Ejemplos de SecurityGroupRule en Python

Ejemplo n.º 1

Archivo: scalability_vpc.py Proyecto: mahesh152/gideon

def createCouchbaseSecurityGroups(t, vpc):

    # Couchbase security group
    secGrpCouchbase = ec2.SecurityGroup('CouchbaseSecurityGroup')
    secGrpCouchbase.GroupDescription = "Allow access to Couchbase Server"
    secGrpCouchbase.VpcId = Ref(vpc)
    secGrpCouchbase.SecurityGroupIngress = [
        ec2.SecurityGroupRule(
            IpProtocol="tcp",
            FromPort="22",
            ToPort="22",
            CidrIp="0.0.0.0/0",
        ),
        ec2.SecurityGroupRule(
            IpProtocol="tcp",
            FromPort="8091",
            ToPort="8091",
            CidrIp="0.0.0.0/0",
        ),
        ec2.SecurityGroupRule(
            IpProtocol="tcp",
            FromPort="8092",
            ToPort="8092",
            CidrIp="0.0.0.0/0",
        ),
        ec2.SecurityGroupRule(  # sync gw user port
            IpProtocol="tcp",
            FromPort="4984",
            ToPort="4984",
            CidrIp="0.0.0.0/0",
        ),
        ec2.SecurityGroupRule(  # sync gw admin port
            IpProtocol="tcp",
            FromPort="4985",
            ToPort="4985",
            CidrIp="0.0.0.0/0",
        ),
        ec2.SecurityGroupRule(  # expvars
            IpProtocol="tcp",
            FromPort="9876",
            ToPort="9876",
            CidrIp="0.0.0.0/0",
        )
    ]

    # Add security group to template
    t.add_resource(secGrpCouchbase)

    cbIngressPorts = [
        {
            "FromPort": "4369",
            "ToPort": "4369"
        },  # couchbase server
        {
            "FromPort": "5984",
            "ToPort": "5984"
        },  # couchbase server
        {
            "FromPort": "11209",
            "ToPort": "11209"
        },  # couchbase server 
        {
            "FromPort": "11210",
            "ToPort": "11210"
        },  # couchbase server
        {
            "FromPort": "11211",
            "ToPort": "11211"
        },  # couchbase server
        {
            "FromPort": "21100",
            "ToPort": "21299"
        },  # couchbase server
    ]

    for cbIngressPort in cbIngressPorts:
        from_port = cbIngressPort["FromPort"]
        to_port = cbIngressPort["ToPort"]
        name = 'CouchbaseSecurityGroupIngress{}'.format(from_port)
        secGrpCbIngress = ec2.SecurityGroupIngress(name)
        secGrpCbIngress.GroupId = GetAtt(secGrpCouchbase, 'GroupId')
        secGrpCbIngress.IpProtocol = "tcp"
        secGrpCbIngress.FromPort = from_port
        secGrpCbIngress.ToPort = to_port
        secGrpCbIngress.SourceSecurityGroupId = GetAtt(secGrpCouchbase,
                                                       'GroupId')
        t.add_resource(secGrpCbIngress)

    return secGrpCouchbase

Ejemplo n.º 2

Archivo: jenkins-cf-template.py Proyecto: miraai/EffectiveDevOpsTemplates

t.add_parameter(
    Parameter(
        "KeyPair",
        Description="Name od an existing EC2 KeyPair to SSH",
        Type="AWS::EC2::KeyPair::KeyName",
        ConstraintDescription="Must be the name of an existing EC2 KeyPair.",
    ))

t.add_resource(
    ec2.SecurityGroup(
        "SecurityGroup",
        GroupDescription="Allow SSH and TCP/{} access".format(APP_PORT),
        SecurityGroupIngress=[
            ec2.SecurityGroupRule(  #SSH connection
                IpProtocol="tcp",
                FromPort="22",
                ToPort="22",
                CidrIp=public_cidr_ip,  # Connect from the local IP
            ),
            ec2.SecurityGroupRule(  #TCP connection
                IpProtocol="tcp",
                FromPort=APP_PORT,
                ToPort=APP_PORT,
                CidrIp="0.0.0.0/0",
            ),
        ],
    ))

ud = Base64(
    Join('\n', [
        "#!/bin/bash", "yum install --enablerepo=epel -y git",
        "pip install ansible", ansible_pull_cmd,

Ejemplo n.º 3

    MinValue="5",
    MaxValue="1024",
    ConstraintDescription="must be between 5 and 1024Gb.",
))


db_security_group = ec2.SecurityGroup(
    'DatabaseSecurityGroup',
    template=template,
    GroupDescription="Database security group.",
    VpcId=Ref(vpc),
    SecurityGroupIngress=[
        # Postgres in from web clusters
        ec2.SecurityGroupRule(
            IpProtocol="tcp",
            FromPort="5432",
            ToPort="5432",
            CidrIp=container_a_subnet_cidr,
        ),
        ec2.SecurityGroupRule(
            IpProtocol="tcp",
            FromPort="5432",
            ToPort="5432",
            CidrIp=container_b_subnet_cidr,
        ),
    ],
)


db_subnet_group = rds.DBSubnetGroup(
    "DatabaseSubnetGroup",
    template=template,

Ejemplo n.º 4

Archivo: tiler.py Proyecto: maurizi/model-my-watershed

    def create_security_groups(self):
        tile_server_lb_security_group_name = 'sgTileServerLoadBalancer'

        tile_server_lb_security_group = self.add_resource(ec2.SecurityGroup(
            tile_server_lb_security_group_name,
            GroupDescription='Enables access to tile servers via a load '
                             'balancer',
            VpcId=Ref(self.vpc_id),
            SecurityGroupIngress=[
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', CidrIp=ALLOW_ALL_CIDR, FromPort=p,
                    ToPort=p
                )
                for p in [HTTP]
            ],
            SecurityGroupEgress=[
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p
                )
                for p in [HTTP]
            ],
            Tags=self.get_tags(Name=tile_server_lb_security_group_name)
        ))

        tile_server_security_group_name = 'sgTileServer'

        tile_server_security_group = self.add_resource(ec2.SecurityGroup(
            tile_server_security_group_name,
            DependsOn='sgTileServerLoadBalancer',
            GroupDescription='Enables access to tile servers',
            VpcId=Ref(self.vpc_id),
            SecurityGroupIngress=[
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p
                )
                for p in [SSH, HTTP]
            ] + [
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', SourceSecurityGroupId=Ref(sg),
                    FromPort=HTTP, ToPort=HTTP
                )
                for sg in [tile_server_lb_security_group]
            ],
            SecurityGroupEgress=[
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p
                )
                for p in [GRAPHITE, POSTGRESQL, REDIS, STATSITE, RELP]
            ] + [
                ec2.SecurityGroupRule(
                    IpProtocol='udp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p
                )
                for p in [STATSITE]
            ] + [
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', CidrIp=ALLOW_ALL_CIDR, FromPort=p,
                    ToPort=p
                )
                for p in [HTTP, HTTPS]
            ],
            Tags=self.get_tags(Name=tile_server_security_group_name)
        ))

        return tile_server_lb_security_group, tile_server_security_group

Ejemplo n.º 5

key_name = t.add_parameter(
    Parameter(
        'KeyName',
        Type='AWS::EC2::KeyPair::KeyName',
        Description='Name of an existing EC2 KeyPair to enable SSH access'))

ami_id = t.add_parameter(
    Parameter('AmiId', Type='String', Default='ami-98aa1cf0'))

security_group = t.add_resource(
    ec2.SecurityGroup('SecurityGroup',
                      GroupDescription='Allows SSH access from anywhere',
                      SecurityGroupIngress=[
                          ec2.SecurityGroupRule(IpProtocol='tcp',
                                                FromPort=22,
                                                ToPort=22,
                                                CidrIp='0.0.0.0/0')
                      ],
                      Tags=Tags(Name='ops.cfninit-sg')))

ec2_instance = t.add_resource(
    ec2.Instance(
        'Ec2Instance',
        ImageId=Ref(ami_id),
        InstanceType='t1.micro',
        KeyName=Ref(key_name),
        SecurityGroups=[Ref(security_group)],
        IamInstanceProfile='PullCredentials',
        UserData=Base64(
            Join('', [
                '#!/bin/bash\n', 'sudo apt-get update\n',

Ejemplo n.º 6

Archivo: ac3.py Proyecto: ghac3/cfwp

# This is the Test condition we use later on in an If() test to control the differences between Prod and Dev
# We assume a development stack by default. This does force some Parameters to be ignored. There is probably a
# cleaner way to do this but in light of not refactoring the entire thing, we'll have to live with it being a bit
# clunky.
template.add_condition('IsProd', Equals(Ref('pEnvironment'), "production"))

# This is the Security group that allows HTTP, SSH and ICMP
# This is probably not very secure and could probably be scraped or narrowed.
wpsg = template.add_resource(
    ec2.SecurityGroup('Access',
                      VpcId=Ref('pVPCID'),
                      GroupDescription='SSH/Ping Access',
                      SecurityGroupIngress=[
                          ec2.SecurityGroupRule(IpProtocol='tcp',
                                                FromPort='80',
                                                ToPort='80',
                                                CidrIp='0.0.0.0/0'),
                          ec2.SecurityGroupRule(IpProtocol='tcp',
                                                FromPort='22',
                                                ToPort='22',
                                                CidrIp='0.0.0.0/0'),
                          ec2.SecurityGroupRule(IpProtocol='icmp',
                                                FromPort='-1',
                                                ToPort='-1',
                                                CidrIp='0.0.0.0/0')
                      ],
                      Tags=create_tags(base_tags, 'SshAndPingAccess')))

# This is the Security Group for the LB. Allows port 80
lbsg = template.add_resource(
    ec2.SecurityGroup('ELBSG',

Ejemplo n.º 7

Archivo: NetworkLB.py Proyecto: zully/troposphere

def main():
    template = Template()
    template.add_version("2010-09-09")

    template.set_description(
        "AWS CloudFormation Sample Template: NLB with 1 EC2 instance")

    AddAMI(template)

    # Add the Parameters
    keyname_param = template.add_parameter(
        Parameter(
            "KeyName",
            Type="String",
            Default="mark",
            Description="Name of an existing EC2 KeyPair to "
            "enable SSH access to the instance",
        ))

    template.add_parameter(
        Parameter(
            "InstanceType",
            Type="String",
            Description="WebServer EC2 instance type",
            Default="m1.small",
            AllowedValues=[
                "t1.micro", "m1.small", "m1.medium", "m1.large", "m1.xlarge",
                "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "c1.medium",
                "c1.xlarge", "cc1.4xlarge", "cc2.8xlarge", "cg1.4xlarge"
            ],
            ConstraintDescription="must be a valid EC2 instance type.",
        ))

    webport_param = template.add_parameter(
        Parameter(
            "WebServerPort",
            Type="String",
            Default="8888",
            Description="TCP/IP port of the web server",
        ))

    subnetA = template.add_parameter(
        Parameter("subnetA", Type="String", Default="subnet-096fd06d"))

    subnetB = template.add_parameter(
        Parameter("subnetB", Type="String", Default="subnet-1313ef4b"))

    VpcId = template.add_parameter(
        Parameter("VpcId", Type="String", Default="vpc-82c514e6"))

    # Define the instance security group
    instance_sg = template.add_resource(
        ec2.SecurityGroup(
            "InstanceSecurityGroup",
            GroupDescription="Enable SSH and HTTP access on the inbound port",
            SecurityGroupIngress=[
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="22",
                    ToPort="22",
                    CidrIp="0.0.0.0/0",
                ),
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort=Ref(webport_param),
                    ToPort=Ref(webport_param),
                    CidrIp="0.0.0.0/0",
                ),
            ]))

    eipA = template.add_resource(ec2.EIP(
        'eipA',
        Domain='vpc',
    ))

    eipB = template.add_resource(ec2.EIP(
        'eipB',
        Domain='vpc',
    ))

    # Add the web server instance
    WebInstance = template.add_resource(
        ec2.Instance(
            "WebInstance",
            SecurityGroups=[Ref(instance_sg)],
            KeyName=Ref(keyname_param),
            InstanceType=Ref("InstanceType"),
            ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
            UserData=Base64(Ref(webport_param)),
        ))

    # Add the network LB
    NetworkLB = template.add_resource(
        elb.LoadBalancer(
            "NetworkLB",
            Name="NetworkLB",
            Scheme="internet-facing",
            SubnetMappings=[
                elb.SubnetMapping(AllocationId=GetAtt(eipA, 'AllocationId'),
                                  SubnetId=Ref(subnetA)),
                elb.SubnetMapping(AllocationId=GetAtt(eipB, 'AllocationId'),
                                  SubnetId=Ref(subnetB))
            ],
            Type='network'))

    TargetGroupWeb = template.add_resource(
        elb.TargetGroup("TargetGroupWeb",
                        HealthCheckIntervalSeconds="30",
                        HealthCheckProtocol="HTTP",
                        HealthCheckTimeoutSeconds="10",
                        HealthyThresholdCount="4",
                        Matcher=elb.Matcher(HttpCode="200"),
                        Name="WebTarget",
                        Port=Ref(webport_param),
                        Protocol="HTTP",
                        Targets=[
                            elb.TargetDescription(Id=Ref(WebInstance),
                                                  Port=Ref(webport_param))
                        ],
                        UnhealthyThresholdCount="3",
                        VpcId=Ref(VpcId)))

    template.add_resource(
        elb.Listener("Listener",
                     Port="80",
                     Protocol="HTTP",
                     LoadBalancerArn=Ref(NetworkLB),
                     DefaultActions=[
                         elb.Action(Type="forward",
                                    TargetGroupArn=Ref(TargetGroupWeb))
                     ]))

    template.add_output(
        Output("URL",
               Description="URL of the sample website",
               Value=Join("",
                          ["http://", GetAtt(NetworkLB, "DNSName")])))

    print(template.to_json())

Ejemplo n.º 8

Archivo: step-jenkins.py Proyecto: xshyamx/MiddlewareHackathon

def GenerateStepJenkinsLayer():
    t = Template()

    t.add_description("""\
    Jenkins for Step Hackathon Layer
    """)

    stackname_param = t.add_parameter(
        Parameter(
            "StackName",
            Description="Environment Name (default: hackathon)",
            Type="String",
            Default="hackathon",
        ))

    vpcid_param = t.add_parameter(
        Parameter(
            "VpcId",
            Type="String",
            Description="VpcId of your existing Virtual Private Cloud (VPC)",
            Default="vpc-fab00e9f"))

    subnets = t.add_parameter(
        Parameter(
            "Subnets",
            Type="CommaDelimitedList",
            Description=(
                "The list SubnetIds, for public subnets in the "
                "region and in your Virtual Private Cloud (VPC) - minimum one"
            ),
            Default="subnet-b68f3bef,subnet-9a6208ff,subnet-bfdd4fc8"))

    keypair_param = t.add_parameter(
        Parameter("KeyPair",
                  Description="Name of an existing EC2 KeyPair to enable SSH "
                  "access to the instance",
                  Type="String",
                  Default="glueteam"))

    jenkins_ami_id_param = t.add_parameter(
        Parameter("JenkinsAmiId",
                  Description="Jenkins server AMI ID (default: ami-f3641a84)",
                  Type="String",
                  Default="ami-f3641a84"))

    operations_subdomain_hosted_zone_param = t.add_parameter(
        Parameter("DashsoftHostedZoneParam",
                  Description="HostedZone (default: hackathon.operations.dk)",
                  Type="String",
                  Default="hackathon.operations.dk"))

    iam_role_param = t.add_parameter(
        Parameter(
            "IamRole",
            Description="IAM Role name",
            Type="String",
        ))

    # --------- Jenkins instance

    jenkins_sg = t.add_resource(
        ec2.SecurityGroup(
            'JenkinsSG',
            GroupDescription='Security group for Jenkins host',
            VpcId=Ref(vpcid_param),
            Tags=Tags(Name=Join("", [Ref(stackname_param), "SG"])),
            SecurityGroupIngress=[
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="22",
                    ToPort="22",
                    CidrIp="0.0.0.0/0",
                ),
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="80",
                    ToPort="80",
                    CidrIp="0.0.0.0/0",
                ),
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="443",
                    ToPort="443",
                    CidrIp="0.0.0.0/0",
                ),
            ]))

    jenkins_eip = t.add_resource(ec2.EIP(
        'JenkinsEIP',
        Domain='vpc',
    ))

    jenkins_eth0 = t.add_resource(
        ec2.NetworkInterface(
            "JenkinsEth0",
            Description=Join("", [Ref(stackname_param), " Eth0"]),
            GroupSet=[
                Ref(jenkins_sg),
            ],
            SourceDestCheck=True,
            SubnetId=Select(0, Ref(subnets)),
            Tags=Tags(
                Name=Join("", [Ref(stackname_param), " Interface 0"]),
                Interface="eth0",
            )))

    jenkins_host = t.add_resource(
        ec2.Instance(
            'JenkinsHost',
            ImageId=Ref(jenkins_ami_id_param),
            InstanceType='m3.medium',
            KeyName=Ref(keypair_param),
            IamInstanceProfile=Ref(iam_role_param),
            NetworkInterfaces=[
                ec2.NetworkInterfaceProperty(
                    NetworkInterfaceId=Ref(jenkins_eth0),
                    DeviceIndex="0",
                ),
            ],
            Tags=Tags(Name=Ref(stackname_param), Id=Ref(stackname_param)),
            UserData=Base64(Join('', [
                '#!/bin/bash\n',
            ])),
        ))

    jenkins_eip_assoc = t.add_resource(
        ec2.EIPAssociation(
            "JenkinsEIPAssoc",
            NetworkInterfaceId=Ref(jenkins_eth0),
            AllocationId=GetAtt("JenkinsEIP", "AllocationId"),
            PrivateIpAddress=GetAtt("JenkinsEth0", "PrimaryPrivateIpAddress"),
        ))

    jenkins_host_cname = t.add_resource(
        route53.RecordSetType(
            "JenkinsHostCname",
            HostedZoneName=Join(
                "", [Ref(operations_subdomain_hosted_zone_param), "."]),
            Comment=Join("", ["Jenkins host CNAME for ",
                              Ref(stackname_param)]),
            Name=Join(
                "",
                ["jenkins.",
                 Ref(operations_subdomain_hosted_zone_param), "."]),
            Type="A",
            TTL="60",
            ResourceRecords=[GetAtt("JenkinsHost", "PublicIp")],
            DependsOn="JenkinsEIPAssoc"))

    return t

Ejemplo n.º 9

        DBSubnetGroupDescription='Created from the RDS Management Console',
        DBSubnetGroupName='default-vpc-0e12e822c1e5549cf',
        SubnetIds=['subnet-08d3101feec0e17da', 'subnet-0c86eeb5d3ab2e031']))

RDSDBSecurityGroup = template.add_resource(
    rds.DBSecurityGroup('RDSDBSecurityGroup',
                        GroupDescription=Ref(ECSCluster)))

EC2SecurityGroup = template.add_resource(
    ec2.SecurityGroup('EC2SecurityGroup',
                      GroupDescription='2020-02-23T21:47:44.823Z',
                      GroupName='ws-cur-1498',
                      VpcId='vpc-0e12e822c1e5549cf',
                      SecurityGroupIngress=[
                          ec2.SecurityGroupRule(CidrIp='0.0.0.0/0',
                                                FromPort=80,
                                                IpProtocol='tcp',
                                                ToPort=80),
                          ec2.SecurityGroupRule(CidrIp='0.0.0.0/0',
                                                FromPort=8100,
                                                IpProtocol='tcp',
                                                ToPort=8100)
                      ],
                      SecurityGroupEgress=[
                          ec2.SecurityGroupRule(CidrIp='0.0.0.0/0',
                                                IpProtocol='-1')
                      ]))

EC2SecurityGroup2 = template.add_resource(
    ec2.SecurityGroup(
        'EC2SecurityGroup2',
        GroupDescription=

Ejemplo n.º 10

Archivo: vpnserver-cf-template.py Proyecto: AlexandrTsurkan/EffectiveDevOpsTemplates

t.add_parameter(Parameter("VpcId", Type="AWS::EC2::VPC::Id",
                          Description="VPC"))

t.add_parameter(
    Parameter("PublicSubnet",
              Description="PublicSubnet",
              Type="List<AWS::EC2::Subnet::Id>",
              ConstraintDescription="PublicSubnet"))

t.add_resource(
    ec2.SecurityGroup("VPNSecurityGroup",
                      GroupDescription="SoftEther security group",
                      SecurityGroupIngress=[
                          ec2.SecurityGroupRule(
                              IpProtocol="udp",
                              FromPort="4500",
                              ToPort="4500",
                              CidrIp="0.0.0.0/0",
                          ),
                          ec2.SecurityGroupRule(
                              IpProtocol="udp",
                              FromPort="500",
                              ToPort="500",
                              CidrIp="0.0.0.0/0",
                          ),
                          ec2.SecurityGroupRule(
                              IpProtocol="tcp",
                              FromPort="443",
                              ToPort="443",
                              CidrIp="0.0.0.0/0",
                          )
                      ],

Ejemplo n.º 11

from troposphere import Ref, Template, Parameter, Join, GetAtt
import troposphere.ec2 as ec2

t = template()
#Securi group
sg = ec2.SecurityGroup("LampSg")
sg.GroupDescription = "Allou access thought ports 88 and 22"
sg.securityGroupIngress = [
	ec2.SecurityGroupRule(IpProtocol = "tcp", fromPort = "22", toPort = "22", CidrIp = "0.0.0.0/0")
	,ec2.SecurityGroupRule(IpProtocol = "tcp", fromPort = "88", toPort = "70", CidrIp = "0.0.0.0/0")

]
t.add_resource(sg);
print(t.to_json)
#AmiID

Ejemplo n.º 12

Archivo: ha_cluster.py Proyecto: stocktwits/cloudformation-environmentbase

    def add_security_groups(self):
        """
        Wrapper method to encapsulate process of creating security groups for this tier
        Creates security groups for both ASG and ELB and opens the ports between them
        Sets self.security_groups as a dictionary with two security_groups: ha_cluster and elb
        """

        elb_sg_ingress_rules = []

        if self.allow_default_ingress:
            # Determine ingress rules for ELB security -- open to internet for internet-facing ELB, open to VPC for internal ELB
            access_cidr = PUBLIC_ACCESS_CIDR if self.elb_scheme == SCHEME_INTERNET_FACING else self.vpc_cidr

            # Add the ingress rules to the ELB security group
            for elb_port in [
                    listener.get('elb_port') for listener in self.elb_listeners
            ]:
                elb_sg_ingress_rules.append(
                    ec2.SecurityGroupRule(FromPort=elb_port,
                                          ToPort=elb_port,
                                          IpProtocol='tcp',
                                          CidrIp=access_cidr))

        # Create the ELB security group and attach the ingress rules
        elb_sg_name = '%sElbSecurityGroup' % self.name
        elb_sg = self.add_resource(
            ec2.SecurityGroup(elb_sg_name,
                              GroupDescription='Security group for %s ELB' %
                              self.name,
                              VpcId=self.vpc_id,
                              SecurityGroupIngress=elb_sg_ingress_rules))

        # Create the ASG security group
        ha_cluster_sg_name = '%sSecurityGroup' % self.name
        ha_cluster_sg = self.add_resource(
            ec2.SecurityGroup(ha_cluster_sg_name,
                              GroupDescription='Security group for %s' %
                              self.name,
                              VpcId=self.vpc_id))

        # Create the reciprocal rules between the ELB and the ASG for all instance ports
        # NOTE: The condition in the list comprehension exists because elb_port is used as a default when instance_port is not specified
        cluster_sg_ingress_ports = {
            listener.get('instance_port')
            if listener.get('instance_port') else listener.get('elb_port')
            for listener in self.elb_listeners
        }

        # Also add the health check port to the security group rules
        if self.elb_health_check_port:
            cluster_sg_ingress_ports.add(self.elb_health_check_port)

        for cluster_sg_ingress_port in cluster_sg_ingress_ports:
            self.create_reciprocal_sg(elb_sg,
                                      elb_sg_name,
                                      ha_cluster_sg,
                                      ha_cluster_sg_name,
                                      from_port=cluster_sg_ingress_port)

        self.security_groups = {'ha_cluster': ha_cluster_sg, 'elb': elb_sg}

        return self.security_groups

Ejemplo n.º 13

    ec2.SubnetRouteTableAssociation("SubnetRouteTableAssociation1",
                                    SubnetId=Ref(subnet_1),
                                    RouteTableId=Ref(public_route_table)))

subnet_route_table_association_2 = template.add_resource(
    ec2.SubnetRouteTableAssociation("SubnetRouteTableAssociation2",
                                    SubnetId=Ref(subnet_2),
                                    RouteTableId=Ref(public_route_table)))

security_group = template.add_resource(
    ec2.SecurityGroup("SecurityGroup",
                      GroupDescription="SecurityGroup",
                      VpcId=Ref(vpc),
                      SecurityGroupIngress=[
                          ec2.SecurityGroupRule(IpProtocol="tcp",
                                                FromPort=53,
                                                ToPort=53,
                                                CidrIp="0.0.0.0/0"),
                          ec2.SecurityGroupRule(IpProtocol="udp",
                                                FromPort=53,
                                                ToPort=53,
                                                CidrIp="0.0.0.0/0"),
                          ec2.SecurityGroupRule(IpProtocol="tcp",
                                                FromPort=80,
                                                ToPort=80,
                                                CidrIp="0.0.0.0/0")
                      ],
                      Tags=ec2.Tags(Name="euca.me")))

role = template.add_resource(
    iam.Role("Role",
             AssumeRolePolicyDocument=Policy(

Ejemplo n.º 14

Archivo: jmeter.py Proyecto: fibonascii/cloud-automation

    def add_resources(self):
        self.MasterPublicLBSG = self.template.add_resource(
            ec2.SecurityGroup(
                "MasterPublicLBSG",
                GroupDescription="Loadbalancer SG For Jmeter Public",
                VpcId=Ref(self.VpcId),
                SecurityGroupIngress=[
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=22,
                        ToPort=22,
                        CidrIp=Ref(self.AdminCidrBlock),
                    ),
                ],
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-JMeterMasterPublicLBSG"),
            ))

        self.MasterEc2SG = self.template.add_resource(
            ec2.SecurityGroup(
                "MasterEc2SG",
                GroupDescription=
                "Allow communication between Rest Api Load Balancers and Rest Api Ec2s",
                VpcId=Ref(self.VpcId),
                SecurityGroupIngress=[
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=22,
                        ToPort=22,
                        SourceSecurityGroupId=Ref(self.MasterPublicLBSG),
                    ),
                ],
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-JMeterMasterEC2InstanceSG"),
            ))

        self.SlavePublicLBSG = self.template.add_resource(
            ec2.SecurityGroup(
                "SlavePublicLBSG",
                GroupDescription=
                "Security Group for Private JMeter Slave Load Balancer",
                VpcId=Ref(self.VpcId),
                SecurityGroupIngress=[
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=22,
                        ToPort=22,
                        SourceSecurityGroupId=Ref(self.MasterEc2SG),
                    ),
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=24000,
                        ToPort=26999,
                        SourceSecurityGroupId=Ref(self.MasterEc2SG),
                    ),
                ],
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-JMeterSlavePublicLBSG"),
            ))

        self.SlaveEc2SG = self.template.add_resource(
            ec2.SecurityGroup(
                "SlaveEc2SG",
                GroupDescription=
                "Security Group for Private JMeter Slave Load Balancer",
                VpcId=Ref(self.VpcId),
                SecurityGroupIngress=[
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=22,
                        ToPort=22,
                        SourceSecurityGroupId=Ref(self.SlavePublicLBSG),
                    ),
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=22,
                        ToPort=22,
                        SourceSecurityGroupId=Ref(self.MasterEc2SG),
                    ),
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=24000,
                        ToPort=26999,
                        SourceSecurityGroupId=Ref(self.SlavePublicLBSG),
                    ),
                ],
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-JMeterSlaveEC2InstanceSG"),
            ))

        self.SlaveSGInterNodeCommunicationIngress = self.template.add_resource(
            ec2.SecurityGroup(
                "SlaveSGInterNodeCommunicationIngress",
                GroupDescription=
                "Security Group for Private JMeter Slave Load Balancer",
                VpcId=Ref(self.VpcId),
                SecurityGroupIngress=[
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=22,
                        ToPort=22,
                        SourceSecurityGroupId=Ref(self.SlaveEc2SG),
                    ),
                ],
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-JMeterSlaveNodeCommuncationSG"),
            ))

        self.MasterPublicLoadBalancer = self.template.add_resource(
            elasticloadbalancing.LoadBalancer(
                "MasterPublicLoadBalancer",
                LoadBalancerName=self.
                environment_parameters["ClientEnvironmentKey"] +
                "-JMeterMasterPubELB",
                Scheme="internet-facing",
                Listeners=[
                    elasticloadbalancing.Listener(LoadBalancerPort="22",
                                                  InstancePort="22",
                                                  Protocol="TCP",
                                                  InstanceProtocol="TCP")
                ],
                Instances=[],
                SecurityGroups=[Ref(self.MasterPublicLBSG)],
                Subnets=[Ref(self.RESTPubSubnet1)],
                CrossZone=True,
                HealthCheck=elasticloadbalancing.HealthCheck(
                    Target=Join("", ["TCP:", "22"]),
                    HealthyThreshold="3",
                    UnhealthyThreshold="10",
                    Interval="10",
                    Timeout="5",
                ),
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-JMeterMasterPublicLB"),
            ))

        self.SlavePublicLoadBalancer = self.template.add_resource(
            elasticloadbalancing.LoadBalancer(
                "SlavePublicLoadBalancer",
                LoadBalancerName=self.
                environment_parameters["ClientEnvironmentKey"] +
                "-JMeterSlavePubELB",
                Scheme="internet-facing",
                Listeners=[
                    elasticloadbalancing.Listener(LoadBalancerPort="22",
                                                  InstancePort="22",
                                                  Protocol="TCP",
                                                  InstanceProtocol="TCP")
                ],
                Instances=[],
                SecurityGroups=[Ref(self.SlavePublicLBSG)],
                Subnets=[Ref(self.RESTPrivSubnet1)],
                CrossZone=True,
                HealthCheck=elasticloadbalancing.HealthCheck(
                    Target=Join("", ["TCP:", "22"]),
                    HealthyThreshold="3",
                    UnhealthyThreshold="10",
                    Interval="10",
                    Timeout="5",
                ),
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-JMeterSlavePublicLB"),
            ))

        self.MasterLaunchConfiguration = self.template.add_resource(
            LaunchConfiguration(
                "MasterLaunchConfiguration",
                ImageId=Ref(self.JmeterMasterImageId),
                InstanceType=Ref(self.MasterInstanceType),
                IamInstanceProfile=Ref(self.IAMInstanceProfile),
                KeyName=Ref(self.ServerKeyName),
                SecurityGroups=[Ref(self.MasterEc2SG)],
            ))

        self.MasterAutoScalingGroup = self.template.add_resource(
            AutoScalingGroup(
                "MasterAutoScaling",
                AutoScalingGroupName=self.
                environment_parameters["ClientEnvironmentKey"] +
                "-JMeterMasterAutoScalingGroup",
                LaunchConfigurationName=Ref(self.MasterLaunchConfiguration),
                LoadBalancerNames=[Ref(self.MasterPublicLoadBalancer)],
                MaxSize="1",
                MinSize="1",
                DesiredCapacity="1",
                VPCZoneIdentifier=[
                    Ref(self.RESTPubSubnet1),
                    Ref(self.RESTPubSubnet2)
                ],
                Tags=[
                    AutoScalingTag(
                        "Name",
                        self.environment_parameters["ClientEnvironmentKey"] +
                        "-JMeterMasterEC2", True),
                    AutoScalingTag(
                        "Environment",
                        self.environment_parameters["EnvironmentName"], True),
                    AutoScalingTag(
                        "ResourceOwner",
                        self.environment_parameters["ResourceOwner"], True),
                    AutoScalingTag("ClientCode",
                                   self.environment_parameters["ClientCode"],
                                   True),
                ],
            ))

        self.SlaveLaunchConfiguration = self.template.add_resource(
            LaunchConfiguration(
                "SlaveLaunchConfiguration",
                ImageId=Ref(self.JMeterSlaveImageId),
                InstanceType=Ref(self.SlaveInstanceType),
                IamInstanceProfile=Ref(self.IAMInstanceProfile),
                KeyName=Ref(self.ServerKeyName),
                SecurityGroups=[Ref(self.SlaveEc2SG)],
            ))

        self.SlaveAutoScalingGroup = self.template.add_resource(
            AutoScalingGroup(
                "SlaveAutoScaling",
                AutoScalingGroupName=self.
                environment_parameters["ClientEnvironmentKey"] +
                "JMeterSlaveAutoScalingGroup",
                LaunchConfigurationName=Ref(self.SlaveLaunchConfiguration),
                LoadBalancerNames=[Ref(self.SlavePublicLoadBalancer)],
                MaxSize="1",
                MinSize="1",
                DesiredCapacity="1",
                VPCZoneIdentifier=[
                    Ref(self.RESTPrivSubnet1),
                    Ref(self.RESTPrivSubnet2)
                ],
                Tags=[
                    AutoScalingTag(
                        "Name",
                        self.environment_parameters["ClientEnvironmentKey"] +
                        "-JMeterSlaveEC2", True),
                    AutoScalingTag(
                        "Environment",
                        self.environment_parameters["EnvironmentName"], True),
                    AutoScalingTag(
                        "ResourceOwner",
                        self.environment_parameters["ResourceOwner"], True),
                    AutoScalingTag("ClientCode",
                                   self.environment_parameters["ClientCode"],
                                   True),
                ],
            ))

        self.TestExecutionLengthSSMParameter = self.template.add_resource(
            SSMParameter(
                "TestExecutionLengthSSMParameter",
                Description="The length of time the JMeter Test can Run",
                Name=self.environment_parameters["ClientEnvironmentKey"] +
                "-JMeterTestExecutionLength",
                Type="String",
                Value=Ref(self.TestExecutionLengthSSMParameterValue),
            ))

        self.JMXFileNameSSMParameter = self.template.add_resource(
            SSMParameter(
                "JMXFileNameSSMParameter",
                Description="The Name of the JMX File",
                Name=self.environment_parameters["ClientEnvironmentKey"] +
                "-JMeterJMXFileName",
                Type="String",
                Value=Ref(self.JMXFileNameSSMParameterValue),
            ))

        self.S3JMXFileLocationSSMParameter = self.template.add_resource(
            SSMParameter(
                "S3JMXFileLocationSSMParameter",
                Description="Location of the JMX File in S3",
                Name=self.environment_parameters["ClientEnvironmentKey"] +
                "-JMeterS3JMXFileLocation",
                Type="String",
                Value=Ref(self.S3JMXFileLocationSSMParameterValue),
            ))

        self.JMXResultsFileNameSSMParameter = self.template.add_resource(
            SSMParameter(
                "JMXResultsFileNameSSMParameter",
                Description="The Name of The JMX Results File",
                Name=self.environment_parameters["ClientEnvironmentKey"] +
                "-JMeterJMXResultsFileName",
                Type="String",
                Value=Ref(self.JMXResultsFileNameSSMParameterValue),
            ))

Ejemplo n.º 15

Archivo: storreduce-group-az.py Proyecto: gavinong10/quickstart-storreduce

        },
        "eu-west-3": {
            "AMI": "ami-55b40228",
            "MonitorAMI": "ami-fbb40286"
        },
    })

LoadBalancerSecurityGroup = t.add_resource(
    ec2.SecurityGroup(
        "LoadBalancerSecurityGroup",
        GroupDescription=
        "Enables remote access to port 80 and 443 for the StorReduce load balancer",
        SecurityGroupIngress=[
            ec2.SecurityGroupRule(
                IpProtocol="tcp",
                FromPort="80",
                ToPort="80",
                CidrIp=Ref(RemoteAccessCIDRParam),
            ),
            ec2.SecurityGroupRule(
                IpProtocol="tcp",
                FromPort="443",
                ToPort="443",
                CidrIp=Ref(RemoteAccessCIDRParam),
            ),
        ],
        VpcId=Ref(VpcIdParam)))

MonitorSecurityGroup = t.add_resource(
    ec2.SecurityGroup(
        "MonitorSecurityGroup",
        GroupDescription=

Ejemplo n.º 16

    "sa-east-1": {"AMI": "ami-a41869c8"},
    "us-east-1": {"AMI": "ami-1d4e7a66"},
    "us-east-2": {"AMI": "ami-dbbd9dbe"},
    "us-west-1": {"AMI": "ami-969ab1f6"},
    "us-west-2": {"AMI": "ami-8803e0f0"},
})

# EC2 security group
security_group = template.add_resource(ec2.SecurityGroup(
    'SecurityGroup',
    GroupDescription='Allows SSH access from SshCidr and HTTP/HTTPS access from anywhere.',
    VpcId=Ref(vpc),
    SecurityGroupIngress=[
        ec2.SecurityGroupRule(
            IpProtocol='tcp',
            FromPort=22,
            ToPort=22,
            CidrIp=Ref(ssh_cidr),
        ),
        ec2.SecurityGroupRule(
            IpProtocol='tcp',
            FromPort=80,
            ToPort=80,
            CidrIp='0.0.0.0/0',
        ),
        ec2.SecurityGroupRule(
            IpProtocol='tcp',
            FromPort=443,
            ToPort=443,
            CidrIp='0.0.0.0/0',
        ),
    ]

Ejemplo n.º 17

    def add_resources(self):
        self.RestApiPublicLBSG = self.template.add_resource(
            ec2.SecurityGroup(
                "RestApiPublicLBSG",
                GroupDescription=
                "Loadbalancer Security Group For Rest Api Public LB",
                VpcId=Ref(self.VpcId),
                SecurityGroupIngress=[
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=3389,
                        ToPort=3389,
                        CidrIp=Ref(self.AdminCidrBlock),
                    ),
                ],
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-LoyaltyRestApiPubLBSG"),
            ))

        self.RestApiPrivateLBSG = self.template.add_resource(
            ec2.SecurityGroup(
                "RestApiPrivateLBSG",
                GroupDescription=
                "Loadbalancer Security Group For Rest Api Private LB",
                VpcId=Ref(self.VpcId),
                SecurityGroupIngress=[
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=3389,
                        ToPort=3389,
                        CidrIp=Ref(self.AdminCidrBlock),
                    ),
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=80,
                        ToPort=80,
                        CidrIp=Ref(self.AdminCidrBlock),
                    ),
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=80,
                        ToPort=80,
                        SourceSecurityGroupId=Ref(self.KongEC2SecurityGroup),
                    ),
                ],
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-LoyaltyRestApiPrivLBSG"),
            ))

        self.RestApiSG = self.template.add_resource(
            ec2.SecurityGroup(
                "RestApiSG",
                GroupDescription=
                "Allow communication between Rest Api Load Balancers and Rest Api Ec2s",
                VpcId=Ref(self.VpcId),
                SecurityGroupIngress=[
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=3389,
                        ToPort=3389,
                        SourceSecurityGroupId=Ref(self.RestApiPublicLBSG),
                    ),
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=80,
                        ToPort=80,
                        SourceSecurityGroupId=Ref(self.RestApiPublicLBSG),
                    ),
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=80,
                        ToPort=80,
                        SourceSecurityGroupId=Ref(self.RestApiPrivateLBSG),
                    ),
                ],
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-LoyaltyRestApiEc2SG"),
            ))

        self.ApiEc2ToKongPrivateALBIngress = self.template.add_resource(
            ec2.SecurityGroupIngress(
                "ApiEc2ToKongPrivateALBIngress",
                DependsOn=self.RestApiSG,
                GroupId=Ref(self.KongPrivateLoadBalancerSecurityGroup),
                IpProtocol="tcp",
                FromPort=8443,
                ToPort=8444,
                SourceSecurityGroupId=Ref(self.RestApiSG),
            ))

        self.RestApiPublicLoadBalancer = self.template.add_resource(
            elasticloadbalancing.LoadBalancer(
                "RestApiPublicLoadBalancer",
                LoadBalancerName=self.
                environment_parameters["ClientEnvironmentKey"] +
                "-LoyaltyRestApiPubLB",
                Scheme="internet-facing",
                Listeners=[
                    elasticloadbalancing.Listener(
                        LoadBalancerPort="3389",
                        InstancePort="3389",
                        Protocol="TCP",
                        InstanceProtocol="TCP",
                    )
                ],
                Instances=[],
                SecurityGroups=[Ref(self.RestApiPublicLBSG)],
                Subnets=[Ref(self.RESTPubSubnet1),
                         Ref(self.RESTPubSubnet2)],
                ConnectionDrainingPolicy=elasticloadbalancing.
                ConnectionDrainingPolicy(
                    Enabled=True,
                    Timeout=300,
                ),
                CrossZone=True,
                HealthCheck=elasticloadbalancing.HealthCheck(
                    Target=Join("", ["TCP:", "3389"]),
                    HealthyThreshold="3",
                    UnhealthyThreshold="5",
                    Interval="10",
                    Timeout="5",
                ),
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-LoyaltyRestApiPubLB"),
            ))

        self.RestApiPrivateLoadBalancer = self.template.add_resource(
            elasticloadbalancing.LoadBalancer(
                "RestApiPrivateLoadBalancer",
                LoadBalancerName=self.
                environment_parameters["ClientEnvironmentKey"] +
                "-LoyaltyRestApiPrivLB",
                Scheme="internal",
                Listeners=[
                    elasticloadbalancing.Listener(
                        LoadBalancerPort="3389",
                        InstancePort="3389",
                        Protocol="TCP",
                        InstanceProtocol="TCP",
                    ),
                    elasticloadbalancing.Listener(
                        LoadBalancerPort="80",
                        InstancePort="80",
                        Protocol="TCP",
                        InstanceProtocol="TCP",
                    )
                ],
                Instances=[],
                SecurityGroups=[Ref(self.RestApiPrivateLBSG)],
                Subnets=[Ref(self.RESTPrivSubnet1),
                         Ref(self.RESTPrivSubnet2)],
                ConnectionDrainingPolicy=elasticloadbalancing.
                ConnectionDrainingPolicy(
                    Enabled=True,
                    Timeout=120,
                ),
                CrossZone=True,
                HealthCheck=elasticloadbalancing.HealthCheck(
                    Target=Join("", ["HTTP:", "80", "/swagger/index.html"]),
                    HealthyThreshold="3",
                    UnhealthyThreshold="5",
                    Interval="30",
                    Timeout="5",
                ),
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-LoyaltyRestApiPrivLB"),
            ))

        self.RestApiLaunchConfiguration = self.template.add_resource(
            LaunchConfiguration(
                "RestApiLaunchConfiguration",
                ImageId=self.ami_id,
                InstanceType=Ref(self.RestApiInstanceType),
                IamInstanceProfile=Ref(self.RestApiIAMInstanceProfile),
                KeyName=Ref(self.RestApiKeyName),
                SecurityGroups=[Ref(self.RestApiSG)],
                UserData=Base64(
                    Join('', [
                        "<persist>true</persist>\n", "<powershell>\n",
                        "$ClientCode = '" +
                        self.environment_parameters["ClientEnvironmentKey"] +
                        "'\n",
                        "$bootstrapRepository = (Get-SSMParameterValue -Names $ClientCode-bootstrapRepository -WithDecryption $true).Parameters[0].Value\n",
                        "\n", "$region = '" +
                        self.environment_parameters["EnvironmentRegion"] +
                        "'\n", "$keyPrefix = 'bootstrap/rest/powershell/'\n",
                        "\n", "$localPath = 'C:/bootstrap/rest/powershell'\n",
                        "\n",
                        "if (-Not (Test-Path -Path $localPath)){New-Item -Path $localPath -ItemType directory -Force | out-null}\n",
                        "$artifacts = Get-S3Object -BucketName $bootstrapRepository -KeyPrefix $keyPrefix -Region $region\n",
                        "foreach($artifact in $artifacts) {$localFileName = $artifact.Key -replace $keyPrefix, '' \n",
                        "if ($localFileName -ne '') {$localFilePath = Join-Path $localPath $localFileName \n",
                        "Copy-S3Object -BucketName $bootstrapRepository -Key $artifact.Key -LocalFile $localFilePath -Region $region}} \n",
                        "\n",
                        "$cmdExecuteBootStrapping = 'C:\\bootstrap\\rest\\powershell\\ExecuteScripts.ps1' \n",
                        "Invoke-Expression \"$cmdExecuteBootStrapping\" \n",
                        "</powershell>", "\n"
                    ]))))

        self.RestApiAutoScalingGroup = self.template.add_resource(
            AutoScalingGroup(
                "RestApiAutoscalingGroup",
                AutoScalingGroupName=self.
                environment_parameters["ClientEnvironmentKey"] +
                "-LoyaltyRestApiAutoScalingGroup",
                LaunchConfigurationName=Ref(self.RestApiLaunchConfiguration),
                LoadBalancerNames=[
                    Ref(self.RestApiPublicLoadBalancer),
                    Ref(self.RestApiPrivateLoadBalancer)
                ],
                MaxSize=Ref(self.RestApiASGGroupMaxSize),
                MinSize=Ref(self.RestApiASGGroupMinSize),
                DesiredCapacity=Ref(self.RestApiASGGroupDesiredSize),
                HealthCheckType=Ref(self.RestApiASGHealthCheckType),
                HealthCheckGracePeriod=Ref(
                    self.RestApiASGHealthCheckGracePeriod),
                Cooldown=Ref(self.RestApiASGCoolDown),
                LifecycleHookSpecificationList=[
                    LifecycleHookSpecification(
                        HeartbeatTimeout=Ref(
                            self.RestApiASGLifeCycleHeartBeatTimeout),
                        LifecycleTransition=Ref(
                            self.RestApiASGLifeCycleTransition),
                        LifecycleHookName=self.
                        environment_parameters["ClientEnvironmentKey"] +
                        "-REST-API-LCH"),
                ],
                VPCZoneIdentifier=[
                    Ref(self.RESTPrivSubnet1),
                    Ref(self.RESTPrivSubnet2)
                ],
                Tags=[
                    AutoScalingTag(
                        "Name",
                        self.environment_parameters["ClientEnvironmentKey"] +
                        "-LoyaltyRestApi-Ec2", True),
                    AutoScalingTag(
                        "Environment",
                        self.environment_parameters["EnvironmentName"], True),
                    AutoScalingTag(
                        "ResourceOwner",
                        self.environment_parameters["ResourceOwner"], True),
                    AutoScalingTag(
                        "ClientCode",
                        self.environment_parameters["ClientEnvironmentKey"],
                        True),
                ],
            ))

Ejemplo n.º 18

def add_security_group(template):
    '''
    Takes a given Template object and adds properly configured AWS
    security group to enable QF2 to cluster, replicate, and serve clients.
    Ports enabled by default:
    TCP 21, 80, 111, 443, 445, 2049, 3712, 8000
    UDP 111, 2049
    All traffic is allowed between members of the security group for clustering.
    '''
    sg_in = []
    sg_out = []

    # Ingress TCP ports
    for port in ['21', '80', '111', '443', '445', '2049', '3712', '8000']:
        sg_in.append(
            ec2.SecurityGroupRule(
                Description=
                'TCP ports for NFS, SMB, FTP, Management, and Replication',
                IpProtocol='tcp',
                FromPort=port,
                ToPort=port,
                CidrIp='0.0.0.0/0'))

    # Ingress UDP ports
    for port in ['111', '2049']:
        sg_in.append(
            ec2.SecurityGroupRule(Description='UDP ports for NFS',
                                  IpProtocol='udp',
                                  FromPort=port,
                                  ToPort=port,
                                  CidrIp='0.0.0.0/0'))

    # Egress rule for all ports and protocols
    sg_out.append(
        ec2.SecurityGroupRule(Description='Outbound traffic',
                              IpProtocol='-1',
                              FromPort=0,
                              ToPort=0,
                              CidrIp='0.0.0.0/0'))

    template.add_resource(
        ec2.SecurityGroup(
            SECURITY_GROUP_NAME,
            GroupDescription=
            'Enable ports for NFS/SMB/FTP, Management, Replication, and '
            'Clustering.',
            SecurityGroupIngress=sg_in,
            SecurityGroupEgress=sg_out,
            VpcId=Ref('VpcId')))

    # Self referencing security rules need to be added after the group is
    # created.  This rule is enabling all traffic between members of the
    # security group for clustering.
    template.add_resource(
        ec2.SecurityGroupIngress(
            'QumuloSecurityGroupNodeRule',
            DependsOn=SECURITY_GROUP_NAME,
            Description='Qumulo Internode Communication',
            GroupId=Ref(SECURITY_GROUP_NAME),
            IpProtocol='-1',
            FromPort=0,
            ToPort=0,
            SourceSecurityGroupId=Ref(SECURITY_GROUP_NAME)))

Ejemplo n.º 19

Archivo: dependencies.py Proyecto: troydieter/ghost-ecs-fargate-pipeline

        },
        Roles=[Ref(TaskExecutionRole)],
    ))

# Create CloudWatch Log Group
GhostLogGroup = t.add_resource(logs.LogGroup("GhostLogGroup", ))

# Create Security group that allows traffic into the ALB
alb_security_group = ec2.SecurityGroup(
    "ALBSecurityGroup",
    GroupDescription="Ghost ALB Security Group",
    VpcId=Ref(db_vpc),
    SecurityGroupIngress=[
        ec2.SecurityGroupRule(
            IpProtocol="tcp",
            FromPort="80",
            ToPort="80",
            CidrIp="0.0.0.0/0",
        ),
        ec2.SecurityGroupRule(
            IpProtocol="tcp",
            FromPort="443",
            ToPort="443",
            CidrIp="0.0.0.0/0",
        ),
    ])
t.add_resource(alb_security_group)

# Create Security group for the host/ENI/Fargate that allows 2368
ghost_host_security_group = ec2.SecurityGroup(
    "GhostHostSecurityGroup",
    GroupDescription="Ghost ECS Security Group.",

Ejemplo n.º 20

Archivo: stack.py Proyecto: geekmuse/definitive-guide-to-aws-infrastructure-automation

        },
        "us-west-2": {
            "Windows2016Base": "ami-07f35a597a32e470d",
            "AmazonLinux2": "ami-0cb72367e98845d43",
        },
    }
)

resources['sg'] = tpl.add_resource(
    ec2.SecurityGroup(
        "InstanceSg",
        GroupDescription="Enable SSH and HTTP access on the inbound port",
        SecurityGroupIngress=[
            ec2.SecurityGroupRule(
                IpProtocol="tcp",
                FromPort=FindInMap("Global", "ConnectPortByOs", Ref(params['os'])),
                ToPort=FindInMap("Global", "ConnectPortByOs", Ref(params['os'])),
                CidrIp=Ref(params['pub_loc']),
            )
        ]
    )
)

resources['ec2'] = tpl.add_resource(
    ec2.Instance(
        "Ec2Instance",
        ImageId=FindInMap("AmiByOs", Ref("AWS::Region"), Ref(params['os'])),
        InstanceType=Ref(params['instance_type']),
        KeyName=If(conditions['has_kp'], Ref(params['keyname']), Ref("AWS::NoValue")),
        SecurityGroups=[
            Ref(resources['sg']),
        ],

Ejemplo n.º 21

Archivo: app-ami-generator.py Proyecto: mcfox/awscf-generator

template.add_parameter(subnet_id)

vpc_id = Parameter("VpcId",
                   Type="AWS::EC2::VPC::Id",
                   Default="vpc-ebe0c38e",
                   Description="Id of the VPC which will hold the instance")
template.add_parameter(vpc_id)

# security group
sg = ec2.SecurityGroup(app_name_capitalize + 'SG',
                       GroupDescription="Security Group for base instance.",
                       Tags=Tags(Name=app_name + '-base-instance-sg',
                                 Custo=app_name),
                       SecurityGroupIngress=[
                           ec2.SecurityGroupRule(IpProtocol="tcp",
                                                 FromPort="22",
                                                 ToPort="22",
                                                 CidrIp="0.0.0.0/0"),
                           ec2.SecurityGroupRule(IpProtocol="tcp",
                                                 FromPort="9090",
                                                 ToPort="9090",
                                                 CidrIp="0.0.0.0/0"),
                           ec2.SecurityGroupRule(IpProtocol="tcp",
                                                 FromPort="80",
                                                 ToPort="80",
                                                 CidrIp="0.0.0.0/0"),
                           ec2.SecurityGroupRule(IpProtocol="tcp",
                                                 FromPort="443",
                                                 ToPort="443",
                                                 CidrIp="0.0.0.0/0")
                       ],
                       VpcId=Ref(vpc_id))

Ejemplo n.º 22

Archivo: aws_troposphere.py Proyecto: nithin20121995/MetrollaTemplates

        }
    })

myvpcsecuritygroup = t.add_resource(
    SecurityGroup("myVPCSecurityGroup",
                  GroupDescription="Security group for RDS DB Instance.",
                  VpcId=Ref(vpcid)))

instance_sg = t.add_resource(
    ec2.SecurityGroup(
        "InstanceSecurityGroup",
        GroupDescription="Enable SSH and HTTP access on the inbound port",
        SecurityGroupIngress=[
            ec2.SecurityGroupRule(
                IpProtocol="tcp",
                FromPort="22",
                ToPort="22",
                CidrIp=Ref(subnet),
            ),
            ec2.SecurityGroupRule(
                IpProtocol="tcp",
                FromPort="8080",
                ToPort="8080",
                CidrIp=Ref(subnet),
            ),
            ec2.SecurityGroupRule(
                IpProtocol="tcp",
                FromPort="8000",
                ToPort="8000",
                CidrIp=Ref(subnet),
            ),
            ec2.SecurityGroupRule(

Ejemplo n.º 23

Archivo: ecs-cluster-cf-template.py Proyecto: EffectiveDevOpsWithAWS/code-snippets

t.add_parameter(Parameter("VpcId", Type="AWS::EC2::VPC::Id",
                          Description="VPC"))

t.add_parameter(
    Parameter("PublicSubnet",
              Description="PublicSubnet",
              Type="List<AWS::EC2::Subnet::Id>",
              ConstraintDescription="PublicSubnet"))

t.add_resource(
    ec2.SecurityGroup("SecurityGroup",
                      GroupDescription="Allow SSH and private network access",
                      SecurityGroupIngress=[
                          ec2.SecurityGroupRule(
                              IpProtocol="tcp",
                              FromPort=0,
                              ToPort=65535,
                              CidrIp="172.16.0.0/12",
                          ),
                          ec2.SecurityGroupRule(
                              IpProtocol="tcp",
                              FromPort="22",
                              ToPort="22",
                              CidrIp=PublicCidrIp,
                          ),
                      ],
                      VpcId=Ref("VpcId")))

t.add_resource(Cluster('ECSCluster', ))

t.add_resource(
    Role(

Ejemplo n.º 24

Archivo: MemcachedClusterTemplate.py Proyecto: froststars/aws-cfn-templates

t.add_condition('CreateSecurityGroupCondition', Equals(Ref(param_sg), ''))

#
# Resources
#

cache_sg = t.add_resource(
    ec2.SecurityGroup(
        'CacheSecurityGroup',
        Condition='CreateSecurityGroupCondition',
        VpcId=Ref(param_vpcid),
        GroupDescription='Enable cache access',
        SecurityGroupIngress=[
            ec2.SecurityGroupRule(
                IpProtocol='tcp',
                FromPort='11211',
                ToPort='11211',
                CidrIp=Ref(param_client_location),
            )
        ],
    ))

cache_subnet_group = t.add_resource(
    elasticache.SubnetGroup('CacheSubnetGroup',
                            Description='Cache subnet group',
                            SubnetIds=Ref(param_subnetids)))

cache_cluster = t.add_resource(
    elasticache.CacheCluster(
        'CacheCluster',
        Engine='memcached',
        CacheNodeType=Ref(param_cache_node_type),

Ejemplo n.º 25

Archivo: helloworld-ecs-alb-cf-template.py Proyecto: EffectiveDevOpsWithAWS/code-snippets

                             ],
                         )
                     ])))

t.add_resource(
    ec2.SecurityGroup(
        "LoadBalancerSecurityGroup",
        GroupDescription="Web load balancer security group.",
        VpcId=ImportValue(
            Join("-", [
                Select(0, Split("-", Ref("AWS::StackName"))), "cluster-vpc-id"
            ])),
        SecurityGroupIngress=[
            ec2.SecurityGroupRule(
                IpProtocol="tcp",
                FromPort="3000",
                ToPort="3000",
                CidrIp="0.0.0.0/0",
            ),
        ],
    ))

t.add_resource(
    elb.LoadBalancer(
        "LoadBalancer",
        Scheme="internet-facing",
        Subnets=Split(
            ',',
            ImportValue(
                Join("-", [
                    Select(0, Split("-", Ref("AWS::StackName"))),
                    "cluster-public-subnets"

Ejemplo n.º 26

]

#
# Resources
#

rds_sg = t.add_resource(ec2.SecurityGroup(
    'RdsSecurityGroup',
    Condition='CreateSecurityGroupCondition',
    VpcId=Ref(param_vpcid),
    GroupDescription='Enable local postgres access',
    SecurityGroupIngress=[
        If('PostgresCondition',
           ec2.SecurityGroupRule(
               IpProtocol='tcp',
               FromPort='5432',
               ToPort='5432',
               CidrIp=Ref(param_db_client_location),
           ),
           Ref(AWS_NO_VALUE)),
        If('MysqlCondition',
           ec2.SecurityGroupRule(
               IpProtocol='tcp',
               FromPort='3306',
               ToPort='3306',
               CidrIp=Ref(param_db_client_location),
           ),
           Ref(AWS_NO_VALUE)),
    ],
))

subnet_group = t.add_resource(rds.DBSubnetGroup(

Ejemplo n.º 27

Archivo: step-publisher.py Proyecto: xshyamx/MiddlewareHackathon

def GenerateStepPublisherLayer():
    t = Template()

    t.add_description("""\
    StepScheduler Layer
    """)

    stackname_param = t.add_parameter(
        Parameter(
            "StackName",
            Description="Environment Name (default: hackathon)",
            Type="String",
            Default="hackathon",
        ))

    vpcid_param = t.add_parameter(
        Parameter(
            "VpcId",
            Type="String",
            Description="VpcId of your existing Virtual Private Cloud (VPC)",
            Default="vpc-fab00e9f"))

    subnets = t.add_parameter(
        Parameter(
            "Subnets",
            Type="CommaDelimitedList",
            Description=(
                "The list SubnetIds, for public subnets in the "
                "region and in your Virtual Private Cloud (VPC) - minimum one"
            ),
            Default="subnet-b68f3bef,subnet-9a6208ff,subnet-bfdd4fc8"))

    keypair_param = t.add_parameter(
        Parameter("KeyPair",
                  Description="Name of an existing EC2 KeyPair to enable SSH "
                  "access to the instance",
                  Type="String",
                  Default="glueteam"))

    scheduler_ami_id_param = t.add_parameter(
        Parameter(
            "SchedulerAmiId",
            Description="Scheduler server AMI ID (default: ami-a10897d6)",
            Type="String",
            Default="ami-a10897d6"))

    cluster_ami_id_param = t.add_parameter(
        Parameter("ClusterAmiId",
                  Description="Cluster server AMI ID (default: ami-3db4ca4a)",
                  Type="String",
                  Default="ami-3db4ca4a"))

    iam_role_param = t.add_parameter(
        Parameter(
            "IamRole",
            Description="IAM Role name",
            Type="String",
        ))

    hashkeyname_param = t.add_parameter(
        Parameter(
            "HaskKeyElementName",
            Description="HashType PrimaryKey Name (default: id)",
            Type="String",
            AllowedPattern="[a-zA-Z0-9]*",
            MinLength="1",
            MaxLength="2048",
            ConstraintDescription="must contain only alphanumberic characters",
            Default="id"))

    crontab_tablename_param = t.add_parameter(
        Parameter(
            "CrontabTablename",
            Description="Crontab Table Name",
            Type="String",
        ))

    containerlauncher_param = t.add_parameter(
        Parameter(
            "Containerlauncher",
            Description=
            "Container Launcher zip file (default: containerLauncher-1.0.zip)",
            Type="String",
            Default="containerLauncher-1.0.zip"))

    zipfileversion_param = t.add_parameter(
        Parameter(
            "ZipfileVersion",
            Description="Container Launcher zip file version",
            Type="String",
        ))

    # --------- Lambda Container Launcher

    lambda_function = t.add_resource(
        Function(
            "containerLauncher",
            Code=Code(
                S3Bucket="hackathon-glueteam-lambda",
                S3Key=Ref(containerlauncher_param),
                S3ObjectVersion=Ref(zipfileversion_param),
            ),
            Description=Join('',
                             [Ref(stackname_param), " container Launcher"]),
            MemorySize=256,
            Handler="com.philips.glueteam.DockerLauncher::myHandler",
            Runtime="java8",
            Timeout=60,
            Role=Join('', [
                "arn:aws:iam::",
                Ref("AWS::AccountId"), ":role/",
                Ref(iam_role_param)
            ]),
        ))

    townclock_topic = t.add_resource(
        sns.Topic(
            "TownClock",
            Subscription=[
                sns.Subscription(Endpoint=GetAtt("containerLauncher", "Arn"),
                                 Protocol="lambda"),
            ],
        ))

    # --------- Scheduler instance

    scheduler_sg = t.add_resource(
        ec2.SecurityGroup(
            'SchedulerSG',
            GroupDescription='Security group for Scheduler host',
            VpcId=Ref(vpcid_param),
            Tags=Tags(Name=Join("", [Ref(stackname_param), "SchedulerSG"])),
            SecurityGroupIngress=[
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="22",
                    ToPort="22",
                    CidrIp="0.0.0.0/0",
                ),
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="8080",
                    ToPort="8080",
                    CidrIp="0.0.0.0/0",
                ),
            ]))

    cluster = t.add_resource(ecs.Cluster("ECSCluster", ))

    scheduler_host = t.add_resource(
        ec2.Instance(
            'SchedulerHost',
            ImageId=Ref(scheduler_ami_id_param),
            InstanceType='t2.micro',
            KeyName=Ref(keypair_param),
            IamInstanceProfile=Ref(iam_role_param),
            NetworkInterfaces=[
                ec2.NetworkInterfaceProperty(
                    AssociatePublicIpAddress=True,
                    SubnetId=Select(0, Ref(subnets)),
                    DeleteOnTermination=True,
                    GroupSet=[
                        Ref(scheduler_sg),
                    ],
                    DeviceIndex=0,
                ),
            ],
            Tags=Tags(Name=Join("", [Ref(stackname_param), "Scheduler"]),
                      Id=Join("", [Ref(stackname_param), "Scheduler"])),
            UserData=Base64(
                Join('', [
                    '#!/bin/bash\n',
                    'yum update -y aws-cfn-bootstrap\n',
                    'sns_topic_arn="',
                    Ref(townclock_topic),
                    '"\n',
                    'region="',
                    Ref("AWS::Region"),
                    '"\n',
                    'crontab_tablename="',
                    Ref(crontab_tablename_param),
                    '"\n',
                    'ecs_clustername="',
                    Ref(cluster),
                    '"\n',
                    'publish_source=https://raw.githubusercontent.com/hngkr/hackathon/master/ansible/files/unreliable-town-clock-publish\n',
                    'publish=/usr/local/bin/unreliable-town-clock-publish\n',
                    'curl -s --location --retry 10 -o $publish $publish_source\n',
                    'chmod +x $publish\n',
                    'cat <<EOF >/etc/cron.d/unreliable-town-clock\n',
                    '*/2 * * * * ec2-user $publish "$sns_topic_arn" "$region" "$crontab_tablename" "$ecs_clustername"\n',
                    'EOF\n',
                ])),
        ))

    cluster_sg = t.add_resource(
        ec2.SecurityGroup(
            'ClusterSG',
            GroupDescription='Security group for Cluster host',
            VpcId=Ref(vpcid_param),
            Tags=Tags(Name=Join("", [Ref(stackname_param), "ClusterSG"])),
            SecurityGroupIngress=[
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="22",
                    ToPort="22",
                    CidrIp="0.0.0.0/0",
                ),
            ]))

    cluster_host = t.add_resource(
        ec2.Instance(
            'ClusterHost',
            ImageId=Ref(cluster_ami_id_param),
            InstanceType='t2.micro',
            KeyName=Ref(keypair_param),
            # TODO: Should have multiple separate iam roles for townclock / clusterhost
            IamInstanceProfile=Ref(iam_role_param),
            NetworkInterfaces=[
                ec2.NetworkInterfaceProperty(
                    AssociatePublicIpAddress=True,
                    SubnetId=Select(0, Ref(subnets)),
                    DeleteOnTermination=True,
                    GroupSet=[
                        Ref(cluster_sg),
                    ],
                    DeviceIndex=0,
                ),
            ],
            Tags=Tags(Name=Join("", [Ref(stackname_param), "ClusterNode"]),
                      Id=Join("", [Ref(stackname_param), "ClusterNode"])),
            UserData=Base64(
                Join('', [
                    '#!/bin/bash\n',
                    'mkdir /etc/ecs\n',
                    'cat <<EOF >/etc/ecs/ecs.config\n',
                    'ECS_CLUSTER=',
                    Ref(cluster),
                    '\n',
                    'EOF\n',
                ])),
        ))

    # --------- Expected DynamoDB Tables

    dirtylist_table = t.add_resource(
        dynamodb.Table(
            "DirtyList",
            AttributeDefinitions=[
                dynamodb.AttributeDefinition(Ref(hashkeyname_param), "S"),
            ],
            KeySchema=[dynamodb.Key(Ref(hashkeyname_param), "HASH")],
            ProvisionedThroughput=dynamodb.ProvisionedThroughput(1, 1)))

    runlog_table = t.add_resource(
        dynamodb.Table(
            "RunLog",
            AttributeDefinitions=[
                dynamodb.AttributeDefinition(Ref(hashkeyname_param), "S"),
            ],
            KeySchema=[dynamodb.Key(Ref(hashkeyname_param), "HASH")],
            ProvisionedThroughput=dynamodb.ProvisionedThroughput(1, 1)))

    # --------- Outputs
    t.add_output(
        [Output(
            "clusterid",
            Description="Cluster Id",
            Value=Ref(cluster),
        )])

    t.add_output([
        Output(
            "dirtylist",
            Description="DirtyList Tablename",
            Value=Ref(dirtylist_table),
        )
    ])

    t.add_output([
        Output(
            "runlog",
            Description="Runlog Tablename",
            Value=Ref(runlog_table),
        )
    ])

    t.add_output([
        Output(
            "lambdafunctionname",
            Description="Lambda Function Name",
            Value=Ref(lambda_function),
        )
    ])

    t.add_output([
        Output(
            "clocktowertopicarn",
            Description="Clock Tower Topic Arn",
            Value=Ref(townclock_topic),
        )
    ])

    return t

Ejemplo n.º 28

def GenerateDockerRegistryLayer():
    t = Template()

    t.add_description("""\
    DockerRegistry Layer
    """)

    stackname_param = t.add_parameter(
        Parameter(
            "StackName",
            Description="Environment Name (default: test)",
            Type="String",
            Default="test",
        ))

    vpcid_param = t.add_parameter(
        Parameter(
            "VpcId",
            Type="String",
            Description="VpcId of your existing Virtual Private Cloud (VPC)",
            Default="vpc-fab00e9f"))

    subnets = t.add_parameter(
        Parameter(
            "Subnets",
            Type="CommaDelimitedList",
            Description=(
                "The list SubnetIds, for public subnets in the "
                "region and in your Virtual Private Cloud (VPC) - minimum one"
            ),
            Default="subnet-b68f3bef,subnet-9a6208ff,subnet-bfdd4fc8"))

    keypair_param = t.add_parameter(
        Parameter("KeyPair",
                  Description="Name of an existing EC2 KeyPair to enable SSH "
                  "access to the instance",
                  Type="String",
                  Default="glueteam"))

    registry_ami_id_param = t.add_parameter(
        Parameter("RegistryAmiId",
                  Description="Registry server AMI ID",
                  Type="String",
                  Default="ami-a10897d6"))

    iam_role_param = t.add_parameter(
        Parameter(
            "IamRole",
            Description="IAM Role name",
            Type="String",
        ))

    s3bucket_param = t.add_parameter(
        Parameter(
            "BucketName",
            Description="S3 Bucket Name (default: )",
            Type="String",
            Default="",
        ))

    # --------- Docker registry

    registry_sg = t.add_resource(
        ec2.SecurityGroup(
            'RegistrySG',
            GroupDescription='Security group for Registry host',
            VpcId=Ref(vpcid_param),
            Tags=Tags(Name=Join("", [Ref(stackname_param), "RegistrySG"])),
            SecurityGroupIngress=[
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="22",
                    ToPort="22",
                    CidrIp="0.0.0.0/0",
                ),
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="80",
                    ToPort="80",
                    CidrIp="0.0.0.0/0",
                ),
            ]))

    registry_eip = t.add_resource(ec2.EIP(
        'RegistryEIP',
        Domain='vpc',
    ))

    registry_eth0 = t.add_resource(
        ec2.NetworkInterface(
            "RegistryEth0",
            Description=Join("", [Ref(stackname_param), "Registry Eth0"]),
            GroupSet=[
                Ref(registry_sg),
            ],
            SourceDestCheck=True,
            SubnetId=Select(0, Ref(subnets)),
            Tags=Tags(
                Name=Join("", [Ref(stackname_param), "Registry Interface 0"]),
                Interface="eth0",
            )))

    registry_host = t.add_resource(
        ec2.Instance(
            'RegistryHost',
            ImageId=Ref(registry_ami_id_param),
            InstanceType='t2.micro',
            KeyName=Ref(keypair_param),
            IamInstanceProfile=Ref(iam_role_param),
            NetworkInterfaces=[
                ec2.NetworkInterfaceProperty(
                    NetworkInterfaceId=Ref(registry_eth0),
                    DeviceIndex="0",
                ),
            ],
            Tags=Tags(Name=Join("", [Ref(stackname_param), "Registry"]),
                      Id=Join("", [Ref(stackname_param), "Registry"])),
            UserData=Base64(
                Join('', [
                    '#!/bin/bash\n',
                    'yum update -y aws-cfn-bootstrap\n',
                    'mkdir -p /root/build/redis /root/build/registry\n',
                    'touch /root/build/redis/Dockerfile\n',
                    'touch /root/build/redis/redis.conf\n',
                    'touch /root/build/registry/Dockerfile\n',
                ])),
        ))

    registry_eip_assoc = t.add_resource(
        ec2.EIPAssociation(
            "RegistryEIPAssoc",
            NetworkInterfaceId=Ref(registry_eth0),
            AllocationId=GetAtt("RegistryEIP", "AllocationId"),
            PrivateIpAddress=GetAtt("RegistryEth0", "PrimaryPrivateIpAddress"),
        ))

    return t

Ejemplo n.º 29

t.add_parameter(
    Parameter(
        "KeyPair",
        Description="Name of an existing EC2 KeyPair to SSH",
        Type="AWS::EC2::KeyPair::KeyName",
        ConstraintDescription="must be the name of an existing EC2 KeyPair.",
    ))

t.add_resource(
    ec2.SecurityGroup(
        "SecurityGroup",
        GroupDescription="Allow SSH and TCP/{} access".format(ApplicationPort),
        SecurityGroupIngress=[
            ec2.SecurityGroupRule(
                IpProtocol="tcp",
                FromPort="22",
                ToPort="22",
                CidrIp="0.0.0.0/0",
            ),
            ec2.SecurityGroupRule(
                IpProtocol="tcp",
                FromPort=ApplicationPort,
                ToPort=ApplicationPort,
                CidrIp="0.0.0.0/0",
            ),
        ],
    ))

ud = Base64(
    Join('\n', [
        "#!/bin/bash", "yum install --enablerepo=epel -y git",
        "pip install ansible", AnsiblePullCmd,

Ejemplo n.º 30

    def create_rds_instance(self):
        rds_security_group_name = 'sgDatabaseServer'

        rds_security_group = self.add_resource(
            ec2.SecurityGroup(
                rds_security_group_name,
                GroupDescription='Enables access to database servers',
                VpcId=Ref(self.vpc_id),
                SecurityGroupIngress=[
                    ec2.SecurityGroupRule(IpProtocol='tcp',
                                          CidrIp=VPC_CIDR,
                                          FromPort=p,
                                          ToPort=p) for p in [POSTGRESQL]
                ],
                SecurityGroupEgress=[
                    ec2.SecurityGroupRule(IpProtocol='tcp',
                                          CidrIp=VPC_CIDR,
                                          FromPort=p,
                                          ToPort=p) for p in [POSTGRESQL]
                ],
                Tags=self.get_tags(Name=rds_security_group_name)))

        rds_subnet_group_name = 'dbsngDatabaseServer'

        rds_subnet_group = self.add_resource(
            rds.DBSubnetGroup(rds_subnet_group_name,
                              DBSubnetGroupDescription=
                              'Private subnets for the RDS instances',
                              SubnetIds=Ref(self.private_subnets),
                              Tags=self.get_tags(Name=rds_subnet_group_name)))

        rds_parameter_group = self.add_resource(
            rds.DBParameterGroup(
                'dbpgDatabaseServer',
                Family='postgres9.4',
                Description='Parameter group for the RDS instances',
                Parameters={'log_min_duration_statement': '500'}))

        rds_database_name = 'DatabaseServer'

        return self.add_resource(
            rds.DBInstance(
                rds_database_name,
                AllocatedStorage=128,
                AllowMajorVersionUpgrade=False,
                AutoMinorVersionUpgrade=True,
                BackupRetentionPeriod=30,
                DBInstanceClass=Ref(self.rds_instance_type),
                DBName=Ref(self.rds_db_name),
                DBParameterGroupName=Ref(rds_parameter_group),
                DBSubnetGroupName=Ref(rds_subnet_group),
                Engine='postgres',
                EngineVersion='9.4.1',
                MasterUsername=Ref(self.rds_username),
                MasterUserPassword=Ref(self.rds_password),
                MultiAZ=True,
                PreferredBackupWindow='04:00-04:30',  # 12:00AM-12:30AM ET
                PreferredMaintenanceWindow=
                'sun:04:30-sun:05:30',  # SUN 12:30AM-01:30AM ET
                StorageType='gp2',
                VPCSecurityGroups=[Ref(rds_security_group)],
                Tags=self.get_tags(Name=rds_database_name)))