --enablerepo=epel -y git", "pip install ansible", AnsiblePullCmd, "echo '*/10 * * * * root {}' > /etc/cron.d/ansible-pull".format(AnsiblePullCmd) ])) t.add_resource(ec2.Instance( "instance", ImageId="ami-976152f2", InstanceType="t2.micro", SecurityGroups=[Ref("SecurityGroup")], KeyName=Ref("KeyPair"), UserData=ud, Tags=PoCTags, )) t.add_output(Output( "InstancePublicIp", Description="Public IP of our instance.", Value=GetAtt("instance", "PublicIp"), )) t.add_output(Output( "WebUrl", Description="Application endpoint", Value=Join("", [
def create(): mydb = mysql.connector.connect(host="localhost", user="******", passwd="AmazingTheory62", database="cloud_formation") mycursor = mydb.cursor() mycursor.execute("SELECT * FROM ec2_table") myresult = (mycursor.fetchone()) sname = myresult[0] name = myresult[1] region = myresult[2] itype = myresult[3] vpc1 = myresult[4] subnet1 = myresult[5] #print(type(vpc1)) template = Template() keyname_param = template.add_parameter( Parameter("KeyName", Description="Name of an existing EC2 KeyPair to enable SSH " "access to the instance", Type="String", Default="jayaincentiuskey")) vpcid_param = template.add_parameter( Parameter( "VpcId", Description="VpcId of your existing Virtual Private Cloud (VPC)", Type="String", Default=vpc1)) subnetid_param = template.add_parameter( Parameter( "SubnetId", Description= "SubnetId of an existing subnet (for the primary network) in " "your Virtual Private Cloud (VPC)" "access to the instance", Type="String", Default=subnet1)) secondary_ip_param = template.add_parameter( Parameter( "SecondaryIPAddressCount", Description= "Number of secondary IP addresses to assign to the network " "interface (1-5)", ConstraintDescription="must be a number from 1 to 5.", Type="Number", Default="1", MinValue="1", MaxValue="5", )) sshlocation_param = template.add_parameter( Parameter( "SSHLocation", Description="The IP address range that can be used to SSH to the " "EC2 instances", Type="String", MinLength="9", MaxLength="18", Default="0.0.0.0/0", AllowedPattern="(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})" "/(\\d{1,2})", ConstraintDescription="must be a valid IP CIDR range of the " "form x.x.x.x/x.")) template.add_mapping('RegionMap', {"us-west-2": {"AMI": region}}) eip1 = template.add_resource(ec2.EIP( "EIP1", Domain="vpc", )) ssh_sg = template.add_resource( ec2.SecurityGroup( "SSHSecurityGroup", VpcId=Ref(vpcid_param), GroupDescription="Enable SSH access via port 22", SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="22", ToPort="22", CidrIp=Ref(sshlocation_param), ), ], )) eth0 = template.add_resource( ec2.NetworkInterface( "Eth0", Description="eth0", GroupSet=[ Ref(ssh_sg), ], SourceDestCheck=True, SubnetId=Ref(subnetid_param), Tags=Tags( Name="Interface 0", Interface="eth0", ), SecondaryPrivateIpAddressCount=Ref(secondary_ip_param), )) # eipassoc1 = template.add_resource(ec2.EIPAssociation( # "EIPAssoc1", # NetworkInterfaceId=Ref(eth0), # AllocationId=GetAtt("EIP1", "AllocationId"), # PrivateIpAddress=GetAtt("Eth0", "PrimaryPrivateIpAddress"), # )) ec2_instance = template.add_resource( ec2.Instance("EC2Instance", ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType=itype, KeyName=Ref(keyname_param), NetworkInterfaces=[ ec2.NetworkInterfaceProperty( NetworkInterfaceId=Ref(eth0), DeviceIndex="0", ), ], Tags=Tags(Name=name, ))) template.add_output([ Output( "InstanceId", Description="InstanceId of the newly created EC2 instance", Value=Ref(ec2_instance), ), Output( "EIP1", Description="Primary public IP address for Eth0", Value=Join( " ", ["IP address", Ref(eip1), "on subnet", Ref(subnetid_param)]), ), Output( "PrimaryPrivateIPAddress", Description="Primary private IP address of Eth0", Value=Join(" ", [ "IP address", GetAtt("Eth0", "PrimaryPrivateIpAddress"), "on subnet", Ref(subnetid_param) ]), ), Output( "FirstSecondaryPrivateIPAddress", Description="First secondary private IP address of Eth0", Value=Join(" ", [ "IP address", Select("0", GetAtt("Eth0", "SecondaryPrivateIpAddresses")), "on subnet", Ref(subnetid_param) ]), ), ]) print(template.to_json()) file = open('ec2json.json', 'w') file.write(template.to_json()) file.close() os.system('aws cloudformation create-stack --stack-name ' + sname + ' --template-body file://ec2json.json')
}, "sa-east-1": { "AMI": "ami-3e3be423" }, "ap-southeast-1": { "AMI": "ami-74dda626" }, "ap-northeast-1": { "AMI": "ami-dcfa4edd" } }) ec2_instance = template.add_resource( ec2.Instance("Ec2Instance", ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t1.micro", KeyName=Ref(keyname_param), SecurityGroups=["default"], UserData=Base64("80"))) template.add_output([ Output( "InstanceId", Description="InstanceId of the newly created EC2 instance", Value=Ref(ec2_instance), ), Output( "AZ", Description="Availability Zone of the newly created EC2 instance", Value=GetAtt(ec2_instance, "AvailabilityZone"), ), Output(
def main(): template = Template() template.add_version("2010-09-09") template.set_description( "AWS CloudFormation Sample Template: ELB with 2 EC2 instances") AddAMI(template) # Add the Parameters keyname_param = template.add_parameter( Parameter( "KeyName", Type="String", Default="mark", Description="Name of an existing EC2 KeyPair to " "enable SSH access to the instance", )) template.add_parameter( Parameter( "InstanceType", Type="String", Description="WebServer EC2 instance type", Default="m1.small", AllowedValues=[ "t1.micro", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "c1.medium", "c1.xlarge", "cc1.4xlarge", "cc2.8xlarge", "cg1.4xlarge" ], ConstraintDescription="must be a valid EC2 instance type.", )) webport_param = template.add_parameter( Parameter( "WebServerPort", Type="String", Default="8888", Description="TCP/IP port of the web server", )) apiport_param = template.add_parameter( Parameter( "ApiServerPort", Type="String", Default="8889", Description="TCP/IP port of the api server", )) subnetA = template.add_parameter( Parameter("subnetA", Type="String", Default="subnet-096fd06d")) subnetB = template.add_parameter( Parameter("subnetB", Type="String", Default="subnet-1313ef4b")) VpcId = template.add_parameter( Parameter("VpcId", Type="String", Default="vpc-82c514e6")) # Define the instance security group instance_sg = template.add_resource( ec2.SecurityGroup( "InstanceSecurityGroup", GroupDescription="Enable SSH and HTTP access on the inbound port", SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="22", ToPort="22", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( IpProtocol="tcp", FromPort=Ref(webport_param), ToPort=Ref(webport_param), CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( IpProtocol="tcp", FromPort=Ref(apiport_param), ToPort=Ref(apiport_param), CidrIp="0.0.0.0/0", ), ])) # Add the web server instance WebInstance = template.add_resource( ec2.Instance( "WebInstance", SecurityGroups=[Ref(instance_sg)], KeyName=Ref(keyname_param), InstanceType=Ref("InstanceType"), ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), UserData=Base64(Ref(webport_param)), )) # Add the api server instance ApiInstance = template.add_resource( ec2.Instance( "ApiInstance", SecurityGroups=[Ref(instance_sg)], KeyName=Ref(keyname_param), InstanceType=Ref("InstanceType"), ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), UserData=Base64(Ref(apiport_param)), )) # Add the application ELB ApplicationElasticLB = template.add_resource( elb.LoadBalancer("ApplicationElasticLB", Name="ApplicationElasticLB", Scheme="internet-facing", Subnets=[Ref(subnetA), Ref(subnetB)])) TargetGroupWeb = template.add_resource( elb.TargetGroup("TargetGroupWeb", HealthCheckIntervalSeconds="30", HealthCheckProtocol="HTTP", HealthCheckTimeoutSeconds="10", HealthyThresholdCount="4", Matcher=elb.Matcher(HttpCode="200"), Name="WebTarget", Port=Ref(webport_param), Protocol="HTTP", Targets=[ elb.TargetDescription(Id=Ref(WebInstance), Port=Ref(webport_param)) ], UnhealthyThresholdCount="3", VpcId=Ref(VpcId))) TargetGroupApi = template.add_resource( elb.TargetGroup("TargetGroupApi", HealthCheckIntervalSeconds="30", HealthCheckProtocol="HTTP", HealthCheckTimeoutSeconds="10", HealthyThresholdCount="4", Matcher=elb.Matcher(HttpCode="200"), Name="ApiTarget", Port=Ref(apiport_param), Protocol="HTTP", Targets=[ elb.TargetDescription(Id=Ref(ApiInstance), Port=Ref(apiport_param)) ], UnhealthyThresholdCount="3", VpcId=Ref(VpcId))) Listener = template.add_resource( elb.Listener("Listener", Port="80", Protocol="HTTP", LoadBalancerArn=Ref(ApplicationElasticLB), DefaultActions=[ elb.Action(Type="forward", TargetGroupArn=Ref(TargetGroupWeb)) ])) template.add_resource( elb.ListenerRule("ListenerRuleApi", ListenerArn=Ref(Listener), Conditions=[ elb.Condition(Field="path-pattern", Values=["/api/*"]) ], Actions=[ elb.Action(Type="forward", TargetGroupArn=Ref(TargetGroupApi)) ], Priority="1")) template.add_output( Output("URL", Description="URL of the sample website", Value=Join("", ["http://", GetAtt(ApplicationElasticLB, "DNSName")]))) print(template.to_json())
AmbariNode = t.add_resource( ec2.Instance( "AmbariNode", UserData=Base64( Join( "", my_bootstrap_script('AmbariNode', 'true', 'true', '127.0.0.1'))), ImageId=FindInMap("RHEL66", Ref("AWS::Region"), "AMI"), BlockDeviceMappings=If( "UseEBSBool", my_block_device_mappings_ebs(ref_disk_worker_ebs_diskcount, "/dev/sd", ref_disk_worker_ebs_volumesize, "gp2"), my_block_device_mappings_ephemeral(24, "/dev/sd")), CreationPolicy=CreationPolicy( ResourceSignal=ResourceSignal(Count=1, Timeout="PT30M")), KeyName=Ref(KeyName), IamInstanceProfile=Ref(AmbariInstanceProfile), InstanceType=Ref(InstanceType), NetworkInterfaces=[ ec2.NetworkInterfaceProperty( DeleteOnTermination="true", DeviceIndex="0", SubnetId=Ref(PublicSubnet), GroupSet=[Ref(AmbariSecurityGroup)], AssociatePublicIpAddress="true", ), ], ))
ec2.Instance( "HdsfServer", AvailabilityZone=Ref(az_param), ImageId=Ref(ami_param), InstanceType="m4.large", BlockDeviceMappings=[ ec2.BlockDeviceMapping("RootVolume", DeviceName='/dev/xvda', Ebs=ec2.EBSBlockDevice(VolumeSize=32)) ], # This doesn't work, but it seems like we need to fix a problem in # https://github.com/cloudtools/troposphere/blob/2dc788dbc89c15ce5984f9c40b143494336a2348/troposphere/ec2.py#L311 # It only works if the profile exists outside of the template # Til this is investigated you have to manually edit the generated json file and # remove the \" s IamInstanceProfile='{"Ref": "ServiceProfile"}', KeyName=Ref(keyname_param), SecurityGroups=[Ref(security_group)], UserData=Base64( Join("\n", [ "#!/bin/bash", "yum update -y", "amazon-linux-extras install docker", "service docker start", "usermod -a -G docker ec2-user", 'curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose', "chmod +x /usr/local/bin/docker-compose", "yum install -y git", "cat <<-EOL > /opt/start_server.sh", "git clone https://github.com/HDFGroup/hsds.git", "export AWS_S3_GATEWAY=http://s3.amazonaws.com", Join("", ["export BUCKET_NAME=", Ref(bucket_param)]), 'export HSDS_ENDPOINT=http://$(curl http://169.254.169.254/latest/meta-data/public-hostname)', Join("", ["export AWS_IAM_ROLE=", Ref(ServiceRole)]), "cd hsds", "mv admin/config/passwd.default admin/config/passwd.txt", "./runall.sh", "EOL", "chmod o+rx /opt/start_server.sh" ]))))
), ], )) ud = Base64( Join('\n', [ "#!/bin/bash", "yum install --enablerepo=epel -y git", "pip install ansible", AnsiblePullCmd, "echo '*/10 * * * * {}' > /etc/cron.d/ansible-pull".format( AnsiblePullCmd) ])) t.add_resource( ec2.Instance( "instance", ImageId="ami-a4c7edb2", InstanceType="t2.micro", SecurityGroups=[Ref("SecurityGroup")], KeyName=Ref("MyKeyPair"), UserData=ud, )) t.add_output( Output( "InstancePublicIp", Description="Public IP of our instance.", Value=GetAtt("instance", "PublicIp"), )) t.add_output( Output( "WebUrl", Description="Application endpoint",
delimiter = '' user_data_script = ( "#!/bin/bash\n", 'sudo yum update -y\n', 'wget https://packages.chef.io/files/stable/chefdk/2.5.3/sles/12/chefdk-2.5.3-1.sles12.x86_64.rpm\n', 'sudo rpm -Uvh chefdk-2.5.3-1.sles12.x86_64.rpm\n', 'rm chefdk-2.5.3-1.sles12.x86_64.rpm\n', 'sudo yum install git -y\n' ) ec2_instance = template.add_resource(ec2.Instance( "Ec2Instance", ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t2.micro", KeyName=Ref(keyname_param), SecurityGroups=Ref(security_groups_param), UserData=Base64(Join(delimiter, user_data_script)) )) template.add_output([ Output( "InstanceId", Description="InstanceId of the newly created EC2 instance", Value=Ref(ec2_instance), ), Output( "AZ", Description="Availability Zone of the newly created EC2 instance", Value=GetAtt(ec2_instance, "AvailabilityZone"),
FromPort = '22', ToPort = '22', CidrIp = '0.0.0.0/0' ), ec2.SecurityGroupRule( IpProtocol = 'tcp', FromPort = '80', ToPort = '80', CidrIp = Join('/', [Ref(ip_address), "32"]) ) ] ec2_instance = template.add_resource(ec2.Instance( "AsgardInstance", ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType=Ref(instance_type), KeyName=Ref(keyname), SecurityGroups=[Ref(sg)] )) template.add_output([ Output( "PublicIP", Description="Public IP address of the Asgard instance", Value=GetAtt(ec2_instance, "PublicIp"), ), Output( "PrivateIP", Description="Private IP address of the Asgard instance", Value=GetAtt(ec2_instance, "PrivateIp"), ),
), ], )) ud = Base64(Join('\n', [ "#!/bin/bash", "sudo yum install --enablerepo=epel -y nodejs", "wget http://bit.ly/2vESNuc -O /home/ec2-user/helloworld.js", "wget http://bit.ly/2vVvT18 -O /etc/init/helloworld.conf", "start helloworld" ])) t.add_resource(ec2.Instance( "instance", ImageId="ami-e21cc38c", InstanceType="t2.micro", SecurityGroups=[Ref("SecurityGroup")], KeyName=Ref("KeyPair"), UserData=ud, )) t.add_output(Output( "InstancePublicIp", Description="Public IP of our instance.", Value=GetAtt("instance", "PublicIp"), )) t.add_output(Output( "WebUrl", Description="Application endpoint", Value=Join("", [ "http://", GetAtt("instance", "PublicDnsName"),
] ) )) t.add_resource(InstanceProfile( "InstanceProfile", Path="/", Roles=[Ref("Role")] )) t.add_resource(ec2.Instance( "instance", ImageId="ami-cfe4b2b0", InstanceType="t2.micro", SecurityGroups=[Ref("SecurityGroup")], KeyName=Ref("KeyPair"), UserData=ud, IamInstanceProfile=Ref("InstanceProfile"), )) t.add_output(Output( "InstancePublicIp", Description="Public IP of our instance.", Value=GetAtt("instance", "PublicIp"), )) t.add_output(Output( "WebUrl", Description="Application endpoint", Value=Join("", [
Statement(Effect=Allow, Action=[AssumeRole], Principal=Principal("Service", ["ec2.amazonaws.com"])) ]))) """********Instance Profile *********""" t.add_resource( InstanceProfile("InstanceProfile", Path="/", Roles=[Ref("Role")])) """********EC2 Resource creation Creation""" t.add_resource( ec2.Instance( "instance", InstanceType="t2.micro", SecurityGroups=[Ref("TropoSecuritygroup")], ImageId="mi-a4c7edb2", KeyName=Ref("KeyPair"), UserData=ud, IamInstanceProfile=Ref("InstanceProfile"), )), t.add_output(Output( "myOutputPublicIP", Value=GetAtt("instance", "PublicIp"), )), t.add_output( Output( "PublicIPAddress", Value=GetAtt("instance", "PublicDnsName"), )), print t.to_json()
"ap-northeast-1": { "AMI": "ami-dcfa4edd" }, "ap-northeast-2": { "AMI": "ami-0d097db2fb6e0f05e" } }) ec2_instance = t.add_resource( ec2.Instance( "instance", ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t2.micro", KeyName=Ref(keyname_param), SecurityGroupIds=[Ref(security_param)], SubnetId=SubnetID, UserData=ud, IamInstanceProfile=Ref(cfninstanceprofile), Tags=[{ "Key": "Name", "Value": "codingTestServer" }], )) # GetAtt: Fn::GetAtt t.add_output([ Output( "InstanceId", Description="InstanceId of the newly created EC2 instance", Value=Ref(ec2_instance), ),
"#!/bin/bash", "sudo yum install --enablerepo=epel -y nodejs", "wget http://bit.ly/2vESNuc -O /home/ec2-user/helloworld.js", "wget http://bit.ly/2vVvT18 -O /etc/init/helloworld.conf", "start helloworld" ])) """ """[Modified jenkins] EC2 Resource creation Creation""" t.add_resource( ec2.Instance( 'troins', InstanceType='t2.micro', SecurityGroups=[Ref('trosecgro')], ImageId='ami-a4c7edb2', KeyName=Ref('keypair'), UserData=ud, IamInstanceProfile=Ref('InstanceProfile'), )) t.add_output( Output( "myOutputPublicIP", Value=GetAtt("instance", "PublicIp"), ) ), t.add_output( Output( "PublicIPAddress",
}, "ap-southeast-1": { "AMI": "ami-dc9339bf" }, "ap-southeast-2": { "AMI": "ami-1c47407f" }, "ap-northeast-1": { "AMI": "ami-56d4ad31" } }) ec2_instance = template.add_resource( ec2.Instance("Ec2Instance", ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t2.micro", KeyName=Ref(keyname_param), SecurityGroups=[Ref(securitygroup_param)], Tags=Tags(Name="Tropo1"))) template.add_output([ Output( "PublicIP", Description="Public IP address of the newly created EC2 instance", Value=GetAtt(ec2_instance, "PublicIp"), ), Output( "PublicDNS", Description="Public DNSName of the newly created EC2 instance", Value=GetAtt(ec2_instance, "PublicDnsName"), ) ])
t.add_resource( IAMPolicy( "Policy", PolicyName="AllowS3", PolicyDocument=Policy(Statement=[ Statement(Effect=Allow, Action=[Action("s3", "*")], Resource=["*"]) ]), )) t.add_resource( ec2.Instance( "instance", ImageId="ami-09ead922c1dad67e4", InstanceType="t2.micro", SecurityGroups=[Ref("SecurityGroup")], KeyName=Ref("KeyPair"), UserData=ud, IamInstanceProfile=Ref("InstanceProfile"), )) t.add_output( Output( "InstancePublicIp", Description="Public IP of our instance.", Value=GetAtt("instance", "PublicIp"), )) t.add_output( Output( "WebUrl",
import troposphere.ec2 as ec2 # Incorrect property being set on AWS resource instance = ec2.Instance("ec2instance", image="i-XXXX") # Incorrect type for AWS resource property #instance = ec2.Instance("ec2instance", ImageId=1) # uncomment and comment line above run when ready #instance = ec2.Instance("ec2instance", ImageId="ami-sadljf3") from troposphere import Template t = Template() t.add_resource(instance) print(t.to_json())
], )) ud = Base64( Join('\n', [ "#!/bin/bash", "sudo yum install --enablerepo=epel -y nodejs", "wget http://bit.ly/2vESNuc -O /home/ec2-user/helloworld.js", "wget http://bit.ly/2vVvT18 -O /etc/init/helloworld.conf", "start helloworld" ])) t.add_resource( ec2.Instance( "instance", ImageId="ami-0d097db2fb6e0f05e", InstanceType="t2.micro", SecurityGroups=[Ref("SecurityGroup")], KeyName=Ref("KeyPair"), UserData=ud, )) t.add_output( Output( "InstancePublicIp", Description="Public IP of our instance.", Value=GetAtt("instance", "PublicIp"), )) t.add_output( Output( "WebUrl", Description="Application endpoint",