def create_subnets():
return [
ec2.Subnet(
'subnetA',
AvailabilityZone='us-east-1a',
CidrBlock=Ref('cidrSubnetA'),
MapPublicIpOnLaunch=True,
Tags=_tags(),
VpcId=Ref('vpc'),
),
ec2.SubnetRouteTableAssociation(
'subnetAToRouteTable',
RouteTableId=Ref('routeTable'),
SubnetId=Ref('subnetA'),
),
ec2.Subnet(
'subnetB',
AvailabilityZone='us-east-1b',
CidrBlock=Ref('cidrSubnetB'),
MapPublicIpOnLaunch=True,
Tags=_tags(),
VpcId=Ref('vpc'),
),
ec2.SubnetRouteTableAssociation(
'subnetBToRouteTable',
RouteTableId=Ref('routeTable'),
SubnetId=Ref('subnetB'),
),
]
def create_subnets(self):
self.default_azs = []
self.default_private_subnets = []
self.default_public_subnets = []
for num, availability_zone in enumerate(self.availability_zones):
public_subnet_name = '{}PublicSubnet'.format(
availability_zone.cfn_name)
public_subnet = self.create_resource(ec2.Subnet(
public_subnet_name,
VpcId=Ref(self.vpc),
CidrBlock=cidr_generator.next(),
AvailabilityZone=availability_zone.name,
Tags=self.get_tags(Name=public_subnet_name)),
output=public_subnet_name)
self.create_resource(
ec2.SubnetRouteTableAssociation(
'{}PublicRouteTableAssociation'.format(
public_subnet.title),
SubnetId=Ref(public_subnet),
RouteTableId=Ref(self.public_route_table)))
private_subnet_name = '{}PrivateSubnet'.format(
availability_zone.cfn_name)
private_subnet = self.create_resource(ec2.Subnet(
private_subnet_name,
VpcId=Ref(self.vpc),
CidrBlock=cidr_generator.next(),
AvailabilityZone=availability_zone.name,
Tags=self.get_tags(Name=private_subnet_name)),
output=private_subnet_name)
private_route_table_name = '{}PrivateRouteTable'.format(
availability_zone.cfn_name)
private_route_table = self.create_resource(
ec2.RouteTable(
private_route_table_name,
VpcId=Ref(self.vpc),
Tags=self.get_tags(Name=private_route_table_name)))
self.PRIVATE_ROUTE_TABLES.append(private_route_table)
self.create_resource(
ec2.SubnetRouteTableAssociation(
'{}PrivateSubnetRouteTableAssociation'.format(
private_subnet.title),
SubnetId=Ref(private_subnet),
RouteTableId=Ref(private_route_table)))
self.PUBLIC_SUBNETS.append(public_subnet)
self.PRIVATE_SUBNETS.append(private_subnet)
if availability_zone.name in self.get_input('AvailabilityZones'):
self.create_nat_gateway(availability_zone, public_subnet,
private_route_table)
self.default_azs.append(availability_zone.name)
self.default_private_subnets.append(private_subnet)
self.default_public_subnets.append(public_subnet)
def create_subnets(self, public_route_table):
self.default_azs = []
self.default_private_subnets = []
self.default_public_subnets = []
for num, availability_zone in enumerate(self.availability_zones):
public_subnet_name = '{}PublicSubnet'.format(
availability_zone.cfn_name) # NOQA
public_subnet = self.create_resource(
ec2.Subnet(public_subnet_name,
VpcId=Ref(self.vpc),
CidrBlock=next(self.public_subnet_cidr_ranges),
AvailabilityZone=availability_zone.name,
Tags=self.get_tags(Name=public_subnet_name)))
self.create_resource(
ec2.SubnetRouteTableAssociation(
'{}PublicRouteTableAssociation'.format(
public_subnet.title),
SubnetId=Ref(public_subnet),
RouteTableId=Ref(public_route_table)))
private_subnet_name = '{}PrivateSubnet'.format(
availability_zone.cfn_name) # NOQA
private_subnet = self.create_resource(
ec2.Subnet(private_subnet_name,
VpcId=Ref(self.vpc),
CidrBlock=next(self.private_subnet_cidr_ranges),
AvailabilityZone=availability_zone.name,
Tags=self.get_tags(Name=private_subnet_name)))
private_route_table_name = '{}PrivateRouteTable'.format(
availability_zone.cfn_name) # NOQA
private_route_table = self.create_resource(
ec2.RouteTable(
private_route_table_name,
VpcId=Ref(self.vpc),
Tags=self.get_tags(Name=private_route_table_name)))
self.create_resource(
ec2.SubnetRouteTableAssociation(
'{}PrivateSubnetRouteTableAssociation'.format(
private_subnet.title), # NOQA
SubnetId=Ref(private_subnet),
RouteTableId=Ref(private_route_table)))
if availability_zone.name in self.get_input(
'AvailabilityZones').split(','): # NOQA
self.create_nat(availability_zone, public_subnet,
private_route_table)
self.default_azs.append(availability_zone.name)
self.default_private_subnets.append(private_subnet)
self.default_public_subnets.append(public_subnet)
def main():
vpc = ec2.VPC('MyVPC', CidrBlock='10.0.0.0/16')
subnet = ec2.Subnet('MySubnet',
AvailabilityZone='ap-southeast-2a',
VpcId=Ref(vpc),
CidrBlock='10.0.1.0/24')
template = Template()
single_instance_config = SingleInstanceConfig(
keypair='INSERT_YOUR_KEYPAIR_HERE',
si_image_id='ami-dc361ebf',
si_instance_type='t2.micro',
vpc=Ref(vpc),
subnet=Ref(subnet),
instance_dependencies=vpc.title,
public_hosted_zone_name=None,
sns_topic=None,
is_nat=False,
iam_instance_profile_arn=None,
availability_zone='ap-southeast-2a')
SingleInstance(title='jump',
template=template,
single_instance_config=single_instance_config)
template.add_resource(vpc)
template.add_resource(subnet)
print(template.to_json(indent=2, separators=(',', ': ')))
def create_subnet(self):
t = self.template
self.subnet = t.add_resource(
ec2.Subnet(
"Subnet",
VpcId=self.vpc_id,
AvailabilityZone=self.availability_zone,
CidrBlock=self.cidr_block,
Tags=self.tags,
)
)
t.add_output(Output("SubnetId", Value=self.subnet.Ref()))
t.add_output(Output("NetworkType", Value=self.network_type))
t.add_output(Output("CidrBlock", Value=self.cidr_block))
attrs = ["AvailabilityZone", "NetworkAclAssociationId", "VpcId"]
for attr in attrs:
t.add_output(Output(attr, Value=self.subnet.GetAtt(attr)))
list_attrs = ["Ipv6CidrBlocks"]
for attr in list_attrs:
t.add_output(
Output(
attr,
Value=Join(",", self.subnet.GetAtt(attr))
)
)
def subnet(self) -> ec2.Subnet:
"""Return a Subnet for the VPC."""
return ec2.Subnet(
name_to_id(f"{self.name}Subnet"),
VpcId=Ref(self.vpc),
CidrBlock=self.subnet_cidr_block,
)
def test_internet_gateway(stack: Stack) -> None:
"""Test InternetGateway construct."""
vpc = ec2.VPC(
name_to_id("vpc-test"),
CidrBlock="10.0.0.0/16",
EnableDnsHostnames="true",
EnableDnsSupport="true",
)
subnets = [
ec2.Subnet(
name_to_id(f"{zone}-subnet"),
CidrBlock="10.0.0.0/20",
AvailabilityZone="eu-west-1b",
VpcId=Ref(vpc),
MapPublicIpOnLaunch="true",
) for zone, ip in zip(["eu-west-1a", "eu-west-1b"],
["10.0.0.0/20", "10.0.16.0/20"])
]
igw = InternetGateway(name_prefix="test", vpc=vpc, subnets=subnets)
for el in (vpc, *subnets, igw):
stack.add(el)
assert stack.export()["Resources"] == EXPECTED_TEMPLATE
def main():
vpc = ec2.VPC('MyVPC', CidrBlock='10.0.0.0/16')
subnet = ec2.Subnet('MySubnet',
AvailabilityZone='ap-southeast-2a',
VpcId=Ref(vpc),
CidrBlock='10.0.1.0/24')
template = Template()
sns_topic = SNS(template)
single_instance_config = SingleInstanceConfig(
keypair='INSERT_YOUR_KEYPAIR_HERE',
si_image_id='ami-53371f30',
si_instance_type='t2.micro',
vpc=Ref(vpc),
subnet=Ref(subnet),
is_nat=True,
instance_dependencies=vpc.title,
public_hosted_zone_name=None,
iam_instance_profile_arn=None,
sns_topic=sns_topic,
availability_zone='ap-southeast-2a',
ec2_scheduled_shutdown=None,
owner='*****@*****.**')
SingleInstance(title='nat1',
template=template,
single_instance_config=single_instance_config)
template.add_resource(vpc)
template.add_resource(subnet)
print(template.to_json(indent=2, separators=(',', ': ')))
def create_vpc_subnet(subnet):
prefix = calculate_cidr_prefix(subnet[1]["IP Count"])
possible_nets = list(network.subnet(prefix))
if subnet[0] == 0:
cidrblock = possible_nets[0]
chosen_nets.append(possible_nets[0])
else:
net = None
for possible_net in possible_nets:
ok = True
for chosen_net in chosen_nets:
if possible_net in chosen_net:
ok = False
if ok:
net = possible_net
break
if net is None:
raise ValueError('Unable to fit all subnets in your VPC.')
chosen_nets.append(net)
cidrblock = net
tags = [{"Key": "Network", "Value": subnet[1]["Type"]}]
return ec2.Subnet(name=subnet[1]["Name"],
CidrBlock=str(cidrblock),
VpcId=Ref(vpc),
Tags=tags)
def create_subnet(template, name, vpc, cidr_block, availability_zone):
return template.add_resource(ec2.Subnet(
name,
VpcId=Ref(vpc),
CidrBlock=cidr_block,
AvailabilityZone=availability_zone,
Tags=Tags(Name=name)
))
def dump_yaml(cfn_file):
template = Template()
vpc_cidr_param = template.add_parameter(
Parameter(
"vpcCidrParam",
Description="string of vpc cidr block to use",
Type="String",
))
subnet_cidr_param = template.add_parameter(
Parameter(
"subnetCidrParam",
Description="string of subnet cidr block to use",
Type="String",
))
resource_tags = Tags(Name=Sub("${AWS::StackName}"),
user="******",
stelligent_u_lesson='lesson-4-1',
stelligent_u_lab='lab-1')
vpc = template.add_resource(
ec2.VPC(
"Vpc",
CidrBlock=Ref(vpc_cidr_param),
EnableDnsSupport=True,
EnableDnsHostnames=True,
InstanceTenancy="default",
Tags=resource_tags,
))
subnet = template.add_resource(
ec2.Subnet(
"Subnet",
VpcId=Ref(vpc),
CidrBlock=Ref(subnet_cidr_param),
MapPublicIpOnLaunch=False,
AvailabilityZone=Select(0, GetAZs()),
Tags=resource_tags,
))
template.add_output([
Output(
"vpcId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(vpc),
),
Output(
"SubnetId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(subnet),
),
])
with open(cfn_file, 'w') as f:
f.write(template.to_yaml())
def createCouchbaseSubnet(t, vpc):
couchbaseSubnet = t.add_resource(ec2.Subnet(
'SUBNET',
CidrBlock='10.0.0.0/16',
MapPublicIpOnLaunch='true',
Tags=Tags(Name=Join('', ['subnet-scalability-', Ref('AWS::Region')])),
VpcId=Ref(vpc)
))
return couchbaseSubnet
def createCouchbaseSubnet2(t, vpc):
couchbaseSubnet = t.add_resource(ec2.Subnet(
'SUBNET2',
AvailabilityZone = configuration.CLUSTER2_AVAILABILITY_ZONE,
CidrBlock='10.0.128.0/17',
MapPublicIpOnLaunch='true',
Tags=Tags(Name=Join('', ['subnet2-scalability-', Ref('AWS::Region')])),
VpcId=Ref(vpc)
))
return couchbaseSubnet
def subnet(self) -> ec2.Subnet:
"""Return a private subnet."""
if self._subnet is None:
self._subnet = ec2.Subnet(
name_to_id(self.name),
VpcId=Ref(self.vpc),
CidrBlock=self.cidr_block,
Tags=Tags({"Name": self.name}),
)
return self._subnet
def build_subnet(self, t, subnetName, az, cidr):
subnet = t.add_resource(
ec2.Subnet(
subnetName,
VpcId=Ref(self.vpc),
AvailabilityZone=az,
CidrBlock=cidr,
Tags=self.defaultTags +
[ec2.Tag('Name', Join("", [self.namePrefix, subnetName]))]))
return subnet
def define_subnet(self, subnet_config, vpc_name):
subnet = ec2.Subnet(subnet_config["name"],
DeletionPolicy=self.deletion_policy)
#print("creating subnet in %s" % defaults["vpc_id"])
subnet.VpcId = Ref(self.template.resources[vpc_name])
subnet.AvailabilityZone = subnet_config["availability_zone"]
subnet.CidrBlock = subnet_config["cidr_block"]
subnet.Tags = self._get_tags(subnet_config)
self._add_resource(subnet)
def subnet(self) -> ec2.Subnet:
"""Return a Subnet for VPC endpoints."""
if self._subnet is None:
subnet_name = f"{self.name}Subnet"
self._subnet = ec2.Subnet(
name_to_id(subnet_name),
VpcId=Ref(self.vpc),
CidrBlock=self.cidr_block,
Tags=Tags({"Name": subnet_name}),
)
return self._subnet
def add_subnet_db2(self):
name, tags = self._name_tags('subnet_db2')
self.subnet_db2 = self.t.add_resource(
ec2.Subnet(
name,
AvailabilityZone=self.aws['subnet_db2.az'],
CidrBlock=self.aws['subnet_db2.cidr_block'],
VpcId=Ref(self.vpc),
Tags=Tags(**tags),
))
self.t.add_output(Output(
"DB2Subnet", Value=Ref(self.subnet_db2)
))
def create_subnets(self):
t = self.template
vpc_cidr = self.get_variables()["VpcCidrBlock"]
n_hosts = self.get_variables()["HostsPerSubnet"]
# Calculate the number of subnets and their addresses here
# For each calculated subnet
t.add_resource(
ec2.Subnet(
RESOURCE_NAME,
AvailabilityZone=AZS[?], # How can you distribute the subnets across as many AZs as possible?
VpcId=VPC_ID,
CidrBlock=SUBNET_CIDR_BLOCK, # This will come from the calculation above
Tags=Tags(Name="%s - %s" % (self.get_variables()["Namespace"], SUBNET_CIDR_BLOCK)) # This will generate the following tag: Name: teamX - x.x.x.x/x
)
)
def build(prefix, template, vpc, cidr="172.168.1.0/24", index=1):
"""
Build public subnet and contained resources
"""
subnet_title = resource_title.subnet_title(prefix, index)
subnet = ec2.Subnet(subnet_title)
subnet.CidrBlock = cidr
subnet.VpcId = Ref(vpc)
subnet.Tags = [
tagging.pair('Public', str(True)),
tagging.name(subnet_title),
tagging.env_name()
]
template.add_resource(subnet)
template.add_output(
Output('PublicSubnet', Description="PublicSubnet", Value=Ref(subnet)))
routing.build(prefix, template, vpc, subnet)
return subnet
def create_vpc(t, env, env_number, subnet_mapping, subnet_config):
'''
Creates the VPC along with the subnets, IGW and RouteTables
'''
vpc_objects = {}
vpc_objects['vpc'] = t.add_resource(
ec2.VPC("{}VPC".format(env.upper()),
CidrBlock="10.{}.0.0/16".format(env_number),
InstanceTenancy="default",
Tags=Tags(Name="{}VPC".format(env.upper()))))
vpc_objects['igw'] = t.add_resource(ec2.InternetGateway("InternetGateway"))
vpc_objects['igw_attachment'] = t.add_resource(
ec2.VPCGatewayAttachment(
"IGWAttachment",
VpcId=Ref(vpc_objects['vpc']),
InternetGatewayId=Ref(vpc_objects['igw']),
))
# Create Subnets
vpc_objects['subnets'] = {}
vpc_objects['nat_eip'] = {}
for subid in subnet_config:
vpc_objects['subnets'][subid] = t.add_resource(
ec2.Subnet(subid,
CidrBlock=subnet_config[subid]['subnet'],
VpcId=Ref(vpc_objects['vpc']),
AvailabilityZone="{}".format(
subnet_config[subid]['az_name']),
Tags=Tags(Name="{}Subnet".format(subid))))
# Create NAT Gateways
if subnet_config[subid]['service'] == 'nat':
az = subnet_config[subid]['az_number']
nat_eip_name = '{}{}NatEIP'.format(env.title(), az)
vpc_objects['nat_eip'][nat_eip_name] = t.add_resource(
ec2.EIP(nat_eip_name, Domain="vpc"))
t.add_resource(
ec2.NatGateway('{}{}NatGW'.format(env.title(), az),
AllocationId=GetAtt(
vpc_objects['nat_eip'][nat_eip_name],
'AllocationId'),
SubnetId=Ref(vpc_objects['subnets'][subid])))
return t, vpc_objects
def main():
"""
Creates a troposphere template and then adds a single s3 bucket
"""
template = Template()
vpc = template.add_resource(ec2.VPC('MyVPC', CidrBlock='10.0.0.0/16'))
internet_gateway = template.add_resource(ec2.InternetGateway('MyInternetGateway'))
template.add_resource(ec2.VPCGatewayAttachment('MyVPCGatewayAttachment',
InternetGatewayId=Ref(internet_gateway),
VpcId=Ref(vpc),
DependsOn=internet_gateway.title))
security_group = template.add_resource(ec2.SecurityGroup('mySecGroup',
GroupDescription='Security group',
VpcId=Ref(vpc),
))
subnet = template.add_resource(ec2.Subnet('MyPubSub',
AvailabilityZone='ap-southeast-2a',
VpcId=Ref(vpc),
CidrBlock='10.0.1.0/24'))
template.add_resource(ec2.Instance(
'myinstance',
KeyName='INSERT_YOUR_KEYPAIR_HERE',
ImageId='ami-dc361ebf',
InstanceType='t2.nano',
NetworkInterfaces=[ec2.NetworkInterfaceProperty(
GroupSet=[Ref(security_group)],
AssociatePublicIpAddress=True,
DeviceIndex='0',
DeleteOnTermination=True,
SubnetId=Ref(subnet))],
SourceDestCheck=True,
DependsOn=internet_gateway.title
))
SNS(template=template)
print(template.to_json(indent=2, separators=(',', ': ')))
def configure_vpc(cfn_template, cluster_name):
vpc = ec2.VPC("DustVPC")
vpc.CidrBlock = "10.0.0.0/16"
vpc.Tags = [ec2.Tag("Name:", cluster_name)]
cfn_template.add_resource(vpc)
vpc_id = Ref(vpc)
subnet = ec2.Subnet('dustSubnet')
subnet.VpcId = vpc_id
subnet.CidrBlock = "10.0.0.0/24"
cfn_template.add_resource(subnet)
vpc_subnet = Ref(subnet)
net_gateway = ec2.InternetGateway('dustGateway')
cfn_template.add_resource(net_gateway)
attach_net_gateway = ec2.VPCGatewayAttachment('dustAttachGateway')
attach_net_gateway.VpcId = vpc_id
attach_net_gateway.InternetGatewayId = Ref(net_gateway)
cfn_template.add_resource(attach_net_gateway)
route_table = ec2.RouteTable('dustRoutetable')
route_table.VpcId = vpc_id
cfn_template.add_resource(route_table)
route = ec2.Route('dustRoute')
route.RouteTableId = Ref(route_table)
route.DestinationCidrBlock = "0.0.0.0/0"
route.GatewayId = Ref(net_gateway)
route.DependsOn = "dustAttachGateway"
cfn_template.add_resource(route)
attach_route = ec2.SubnetRouteTableAssociation('dustAttachRouteTable')
attach_route.SubnetId = vpc_subnet
attach_route.RouteTableId = Ref(route_table)
cfn_template.add_resource(attach_route)
return vpc_id, vpc_subnet
def create_subnets_in_availability_zones(self):
t = self.template
subnet_count = 0
for name in self.subnets.keys():
self.subnets[name]['az_subnets'] = list()
for i in range(len(self.zones)):
subnet_name = '%sSubnet%d' % (name, i)
self.subnets[name]['az_subnets'].append(subnet_name)
t.add_resource(
ec2.Subnet(
subnet_name,
AvailabilityZone=self.zones[i],
CidrBlock=self.subnet_cidr(self.subnets, name, i),
#Tags=Tags(net_type=self.subnets[name]['net_type']) + Tags(self.variables['Tags']),
VpcId=VPC_ID))
# Outputs
for name in self.subnets:
t.add_output(
Output(
'%sSubnets' % name,
Value=Join(
',',
[Ref(sn) for sn in self.subnets[name]['az_subnets']])))
def create_si(title, is_nat=False, ec2_schedule=None):
"""
Helper function to create Single instance Troposhpere object to interate through.
:param title: name of instance
:param is_nat: is the instance a nat
:param ec2_schedule: optional flag to set scheduler tag on instance
:return: Troposphere object for single instance, security group and output
"""
vpc = 'vpc-12345'
dependencies = 'igw-12345'
public_hosted_zone_name = None if is_nat else 'my.hostedzone.'
template = Template()
subnet = template.add_resource(
ec2.Subnet('subnet12345',
AvailabilityZone='ap-southeast-2a',
VpcId=vpc,
CidrBlock='10.0.1.0/24'))
sns_topic = SNS(template)
single_instance_config = SingleInstanceConfig(
keypair='pipeline',
si_image_id='ami-53371f30',
si_instance_type='t2.nano',
vpc=vpc,
subnet=Ref(subnet),
public_hosted_zone_name=public_hosted_zone_name,
instance_dependencies=dependencies,
is_nat=is_nat,
iam_instance_profile_arn='my/instance-profile',
sns_topic=sns_topic,
availability_zone='ap-southeast-2a',
ec2_scheduled_shutdown=ec2_schedule,
owner='*****@*****.**')
si = SingleInstance(title=title,
template=template,
single_instance_config=single_instance_config)
return si
def gen_public_subnet_az(self, az_index, cidr_block):
name = f"PublicSubnet{az_index}"
subnet = ec2.Subnet(
name,
VpcId=Ref(self.vpc),
CidrBlock=cidr_block,
AvailabilityZone=Select(str(az_index), GetAZs(Ref("AWS::Region"))),
)
self.template.add_resource(subnet)
self.export_value(Ref(subnet), name)
route_table_association = ec2.SubnetRouteTableAssociation(
f"{name}RouteTableAssociation",
SubnetId=Ref(subnet),
RouteTableId=Ref(self.public_route_table),
)
self.template.add_resource(route_table_association)
network_acl_association = ec2.SubnetNetworkAclAssociation(
f"{name}NetworkAclAssociation",
SubnetId=Ref(subnet),
NetworkAclId=Ref(self.network_acl),
)
self.template.add_resource(network_acl_association)
Parameter(
'PrivateSubnetCidr',
Type='String',
Description='Public Subnet CIDR',
Default='172.18.32.0/21',
))
vpc = t.add_resource(ec2.VPC(
'VPC',
CidrBlock=Ref(vpc_cidr),
))
public_net = t.add_resource(
ec2.Subnet(
'PublicSubnet',
CidrBlock=Ref(public_subnet),
MapPublicIpOnLaunch=True,
VpcId=Ref(vpc),
))
private_net = t.add_resource(
ec2.Subnet(
'PrivateSubnet',
CidrBlock=Ref(private_subnet),
MapPublicIpOnLaunch=False,
VpcId=Ref(vpc),
))
igw = t.add_resource(ec2.InternetGateway('InternetGateway', ))
net_gw_vpc_attachment = t.add_resource(
ec2.VPCGatewayAttachment(
def create_network(self):
t = self.template
variables = self.get_variables()
self.create_gateway()
t.add_resource(ec2.NetworkAcl('DefaultACL', VpcId=VPC_ID))
self.create_nat_security_groups()
subnets = {'public': [], 'private': []}
net_types = subnets.keys()
zones = []
for i in range(variables["AZCount"]):
az = Select(i, GetAZs(""))
zones.append(az)
name_suffix = i
for net_type in net_types:
name_prefix = net_type.capitalize()
subnet_name = "%sSubnet%s" % (name_prefix, name_suffix)
subnets[net_type].append(subnet_name)
t.add_resource(
ec2.Subnet(subnet_name,
AvailabilityZone=az,
VpcId=VPC_ID,
DependsOn=GW_ATTACH,
CidrBlock=variables.get("%sSubnets" %
name_prefix)[i],
Tags=Tags(type=net_type)))
route_table_name = "%sRouteTable%s" % (name_prefix,
name_suffix)
t.add_resource(
ec2.RouteTable(route_table_name,
VpcId=VPC_ID,
Tags=[ec2.Tag('type', net_type)]))
t.add_resource(
ec2.SubnetRouteTableAssociation(
"%sRouteTableAssociation%s" %
(name_prefix, name_suffix),
SubnetId=Ref(subnet_name),
RouteTableId=Ref(route_table_name)))
route_name = '%sRoute%s' % (name_prefix, name_suffix)
if net_type == 'public':
# the public subnets are where the NAT instances live,
# so their default route needs to go to the AWS
# Internet Gateway
t.add_resource(
ec2.Route(route_name,
RouteTableId=Ref(route_table_name),
DestinationCidrBlock="0.0.0.0/0",
GatewayId=Ref(GATEWAY)))
self.create_nat_instance(i, subnet_name)
else:
# Private subnets are where actual instances will live
# so their gateway needs to be through the nat instances
route = ec2.Route(
route_name,
RouteTableId=Ref(route_table_name),
DestinationCidrBlock='0.0.0.0/0',
)
if variables["UseNatGateway"]:
route.NatGatewayId = Ref(NAT_GATEWAY_NAME %
name_suffix)
else:
route.InstanceId = Ref(NAT_INSTANCE_NAME % name_suffix)
t.add_resource(route)
for net_type in net_types:
t.add_output(
Output("%sSubnets" % net_type.capitalize(),
Value=Join(",", [Ref(sn) for sn in subnets[net_type]])))
for i, sn in enumerate(subnets[net_type]):
t.add_output(
Output("%sSubnet%d" % (net_type.capitalize(), i),
Value=Ref(sn)))
self.template.add_output(
Output("AvailabilityZones", Value=Join(",", zones)))
for i, az in enumerate(zones):
t.add_output(Output("AvailabilityZone%d" % (i), Value=az))
def __init__(self):
super(VPC, self).__init__()
self.vpc = ec2.VPC(
"VPC",
CidrBlock="172.1.0.0/16",
InstanceTenancy="default",
EnableDnsSupport=True,
EnableDnsHostnames=True,
Tags=Tags(Name=Ref("AWS::StackName")),
)
self.internet_gateway = ec2.InternetGateway(
"InternetGateway",
Tags=Tags(Name=Join(
"", [Ref("AWS::StackName"), "-internet-gateway"]), ),
)
self.internet_gateway_attachment = ec2.VPCGatewayAttachment(
"InternetGatewayAttachment",
InternetGatewayId=Ref(self.internet_gateway),
VpcId=Ref(self.vpc),
)
self.public_route_table = ec2.RouteTable(
"PublicRouteTable",
VpcId=Ref(self.vpc),
Tags=Tags(Name=Join(
"-", [Ref("AWS::StackName"), "public-route-table"]), ),
)
self.private_route_table = ec2.RouteTable(
"PrivateRouteTable",
VpcId=Ref(self.vpc),
Tags=Tags(Name=Join(
"-", [Ref("AWS::StackName"), "private-route-table"]), ),
)
self.vpc_s3_endpoint = ec2.VPCEndpoint(
"VPCS3Endpoint",
ServiceName=Join(
"",
["com.amazonaws.", Ref("AWS::Region"), ".s3"]),
VpcId=Ref(self.vpc),
RouteTableIds=[
Ref(self.public_route_table),
Ref(self.private_route_table)
],
)
self.route_to_internet = ec2.Route(
"RouteToInternet",
DestinationCidrBlock="0.0.0.0/0",
GatewayId=Ref(self.internet_gateway),
RouteTableId=Ref(self.public_route_table),
DependsOn=self.internet_gateway_attachment.title,
)
# private subnets
self.private_subnet_1 = ec2.Subnet(
"PrivateSubnet1",
AvailabilityZone=Select(0, GetAZs()),
CidrBlock="172.1.1.0/24",
MapPublicIpOnLaunch=False,
Tags=Tags(Name=Join(
"", [Ref("AWS::StackName"), "-private-subnet-1"]), ),
VpcId=Ref(self.vpc),
)
self.private_subnet_1_route_table_association = ec2.SubnetRouteTableAssociation(
"PrivateSubnet1RouteTableAssociation",
RouteTableId=Ref(self.private_route_table),
SubnetId=Ref(self.private_subnet_1),
)
self.private_subnet_2 = ec2.Subnet(
"PrivateSubnet2",
AvailabilityZone=Select(1, GetAZs()),
CidrBlock="172.1.2.0/24",
MapPublicIpOnLaunch=False,
Tags=Tags(Name=Join(
"", [Ref("AWS::StackName"), "-private-subnet-2"]), ),
VpcId=Ref(self.vpc),
)
self.private_subnet_2_route_table_association = ec2.SubnetRouteTableAssociation(
"PrivateSubnet2RouteTableAssociation",
RouteTableId=Ref(self.private_route_table),
SubnetId=Ref(self.private_subnet_2),
)
self.private_network_aCL = ec2.NetworkAcl(
"PrivateNetworkACL",
VpcId=Ref(self.vpc),
Tags=Tags(Name=Join("",
[Ref("AWS::StackName"), "-private-nacl"]), ),
)
self.private_subnet_1_network_acl_association = ec2.SubnetNetworkAclAssociation(
"PrivateSubnet1NetworkAclAssociation",
SubnetId=Ref(self.private_subnet_1),
NetworkAclId=Ref(self.private_network_aCL),
)
self.private_subnet_2_network_acl_association = ec2.SubnetNetworkAclAssociation(
"PrivateSubnet2NetworkAclAssociation",
SubnetId=Ref(self.private_subnet_2),
NetworkAclId=Ref(self.private_network_aCL),
)
self.private_network_acl_entry_in = ec2.NetworkAclEntry(
"PrivateNetworkAclEntryIn",
CidrBlock="172.1.0.0/16",
Egress=False,
NetworkAclId=Ref(self.private_network_aCL),
Protocol=-1,
RuleAction="allow",
RuleNumber=200,
)
self.private_network_acl_entry_out = ec2.NetworkAclEntry(
"PrivateNetworkAclEntryOut",
CidrBlock="172.1.0.0/16",
Egress=True,
NetworkAclId=Ref(self.private_network_aCL),
Protocol=-1,
RuleAction="allow",
RuleNumber=200,
)
# public subnets
self.public_subnet_1 = ec2.Subnet(
"PublicSubnet1",
AvailabilityZone=Select(0, GetAZs()),
CidrBlock="172.1.128.0/24",
MapPublicIpOnLaunch=True,
Tags=Tags(Name=Join(
"", [Ref("AWS::StackName"), "-public-subnet-1"]), ),
VpcId=Ref(self.vpc),
)
self.public_subnet_1_route_table_association = ec2.SubnetRouteTableAssociation(
"PublicSubnet1RouteTableAssociation",
RouteTableId=Ref(self.public_route_table),
SubnetId=Ref(self.public_subnet_1),
)
self.public_subnet_2 = ec2.Subnet(
"PublicSubnet2",
AvailabilityZone=Select(1, GetAZs()),
CidrBlock="172.1.129.0/24",
MapPublicIpOnLaunch=True,
Tags=Tags(Name=Join(
"", [Ref("AWS::StackName"), "-public-subnet-2"]), ),
VpcId=Ref(self.vpc),
)
self.public_subnet_2_route_table_association = ec2.SubnetRouteTableAssociation(
"PublicSubnet2RouteTableAssociation",
RouteTableId=Ref(self.public_route_table),
SubnetId=Ref(self.public_subnet_2),
)
def create_vpc_template(template=None):
if not template:
template = Template()
template.add_description(
'AWS cloud formation script template.at creates a VPC with a NAT Gg'
)
template.add_version('2010-09-09')
vpc_cidr_block = template.add_parameter(
Parameter(
'VPCCIDR',
Default=vpc_config['cidr_block'],
Description='The IP address space for this VPC, in CIDR notation',
Type='String',
))
vpc = template.add_resource(
ec2.VPC('VPC',
CidrBlock=Ref(vpc_cidr_block),
Tags=Tags(vpc_config['tags'])))
igw = template.add_resource(ec2.InternetGateway('InternetGateway', ))
template.add_resource(
ec2.VPCGatewayAttachment(
"NatAttachment",
VpcId=Ref(vpc),
InternetGatewayId=Ref(igw),
))
template.add_output(Output('VPCId', Value=Ref(vpc), Description='VPC Id'))
public_security_group = template.add_resource(
ec2.SecurityGroup(
security_group_config['public']['name'],
GroupDescription='{} public security group'.format(
vpc_config['name']),
SecurityGroupIngress=[
ec2.SecurityGroupRule(IpProtocol='tcp',
ToPort=r['port'],
FromPort=r['port'],
CidrIp=r['cidr_block'])
for r in security_group_config['public']['ingress_rules']
],
VpcId=Ref(vpc),
Tags=Tags(
dict(Name='public {} security group'.format(
vpc_config['name']))),
))
template.add_output(
Output('PublicSecurityGroupId',
Value=Ref(public_security_group),
Description='Public Security Group Id'))
private_security_group = template.add_resource(
ec2.SecurityGroup(
security_group_config['private']['name'],
GroupDescription='{} private security group'.format(
vpc_config['name']),
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol='tcp',
ToPort=r['port'],
FromPort=r['port'],
SourceSecurityGroupId=Ref(public_security_group))
for r in security_group_config['private']['ingress_rules']
],
VpcId=Ref(vpc),
Tags=Tags(
dict(Name='private {} security group'.format(
vpc_config['name']))),
))
for i, sub_net in enumerate(sub_nets):
public_subnet = template.add_parameter(
Parameter(
'PublicSubnetCidr{}'.format(i),
Type='String',
Description='Public Subnet CIDR',
Default=sub_net['public_cidr'],
))
public_net = template.add_resource(
ec2.Subnet(
'PublicSubnet{}'.format(i),
AvailabilityZone=sub_net['region'],
CidrBlock=Ref(public_subnet),
MapPublicIpOnLaunch=False,
VpcId=Ref(vpc),
Tags=Tags(dict(Name='Public Subnet {}'.format(i))),
))
public_route_table = template.add_resource(
ec2.RouteTable(
'PublicRouteTable{}'.format(i),
VpcId=Ref(vpc),
))
template.add_resource(
ec2.SubnetRouteTableAssociation(
'PublicRouteAssociation{}'.format(i),
SubnetId=Ref(public_net),
RouteTableId=Ref(public_route_table),
))
template.add_resource(
ec2.Route(
'PublicDefaultRoute{}'.format(i),
RouteTableId=Ref(public_route_table),
DestinationCidrBlock='0.0.0.0/0',
GatewayId=Ref(igw),
))
template.add_output(
Output('PublicSubnet{}'.format(i),
Value=Ref(public_subnet),
Description='Subnet Id'))
if private_sub_net:
private_subnet = template.add_parameter(
Parameter(
'PrivateSubnetCidr{}'.format(i),
Type='String',
Description='Private Subnet CIDR',
Default=sub_net['private_cidr'],
))
private_net = template.add_resource(
ec2.Subnet(
'PrivateSubnet{}'.format(i),
CidrBlock=Ref(private_subnet),
MapPublicIpOnLaunch=False,
VpcId=Ref(vpc),
Tags=Tags(dict(Name='Private Subnet {}'.format(i))),
))
private_route_table = template.add_resource(
ec2.RouteTable(
'PrivateRouteTable{}'.format(i),
VpcId=Ref(vpc),
))
template.add_resource(
ec2.SubnetRouteTableAssociation(
'PrivateRouteAssociation{}'.format(i),
SubnetId=Ref(private_net),
RouteTableId=Ref(private_route_table),
))
template.add_output(
Output('PrivateSubnet{}'.format(i),
Value=Ref(private_subnet),
Description='Subnet Id'))
if nat_gateway and private_sub_net:
nat_eip = template.add_resource(
ec2.EIP(
'NatEip{}'.format(i),
Domain="vpc",
))
nat = template.add_resource(
ec2.NatGateway(
'Nat{}'.format(i),
AllocationId=GetAtt(nat_eip, 'AllocationId'),
SubnetId=Ref(public_net),
))
template.add_resource(
ec2.Route(
'NatRoute{}'.format(i),
RouteTableId=Ref(private_route_table),
DestinationCidrBlock='0.0.0.0/0',
NatGatewayId=Ref(nat),
))
template.add_output(
Output(
'NatEip{}'.format(i),
Value=Ref(nat_eip),
Description='Nat Elastic IP',
))
write_json_to_file('vpc.json', template)
