def generate_cf(self): """ Create Cloud Formation Template from user supplied or default config file :return json string """ ## read machine list from the config file ## machines = self._readConfig(self.configdata) if 'error' in machines: return machines template = Template() template.add_description( "%s: [%s]" % (self.owner,", ".join(self.machinelist)) ) ## convert the params into cloud formation instance object ## for subnet in machines: for mclass in machines[subnet]: machine = machines[subnet][mclass] instance = self._set_instance_value(machine,mclass,self.subnet[subnet]) template.add_resource(instance) intrecordset = self._set_internal_resource_record(mclass) template.add_resource(intrecordset) if subnet == 'public': pubrecordset = self._set_public_resource_record(mclass) template.add_resource(pubrecordset) ## this magic function turn it to jason formatted template ## return template.to_json(),self.envname
def create_services(name='services', sns_name='cfSns', sqs_name='cfSqs'):
t = Template()
t.add_description("""\
microservices stack""")
create_sns_sqs(t, sns_name + name, sqs_name + name)
return t
def _generate_template(tms=1, within_vpc=False):
t = Template()
t.add_description(FLINK_TEMPLATE_DESCRIPTION)
t.add_version(FLINK_TEMPLATE_VERSION)
t.add_metadata({'LastUpdated': datetime.datetime.now().strftime('%c')})
# mappings
mappings.add_mappings(t)
# parameters
parameters.add_parameters(t)
vpc = None
subnet_pri = None
subnet_pub = None
if within_vpc:
# networking resources
vpc, subnet_pri, subnet_pub = _define_vpc(t)
# security groups
sg_ssh = t.add_resource(securitygroups.ssh(
parameters.ssh_location, vpc))
sg_jobmanager = t.add_resource(securitygroups.jobmanager(
parameters.http_location, vpc))
sg_taskmanager = t.add_resource(securitygroups.taskmanager(None, vpc))
jobmanager = t.add_resource(instances.jobmanager(
0,
[Ref(sg_ssh), Ref(sg_jobmanager)],
within_vpc,
subnet_pub
))
prefix = "JobManager00"
t.add_output(outputs.ssh_to(jobmanager, prefix))
t.add_output(Output(
"FlinkWebGui",
Description="Flink web interface",
Value=Join("", [
'http://', GetAtt(jobmanager, "PublicDnsName"), ':8081'
])
))
for index in range(0, tms):
i = t.add_resource(instances.taskmanager(
index,
jobmanager,
[Ref(sg_ssh), Ref(sg_taskmanager)],
within_vpc,
subnet_pri
))
prefix = "TaskManager%2.2d" % index
t.add_output(outputs.ssh_to(i, prefix, bastion=jobmanager))
return t.to_json()
def test_s3_bucket(self):
t = Template()
t.add_description("S3 Bucket Example")
s3bucket = t.add_resource(s3.Bucket(
"S3Bucket", AccessControl=s3.PublicRead,))
t.add_output(Output(
"BucketName",
Value=Ref(s3bucket),
Description="Name of S3 bucket to hold website content"
))
self.assertEqual(s3_bucket_yaml, t.to_yaml())
def generate_json():
r = {}
t = Template()
# t.add_description(Join('', ["DOMjudge Cluster - ", Ref('AWS::StackName')]))
t.add_description("DOMjudge Cluster")
r['notify_topic'] = Select(0, Ref("AWS::NotificationARNs"))
t.add_mapping('SizeMap', {
'nano': {
'RDSInstanceType': 'db.t2.micro',
'WebInstanceType': 't2.micro',
'WebASGMinSize': 1,
'WebASGMaxSize': 4,
'JudgeASGMinSize': 1,
'JudgeASGMaxSize': 4,
},
'small': {
'RDSInstanceType': 'db.t2.micro',
'WebInstanceType': 't2.micro',
'WebASGMinSize': 1,
'WebASGMaxSize': 4,
'JudgeASGMinSize': 1,
'JudgeASGMaxSize': 4,
},
'medium': {
'RDSInstanceType': 'db.t2.micro',
'WebInstanceType': 't2.micro',
'WebASGMinSize': 1,
'WebASGMaxSize': 4,
'JudgeASGMinSize': 1,
'JudgeASGMaxSize': 4,
},
'large': {
'RDSInstanceType': 'db.t2.micro',
'WebInstanceType': 't2.micro',
'WebASGMinSize': 1,
'WebASGMaxSize': 4,
'JudgeASGMinSize': 1,
'JudgeASGMaxSize': 4,
},
})
parameters.init(t, r)
dynamodb.init(t, r)
iam.init(t, r)
securitygroups.init(t, r)
rds.init(t, r)
webserver.init(t, r)
judgehost.init(t, r)
return t.to_json()
def generate_env_template(app_env, env_dict):
sg_name = env_dict['sg_name']
vpc_id = 'vpc-a1d187c4' # query for this!
logger.debug('generating template for %s' % vpc_id)
t = Template()
t.add_version('2010-09-09')
t.add_description('env template for %s' % app_env)
app_sg = SecurityGroup('TestAppSecurityGroup')
app_sg.VpcId = vpc_id
app_sg.GroupDescription = 'testing'
app_sg.Tags = name_tag(sg_name)
t.add_resource(app_sg)
return t.to_json()
def generate_application_template(app_dict):
app_name = app_dict['app_name']
t = Template()
t.add_version()
t.add_description('app template for %s' % app_name)
app = Application(app_name, Description=app_name)
t.add_resource(app)
bucket_name = 'ehi-pcf-%s' % app_name
bucket = Bucket('AppBucket', BucketName=bucket_name, AccessControl=Private)
t.add_resource(bucket)
return t.to_json()
def lambda_handler(event, context):
#print("Received event: " + json.dumps(event, indent=2))
# Get the object from the event and show its content type
bucket = event['Records'][0]['s3']['bucket']['name']
key = urllib.unquote_plus(event['Records'][0]['s3']['object']['key']).decode('utf8')
print ("buket:" + bucket)
print ("key:" + key)
obj = s3.Object(bucket,key)
response= obj.get()
body = response['Body'].read()
body_list= body.splitlines()
# VPC関係
VPC_CidrBlockList = body_list[0].split(',')
VPC_EnableDnsSupportList = body_list[1].split(',')
VPC_TagsValueList = body_list[2].split(',')
t = Template()
t.add_version("2010-09-09")
t.add_description("ROOP&ROOP")
if len(VPC_CidrBlockList) > 1:
for (address,dns,value) in zip(VPC_CidrBlockList[1:],VPC_EnableDnsSupportList[1:],VPC_TagsValueList[1:]):
t.add_resource(VPC(
value,
EnableDnsSupport="true",
CidrBlock=address,
EnableDnsHostnames=dns,
Tags=Tags(Name=value)
))
json_template = t.to_json()
bucket = s3.Bucket('cf-templates-hokan')
obj = bucket.Object('json-template-' + basename + ' .txt')
response = obj.put(
Body=json_template.encode('utf-8'),
ContentEncoding='utf-8',
ContentType='text/plane'
)
print(json_template)
def add_resources(self, resources, config):
"""
Creates JSON-formatted string representation of stack resourcs
suitable for use with AWS Cloudformation
:param resources: Internal data structure of resources
:type resources: dict.
:param config: Config key/value pairs
:type config: dict.
:returns: string
:raises: :class:`pmcf.exceptions.ProvisionerException`
"""
LOG.info('Start building template')
data = Template()
desc = "%s %s stack" % (config['name'], config['environment'])
data.add_description(desc)
data.add_version()
self._add_streams(data, resources.get('stream', []), config)
self._add_queues(data, resources.get('queue', []), config)
self._add_nets(data, resources.get('network', []), config)
sgs = self._add_secgroups(data, resources['secgroup'], config)
self._add_caches(data, resources.get('cache', []), config, sgs)
lbs = self._add_lbs(data,
resources['load_balancer'],
config,
sgs,
resources['instance'])
self._add_instances(data,
resources['instance'],
config,
sgs,
lbs)
LOG.info('Finished building template')
return data.to_json(indent=None)
def GenerateGlobalLayer():
t = Template()
t.add_description("""\
Global Layer
""")
stackname_param = t.add_parameter(Parameter(
"StackName",
Description="Environment Name (default: StepGlobals)",
Type="String",
Default="StepGlobals",
))
crontab_table = t.add_resource(dynamodb.Table(
"scheduleTable",
AttributeDefinitions=[
dynamodb.AttributeDefinition("taskname", "S"),
],
KeySchema=[
dynamodb.Key("taskname", "HASH")
],
ProvisionedThroughput=dynamodb.ProvisionedThroughput(
1,
1
)
))
t.add_output([
Output(
"crontabtablename",
Description="Crontab Table Name",
Value=Ref(crontab_table),
)
])
return t
#!/usr/bin/python
from troposphere import Template, Ref, Output, Join, GetAtt, Parameter
from troposphere.dynamodb import Key, AttributeDefinition, ProvisionedThroughput, Projection
from troposphere.dynamodb import Table, GlobalSecondaryIndex
template = Template()
template.add_description("Create a dynamodb table with a global secondary index")
#N.B. If you remove the provisioning section this works for LocalSecondaryIndexes aswell.
readunits = template.add_parameter(Parameter(
"ReadCapacityUnits",
Description="Provisioned read throughput",
Type="Number",
Default="10",
MinValue="5",
MaxValue="10000",
ConstraintDescription="should be between 5 and 10000"
))
writeunits = template.add_parameter(Parameter(
"WriteCapacityUnits",
Description="Provisioned write throughput",
Type="Number",
Default="5",
MinValue="5",
MaxValue="10000",
ConstraintDescription="should be between 5 and 10000"
))
import sys
import troposphere as Fn
from troposphere import (ec2, iam, Template, Parameter, Ref,
elasticloadbalancing)
from troposphere.autoscaling import LaunchConfiguration, AutoScalingGroup
from troposphere.route53 import RecordSetType
from troposphere.policies import AutoScalingRollingUpdate, UpdatePolicy
COMPONENT_NAME = "sample-app-python"
HEALTH_CHECK_TARGET = "HTTP:7080/status"
t = Template()
t.add_version()
t.add_description("Stack to run the sample python application within.")
image_id = t.add_parameter(
Parameter("ImageId",
Description=(
"The AMI used by this component, defaults to base centos 7"),
Default="ami-9398d3e0",
Type="AWS::EC2::Image::Id"))
min_size = t.add_parameter(
Parameter("MinSize",
Description="Minimum number of instances to spin-up",
Type="String",
Default="2"))
max_size = t.add_parameter(
Parameter("MaxSize",
"""Generating CloudFormation template."""
from awacs.aws import Allow, Policy, Principal, Statement
from awacs.sts import AssumeRole
from troposphere import GetAtt, Ref, Template
from troposphere.codepipeline import (Actions, ActionTypeId, ArtifactStore,
InputArtifacts, OutputArtifacts,
Pipeline, Stages)
from troposphere.iam import Policy as IAMPolicy
from troposphere.iam import Role
from troposphere.s3 import Bucket, VersioningConfiguration
t = Template()
t.add_description("AWS: Helloworld Pipeline")
t.add_resource(
Bucket("S3Bucket",
VersioningConfiguration=VersioningConfiguration(
Status="Enabled", )))
t.add_resource(
Role("PipelineRole",
AssumeRolePolicyDocument=Policy(Statement=[
Statement(Effect=Allow,
Action=[AssumeRole],
Principal=Principal("Service",
["codepipeline.amazonaws.com"]))
]),
Path="/",
Policies=[
from troposphere import Base64, Join
from troposphere import Parameter, Ref, Template
from troposphere import cloudformation, autoscaling
from troposphere.autoscaling import AutoScalingGroup, Tag
from troposphere.autoscaling import LaunchConfiguration
from troposphere.elasticloadbalancing import LoadBalancer
from troposphere.policies import (AutoScalingReplacingUpdate,
AutoScalingRollingUpdate, UpdatePolicy)
import troposphere.ec2 as ec2
import troposphere.elasticloadbalancing as elb
t = Template()
t.add_description("""\
Configures autoscaling group for api app""")
SecurityGroup = t.add_parameter(
Parameter(
"SecurityGroup",
Type="String",
Description="Security group for api instances.",
))
DeployBucket = t.add_parameter(
Parameter(
"DeployBucket",
Type="String",
Description="The S3 bucket with the cloudformation scripts.",
))
SSLCertificateId = t.add_parameter(
# Example Network with a NAT Gateway
from troposphere import Output, Ref, Template, Parameter, GetAtt
from troposphere import ec2
t = Template()
t.add_description(
"AWS CloudFormation Sample Template NatGateway: Sample template showing "
"how to create a public NAT gateway. "
"**WARNING** This template creates an Amazon NAT instance. "
"You will be billed for the AWS resources used if you create "
"a stack from this template.")
vpc_cidr = t.add_parameter(
Parameter(
'VPCCIDR',
Default='172.18.0.0/16',
Description='The IP address space for this VPC, in CIDR notation',
Type='String',
))
public_subnet = t.add_parameter(
Parameter(
'PublicSubnetCidr',
Type='String',
Description='Public Subnet CIDR',
Default='172.18.0.0/22',
))
private_subnet = t.add_parameter(
from troposphere import Base64, Select, FindInMap, GetAtt, GetAZs, Join, Output
from troposphere import Parameter, Ref, Tags, Template
from troposphere.cloudformation import Init
from troposphere.cloudfront import Distribution, DistributionConfig
from troposphere.cloudfront import Origin, DefaultCacheBehavior
from troposphere.ec2 import PortRange
from troposphere.iam import InstanceProfile
from troposphere.iam import Role
from troposphere.iam import Group
t = Template()
t.add_version("2010-09-09")
t.add_description("""\
IAM""")
craftInstanceProfile = t.add_resource(InstanceProfile(
"craftInstanceProfile",
Path="/",
Roles=[Ref("craftIamRole")],
))
BastionInstanceProfile = t.add_resource(InstanceProfile(
"BastionInstanceProfile",
Path="/",
Roles=[Ref("BastionIamRole")],
))
BastionIamRole = t.add_resource(Role(
"BastionIamRole",
Path="/",
#!/usr/bin/env python
from confu import atlas
from troposphere import (
Template, FindInMap, GetAtt, Ref, Parameter, Join, Base64, Select, Output,
ec2 as ec2
)
template = Template()
template.add_description('kafka')
atlas.infra_params(template) # ssh_key, Env, Silo
atlas.conf_params(template) # Conf Name, Conf Version, Conf tarball bucket
atlas.instance_params(
template,
roles_default=['kafka', ],
iam_default='kafka',
)
atlas.scaling_params(template)
atlas.mappings(
template,
accounts=[atlas.poundpay],
)
kafka_secgrp = atlas.instance_secgrp(
template,
def create_template():
t = Template()
t.add_description("The individual CodeBuild stack for CBuildCI.")
p_build_description = t.add_parameter(
Parameter(
"BuildDescription",
Description="Used for the CodeBuild project description.",
Type="String",
))
p_api_lambda_role = t.add_parameter(
Parameter(
"ApiLambdaRole",
Description=
"The IAM role used by the API lambda function, which will receive permission to monitor builds.",
Type="String",
))
p_step_lambda_role = t.add_parameter(
Parameter(
"StepLambdaRole",
Description=
"The IAM role used by the lambda function, which will receive permission to start, stop and monitor builds.",
Type="String",
))
p_source_bucket = t.add_parameter(
Parameter(
"SourceBucket",
Type="String",
))
p_source_key_prefix = t.add_parameter(
Parameter(
"SourceKeyPrefix",
Type="String",
Default="github-source/",
))
p_artifact_bucket = t.add_parameter(
Parameter(
"ArtifactBucket",
Type="String",
))
p_artifact_key_prefix = t.add_parameter(
Parameter(
"ArtifactKeyPrefix",
Type="String",
Default="github-artifacts/",
))
p_cache_bucket = t.add_parameter(Parameter(
"CacheBucket",
Type="String",
))
p_cache_key_prefix = t.add_parameter(
Parameter(
"CacheKeyPrefix",
Type="String",
Default="github-cache/",
))
p_logs_retention_days = t.add_parameter(
Parameter(
"LogsRetentionDays",
Description=
"Number of days to keep CloudWatch logs for this stack's lambda function.",
Type="Number",
Default="30",
))
p_code_build_role_policy_arns = t.add_parameter(
Parameter(
"CodeBuildRolePolicyArns",
Description=
"Optional list of IAM managed policy ARNs to attach to the CodeBuild role.",
Type="String",
Default="-NONE-",
))
p_read_ecr_arns = t.add_parameter(
Parameter(
"ReadECRArns",
Description=
"ECS Repository ARNs to give CodeBuild permission to pull images from.",
Type="String",
Default="-NONE-",
))
p_read_s3_arns = t.add_parameter(
Parameter(
"ReadS3Arns",
Description="S3 ARNs to give CodeBuild permission to S3.",
Type="String",
Default="-NONE-",
))
p_read_ssm_param_arns = t.add_parameter(
Parameter(
"ReadSSMParamArns",
Description="SSM parameters to give CodeBuild permission to read.",
Type="String",
Default="-NONE-",
))
p_read_kms_arns = t.add_parameter(
Parameter(
"ReadKMSArns",
Description="KMS keys to give CodeBuild permission to decrypt.",
Type="String",
Default="-NONE-",
))
p_vpc = t.add_parameter(
Parameter(
"VPC",
Description="Optional VPC to use for CodeBuild.",
Type="String",
Default="-NONE-",
))
p_security_groups = t.add_parameter(
Parameter(
"SecurityGroups",
Description="Security groups to use for CodeBuild.",
Type="String",
Default="-NONE-",
))
p_subnets = t.add_parameter(
Parameter(
"Subnets",
Description="Subnets to use for CodeBuild.",
Type="String",
Default="-NONE-",
))
t.add_condition(
"HasCodeBuildRolePolicyArns",
Not(Equals(Ref(p_code_build_role_policy_arns), "-NONE-")),
)
t.add_condition(
"HasReadECRArns",
Not(Equals(Ref(p_read_ecr_arns), "-NONE-")),
)
t.add_condition(
"HasReadS3Arns",
Not(Equals(Ref(p_read_s3_arns), "-NONE-")),
)
t.add_condition(
"HasReadSSMParamArns",
Not(Equals(Ref(p_read_ssm_param_arns), "-NONE-")),
)
t.add_condition(
"HasReadKMSArns",
Not(Equals(Ref(p_read_kms_arns), "-NONE-")),
)
t.add_condition(
"HasVPC",
Not(Equals(Ref(p_vpc), "-NONE-")),
)
# Replace with custom tags if desired.
tags = build_tags_list(t)
r_log_group = t.add_resource(
LogGroup(
"CodeBuildLogGroup",
LogGroupName=Sub("/aws/codebuild/${AWS::StackName}"),
RetentionInDays=Ref(p_logs_retention_days),
))
r_code_build_role = t.add_resource(
Role(
"CodeBuildRole",
AssumeRolePolicyDocument=PolicyDocument(
Version="2012-10-17",
Statement=[
Statement(
Effect=Allow,
Action=[ac_sts.AssumeRole],
Principal=Principal("Service",
["codebuild.amazonaws.com"]),
),
],
),
ManagedPolicyArns=If(
"HasCodeBuildRolePolicyArns",
Split(",", Ref(p_code_build_role_policy_arns)),
NoValue,
),
Policies=[
Policy(
PolicyName="code-build-policy",
PolicyDocument={
"Statement": [
Statement(
Effect=Allow,
Resource=[
GetAtt(r_log_group, "Arn"),
],
Action=[
ac_logs.CreateLogGroup,
ac_logs.CreateLogStream,
ac_logs.PutLogEvents,
],
),
Statement(
Effect=Allow,
Resource=[
Sub(
ac_s3.ARN(resource="${%s}/${%s}*" % (
p_source_bucket.title,
p_source_key_prefix.title,
), )),
],
Action=[
ac_s3.GetObject,
ac_s3.GetObjectVersion,
],
),
Statement(
Effect=Allow,
Resource=[
Sub(
ac_s3.ARN(resource="${%s}/${%s}*" % (
p_artifact_bucket.title,
p_artifact_key_prefix.title,
), )),
Sub(
ac_s3.ARN(resource="${%s}/${%s}*" % (
p_cache_bucket.title,
p_cache_key_prefix.title,
), )),
],
Action=[
ac_s3.GetObject,
ac_s3.GetObjectVersion,
ac_s3.PutObject,
],
),
If(
"HasReadECRArns",
{
"Effect":
Allow,
"Resource":
Split(",", Ref(p_read_ecr_arns)),
"Action": [
ac_ecr.BatchCheckLayerAvailability,
ac_ecr.BatchGetImage,
ac_ecr.GetDownloadUrlForLayer,
],
},
NoValue,
),
If(
"HasReadS3Arns",
{
"Effect":
Allow,
"Resource":
Split(",", Ref(p_read_s3_arns)),
"Action": [
ac_s3.ListBucket,
ac_s3.GetObject,
ac_s3.GetObject,
ac_s3.GetObjectVersion,
],
},
NoValue,
),
If(
"HasReadSSMParamArns",
{
"Effect":
Allow,
"Resource":
Split(",", Ref(p_read_ssm_param_arns)),
"Action": [
ac_ssm.GetParameter,
],
},
NoValue,
),
If(
"HasReadKMSArns",
{
"Effect": Allow,
"Resource": Split(",",
Ref(p_read_kms_arns)),
"Action": [
ac_kms.Decrypt,
],
},
NoValue,
),
]
},
),
],
))
r_code_build = t.add_resource(
Project(
"CodeBuild",
Name=Ref("AWS::StackName"),
Description=Ref(p_build_description),
ServiceRole=Ref(r_code_build_role),
Source=Source(Type="CODEPIPELINE", ),
Artifacts=Artifacts(Type="CODEPIPELINE", ),
VpcConfig=If(
"HasVPC",
VpcConfig(
VpcId=Ref(p_vpc),
Subnets=Ref(p_subnets),
SecurityGroupIds=Ref(p_security_groups),
),
NoValue,
),
Environment=CodeBuildEnvironment(
Type="LINUX_CONTAINER",
ComputeType="BUILD_GENERAL1_SMALL",
Image="aws/codebuild/ubuntu-base:14.04",
),
Tags=tags,
))
t.add_resource(
PolicyType(
"ApiLambdaRolePolicy",
Roles=[
Ref(p_api_lambda_role),
],
PolicyName=Sub("${AWS::StackName}-policy"),
PolicyDocument=PolicyDocument(Statement=[
Statement(
Effect=Allow,
Resource=[GetAtt(r_code_build, "Arn")],
Action=[
ac_codebuild.BatchGetBuilds,
],
),
Statement(
Effect=Allow,
Resource=[
GetAtt(r_log_group, "Arn"),
],
Action=[
ac_logs.GetLogEvents,
],
),
], ),
))
t.add_resource(
PolicyType(
"StepLambdaRolePolicy",
Roles=[
Ref(p_step_lambda_role),
],
PolicyName=Sub("${AWS::StackName}-policy"),
PolicyDocument=PolicyDocument(Statement=[
Statement(
Effect=Allow,
Resource=[GetAtt(r_code_build, "Arn")],
Action=[
ac_codebuild.StartBuild,
ac_codebuild.StopBuild,
ac_codebuild.BatchGetBuilds,
],
),
], ),
))
t.add_output(Output(
"CodeBuildProjectName",
Value=Ref(r_code_build),
))
t.add_output(Output(
"CodeBuildArn",
Value=GetAtt(r_code_build, "Arn"),
))
return t
import json
# Declaring variable to which everything is loaded from the config json file(argument)
jsondata = ''
instances = ''
# Fetching values from json given as argument while this python is executed
parser = argparse.ArgumentParser()
parser.add_argument('filename')
args = parser.parse_args()
with open(args.filename) as file:
jsondata = json.load(file)
t = Template()
t.add_version("2010-09-09")
t.add_description(
"CF to create %s EC2 instance(s) for %s environment" %
(jsondata['NetworkInfo']['ServerName'], jsondata['NetworkInfo']['Env']))
# Get ZoneID, VPCID, SecurityGroupID and SubnetID based on the environment using boto3
client = boto3.client('ec2', region_name='us-east-1')
route53client = boto3.client('route53')
vpcdata = client.describe_vpcs(
Filters=[{
'Name': 'tag-value',
'Values': [jsondata['NetworkInfo']['VPCName']]
}])
# Function to get the subnet id
def get_subnet_id(VpcId, Type, AvailabilityZone):
from troposphere.iam import (
Group,
ManagedPolicy,
)
from awacs.aws import (
Action,
Allow,
Policy,
Statement,
)
t = Template()
t.add_description("Effective DevOps in AWS: User Groups")
t.add_resource(
Group(
"Admins",
GroupName="Admins",
ManagedPolicyArns=["arn:aws:iam::aws:policy/AdministratorAccess"],
))
t.add_resource(
ManagedPolicy(
"CommonIamPolicy",
Description="Common policy to manage IAM resources",
PolicyDocument=Policy(
Version="2012-10-17",
Statement=[
# Converted from DynamoDB_Table.template located at:
# http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
from troposphere import Output, Parameter, Ref, Template
from troposphere.dynamodb import (KeySchema, AttributeDefinition,
ProvisionedThroughput)
from troposphere.dynamodb import Table
t = Template()
t.add_description("AWS CloudFormation Sample Template: This template "
"demonstrates the creation of a DynamoDB table.")
hashkeyname = t.add_parameter(
Parameter(
"HaskKeyElementName",
Description="HashType PrimaryKey Name",
Type="String",
AllowedPattern="[a-zA-Z0-9]*",
MinLength="1",
MaxLength="2048",
ConstraintDescription="must contain only alphanumberic characters"))
hashkeytype = t.add_parameter(
Parameter("HaskKeyElementType",
Description="HashType PrimaryKey Type",
Type="String",
Default="S",
AllowedPattern="[S|N]",
MinLength="1",
MaxLength="1",
from awacs.aws import Action, Allow, Policy, Principal, Statement
from troposphere import (
Template, applicationautoscaling, cloudwatch, cloudformation, ec2, ecs, elasticloadbalancingv2, iam, logs, ssm,
Equals, GetAZs, GetAtt, If, ImportValue, Join, Not, Parameter, Ref, Select, Sub
)
from uuid import uuid4
t = Template()
t.add_description("ecs-apache service")
def update_dummy_wch(template):
template.add_resource(cloudformation.WaitConditionHandle(
str(uuid4()).replace("-", "")
))
update_dummy_wch(t)
# PARAMETERS
container_name = t.add_parameter(Parameter(
"ContainerName",
AllowedPattern="^.+$",
Type="String",
Description="Container name",
Default="NONE"
))
container_port = t.add_parameter(Parameter(
from troposphere import (
Parameter,
Ref,
Template,
Join,
ImportValue,
Select,
Split,
)
from awacs.sts import AssumeRole
t = Template()
t.add_description("ECS service - Helloworld")
t.add_parameter(
Parameter("Tag",
Type="String",
Default="latest",
Description="Tag to deploy"))
t.add_resource(
TaskDefinition(
"task",
ContainerDefinitions=[
ContainerDefinition(
Image=Join("", [
Ref("AWS::AccountId"), ".dkr.ecr.",
Ref("AWS::Region"), ".amazonaws.com", "/",
def create():
es = Template()
es.add_description("Stack defining the elasticsearch instance")
# Get latest AMIs
def getAMI(region):
AMIMap = {}
print("Getting latest AMZN linux AMI in %s" % region)
ec2conn = boto.ec2.connect_to_region(region)
images = ec2conn.get_all_images(owners=["amazon"], filters={"name": "amzn-ami-hvm-*.x86_64-gp2"})
latestDate = ""
latestAMI = ""
for image in images:
if image.creationDate > latestDate:
latestDate = image.creationDate
latestAMI = image.id
AMIMap[region] = {"id": latestAMI}
return AMIMap
# Create AMI Map
es.add_mapping("AMIMap",getAMI(region))
# Create es VPC
esVPC = es.add_resource(
VPC(
"esVPC",
CidrBlock="10.0.0.0/16",
Tags=Tags(
Name="esVPC"
)
)
)
# Create es IGW
esIGW = es.add_resource(
InternetGateway(
"esIGW"
)
)
# Attach IGW to VPC
esIGWAttachment = es.add_resource(
VPCGatewayAttachment(
"esIGWAttachment",
VpcId=Ref(esVPC),
InternetGatewayId=Ref(esIGW)
)
)
# Create es Subnet
esSubnet = es.add_resource(
Subnet(
"esSubnet",
CidrBlock="10.0.0.0/24",
VpcId=Ref(esVPC)
)
)
# Create es RTB
esRTB = es.add_resource(
RouteTable(
"esRTB",
VpcId=Ref(esVPC)
)
)
# Create route to IGW
esDefaultRoute = es.add_resource(
Route(
"esDefaultRoute",
DependsOn="esIGWAttachment",
GatewayId=Ref(esIGW),
DestinationCidrBlock="0.0.0.0/0",
RouteTableId=Ref(esRTB)
)
)
# Associate RTB with Subnet
esSubnetRTBAssociation = es.add_resource(
SubnetRouteTableAssociation(
"esSubnetRTBAssociation",
SubnetId=Ref(esSubnet),
RouteTableId=Ref(esRTB)
)
)
# Create es Security Group
esSecurityGroup = es.add_resource(
SecurityGroup(
"esSecurityGroup",
GroupDescription="Allow inbound access on port 9200",
SecurityGroupIngress=[
SecurityGroupRule(
IpProtocol="tcp",
FromPort="9200",
ToPort="9200",
CidrIp="0.0.0.0/0"
)
],
VpcId=Ref(esVPC)
)
)
# Create es instance metadata
esInstanceMetadata = Metadata(
Init(
# Use ConfigSets to ensure GPG key and repo file are in place
# before trying to install elasticsearch
InitConfigSets(
ordered=["first","second"]
),
first=InitConfig(
files=InitFiles(
{
# cfn-hup notices when the cloudformation stack is changed
"/etc/cfn/cfn-hup.conf": InitFile(
content=Join("",
[
"[main]\n",
"stack=",Ref("AWS::StackName"),"\n",
"region=",Ref("AWS::Region"),"\n"
]
),
mode="000400",
owner="root",
group="root"
),
# cfn-hup will then trigger cfn-init to run.
# This lets us update the instance just by updating the stack
"/etc/cfn/hooks.d/cfn-auto-reloader.conf": InitFile(
content=Join("",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.esInstance.Metadata\n",
"action=/opt/aws/bin/cfn-init -v --stack ", Ref("AWS::StackName"), " ",
"--resource esInstance ",
"--region ", Ref("AWS::Region"), " ",
"--c ordered\n"
"runas=root\n"
]
),
mode="000400",
owner="root",
group="root"
),
# repo file for elastic search
"/etc/yum.repos.d/elasticsearch.repo": InitFile(
content=Join("",
[
"[elasticsearch-2.x]\n",
"name=Elasticsearch repository for 2.x packages\n",
"baseurl=http://packages.elastic.co/elasticsearch/2.x/centos\n",
"gpgcheck=1\n",
"gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch\n",
"enabled=1\n"
]
),
mode="000400",
owner="root",
group="root"
)
}
),
commands={
# Install elasticsearch key so package will install
"installGPG": {
"command": "rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch"
}
}
),
second=InitConfig(
packages={
"yum": {
# Install elasticsearch
"elasticsearch": [],
}
},
commands={
# Enable external access to elasticsearch
"listenOnAllinterfaces": {
"command": "echo \"network.host: 0.0.0.0\" >> /etc/elasticsearch/elasticsearch.yml"
}
},
services={
"sysvinit": InitServices(
{
"elasticsearch": InitService(
enabled=True,
ensureRunning=True
),
"cfn-hup": InitService(
enabled=True,
ensureRunning=True,
files=[
"/etc/cfn/cfn-hup.conf",
"/etc/cfn/hooks.d/cfn-auto-reloader.conf"
]
)
}
)
}
)
)
)
# Create es Instance
esInstance = es.add_resource(
Instance(
"esInstance",
ImageId=FindInMap("AMIMap",Ref("AWS::Region"),"id"),
InstanceType="t2.micro",
Metadata=esInstanceMetadata,
UserData=Base64(
Join("",
[
"#!/bin/bash\n",
"/opt/aws/bin/cfn-init -v ",
"--stack ", Ref("AWS::StackName"), " ",
"--resource esInstance ",
"--region ", Ref("AWS::Region"), " ",
"-c ordered"
]
)
),
NetworkInterfaces=[
NetworkInterfaceProperty(
GroupSet=[
Ref(esSecurityGroup)
],
AssociatePublicIpAddress="true",
DeviceIndex="0",
DeleteOnTermination="true",
SubnetId=Ref(esSubnet),
)
],
Tags=Tags(
Name="esInstance"
)
)
)
# Output address
es.add_output(
[Output
("esAddress",
Description="Elastic Search address",
Value=Join("",
[
"http://", GetAtt("esInstance", "PublicIp"), ":9200/"
]
)
)
]
)
return es
def main():
template = Template()
template.add_version("2010-09-09")
template.add_description(
"AWS CloudFormation Sample Template: ELB with 2 EC2 instances")
AddAMI(template)
# Add the Parameters
keyname_param = template.add_parameter(Parameter(
"KeyName",
Type="String",
Default="mark",
Description="Name of an existing EC2 KeyPair to "
"enable SSH access to the instance",
))
template.add_parameter(Parameter(
"InstanceType",
Type="String",
Description="WebServer EC2 instance type",
Default="m1.small",
AllowedValues=[
"t1.micro", "m1.small", "m1.medium", "m1.large", "m1.xlarge",
"m2.xlarge", "m2.2xlarge", "m2.4xlarge", "c1.medium", "c1.xlarge",
"cc1.4xlarge", "cc2.8xlarge", "cg1.4xlarge"
],
ConstraintDescription="must be a valid EC2 instance type.",
))
webport_param = template.add_parameter(Parameter(
"WebServerPort",
Type="String",
Default="8888",
Description="TCP/IP port of the web server",
))
apiport_param = template.add_parameter(Parameter(
"ApiServerPort",
Type="String",
Default="8889",
Description="TCP/IP port of the api server",
))
subnetA = template.add_parameter(Parameter(
"subnetA",
Type="String",
Default="subnet-096fd06d"
))
subnetB = template.add_parameter(Parameter(
"subnetB",
Type="String",
Default="subnet-1313ef4b"
))
VpcId = template.add_parameter(Parameter(
"VpcId",
Type="String",
Default="vpc-82c514e6"
))
# Define the instance security group
instance_sg = template.add_resource(
ec2.SecurityGroup(
"InstanceSecurityGroup",
GroupDescription="Enable SSH and HTTP access on the inbound port",
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="22",
ToPort="22",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=Ref(webport_param),
ToPort=Ref(webport_param),
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=Ref(apiport_param),
ToPort=Ref(apiport_param),
CidrIp="0.0.0.0/0",
),
]
)
)
# Add the web server instance
WebInstance = template.add_resource(ec2.Instance(
"WebInstance",
SecurityGroups=[Ref(instance_sg)],
KeyName=Ref(keyname_param),
InstanceType=Ref("InstanceType"),
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
UserData=Base64(Ref(webport_param)),
))
# Add the api server instance
ApiInstance = template.add_resource(ec2.Instance(
"ApiInstance",
SecurityGroups=[Ref(instance_sg)],
KeyName=Ref(keyname_param),
InstanceType=Ref("InstanceType"),
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
UserData=Base64(Ref(apiport_param)),
))
# Add the application ELB
ApplicationElasticLB = template.add_resource(elb.LoadBalancer(
"ApplicationElasticLB",
Name="ApplicationElasticLB",
Scheme="internet-facing",
Subnets=[Ref(subnetA), Ref(subnetB)]
))
TargetGroupWeb = template.add_resource(elb.TargetGroup(
"TargetGroupWeb",
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
Matcher=elb.Matcher(
HttpCode="200"),
Name="WebTarget",
Port=Ref(webport_param),
Protocol="HTTP",
Targets=[elb.TargetDescription(
Id=Ref(WebInstance),
Port=Ref(webport_param))],
UnhealthyThresholdCount="3",
VpcId=Ref(VpcId)
))
TargetGroupApi = template.add_resource(elb.TargetGroup(
"TargetGroupApi",
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
Matcher=elb.Matcher(
HttpCode="200"),
Name="ApiTarget",
Port=Ref(apiport_param),
Protocol="HTTP",
Targets=[elb.TargetDescription(
Id=Ref(ApiInstance),
Port=Ref(apiport_param))],
UnhealthyThresholdCount="3",
VpcId=Ref(VpcId)
))
Listener = template.add_resource(elb.Listener(
"Listener",
Port="80",
Protocol="HTTP",
LoadBalancerArn=Ref(ApplicationElasticLB),
DefaultActions=[elb.Action(
Type="forward",
TargetGroupArn=Ref(TargetGroupWeb)
)]
))
template.add_resource(elb.ListenerRule(
"ListenerRuleApi",
ListenerArn=Ref(Listener),
Conditions=[elb.Condition(
Field="path-pattern",
Values=["/api/*"])],
Actions=[elb.Action(
Type="forward",
TargetGroupArn=Ref(TargetGroupApi)
)],
Priority="1"
))
template.add_output(Output(
"URL",
Description="URL of the sample website",
Value=Join("", ["http://", GetAtt(ApplicationElasticLB, "DNSName")])
))
print(template.to_json())
from troposphere import (Base64, ec2, GetAtt, Join, Output, Parameter, Ref,
Template, FindInMap)
from troposphere.iam import (InstanceProfile, PolicyType as IAMPolicy, Role)
from awacs.aws import (Action, Allow, Policy, PolicyDocument, Principal,
Statement)
from awacs.sts import AssumeRole
AnsiblePlaybookFile = "ansible/frontServer.yml"
ApplicationPort = "80"
GithubAnsibleURL = "https://github.com/yoon2ix/cloudformation-ansible.git"
VpcID = "vpc-0a93272040286fd79"
SubnetID = "subnet-07f69f1a00576f7de"
t = Template()
t.add_description("Effective DevOps in AWS: Deploy Template")
# Deploy Server for Ansible
AnsiblePullCmd = "/usr/bin/ansible-pull -U {} {} -i localhost".format(
GithubAnsibleURL, AnsiblePlaybookFile)
# AWS IAM Profile
cfnrole = t.add_resource(
Role("CFNRole",
AssumeRolePolicyDocument=PolicyDocument(Statement=[
Statement(Effect=Allow,
Action=[AssumeRole],
Principal=Principal("Service", ["ec2.amazonaws.com"]))
])))
cfninstanceprofile = t.add_resource(
#!/usr/bin/env python
from __future__ import print_function
from troposphere import Base64, Join, GetAtt
from troposphere import Parameter, Ref, Template
from troposphere import ec2, iam
from troposphere.autoscaling import AutoScalingGroup, Tag
from troposphere.autoscaling import LaunchConfiguration
from troposphere.route53 import RecordSet, RecordSetGroup, AliasTarget
import troposphere.elasticloadbalancing as elb
templ = Template()
templ.add_description('Kibana cloudformation template')
instance_type = templ.add_parameter(Parameter(
'InstanceType',
Type='String',
Description='Instande type for instances',
Default='m3.medium'
))
key_name = templ.add_parameter(Parameter(
'KeyName',
Type='AWS::EC2::KeyPair::KeyName',
Description='Name of an existing EC2 KeyPair to enable SSH access',
))
cluster_name = templ.add_parameter(Parameter(
import sys
from troposphere import GetAtt, Join, Output, Parameter, Ref, Template
from troposphere.s3 import Bucket, Private
env = sys.argv[1]
COMPONENT_NAME = env + "YaegarBooksSharedResources"
t = Template(COMPONENT_NAME)
t.add_version("2010-09-09")
t.add_description(COMPONENT_NAME + " stacks")
s3bucket = t.add_resource(
Bucket("S3BucketSharedResources", AccessControl=Private))
t.add_output([
Output("S3bucketArn",
Value=GetAtt(s3bucket, "Arn"),
Description="Arn for S3")
])
print(t.to_json())
from troposphere.logs import MetricFilter, MetricTransformation
METRIC_NAMESPACE = "BBC/CHAOS-LAMBDA"
t = Template()
log_group = t.add_parameter(
Parameter(
"LambdaLogGroupName",
Description="The name of the log group for the lambda function.",
Type="String",
)
)
t.add_description(
"Metrics and filters for Chaos Lambda"
)
lambda_metrics = {
"liveliness": {
"FilterPattern": (
"[datetime, event=\"triggered\", ...]"
),
"MetricTransformations": [
MetricTransformation(
MetricNamespace=METRIC_NAMESPACE,
MetricName="triggered",
MetricValue="1",
)
]
}
from troposphere.events import Rule, Target
from troposphere.iam import Role, Policy
from troposphere.logs import LogGroup
from troposphere.s3 import Bucket
from troposphere.sns import Subscription, Topic
from troposphere import GetAtt, Join, Split, Output, Sub, utils, logs, Ref, Export
from troposphere import Ref, Template, Parameter
from troposphere.cognito import UserPool, UserPoolClient, UserPoolGroup, UserPoolUser, \
UserPoolUserToGroupAttachment, CognitoIdentityProvider, IdentityPool, IdentityPoolRoleAttachment, RoleMapping
from troposphere.iam import Role, Policy
t = Template()
t.add_version("2010-09-09")
t.add_description("AWS CloudFormation pVideoDashboard stack. (1 step)")
#### PARAMETER ####
# mettere Enable cloudWatch alarm
# mettere Enable status_trigger
suffixcf = "cf"
suffix_work = "-work"
log_group_name = "pVideoDashboardLogGroup" # ansible_module.params['log_group_name']
s3_bucket_name = "pvideodashboard" # ansible_module.params['s3_bucket_name']
ca_cluster_identifier = "ca-dev-frank-cloudanalyticsredshiftcluster-jlt2fskwsdso"
subnets_array_lambda = "subnet-00670b6b,subnet-8574d0f8" # ansible_module.params['private_subnet_ids'].split(",")
security_group_lambda = "sg-17fd397a" # ansible_module.params['security_group_lambda']
lambda_memory = 512 # ansible_module.params['lambda_memory'],
lambda_timeout = 300 # ansible_module.params['lambda_timeout'],
import yaml
import troposphere.emr as emr
from troposphere import GetAtt, Output, Parameter, Ref, Tags, Template
import cloudformation.troposphere.utils as utils
# load config
cfg = yaml.load(resource_string('config', 'generic_emr_config.yml'))
networking_resources = utils.get_stack_resources(
stack_name=cfg['networking_stack_name'])
STACK_NAME = cfg['stack_name']
template = Template()
description = 'Stack containing EMR with conda in all nodes'
template.add_description(description)
template.add_version('2010-09-09')
instances = template.add_parameter(
Parameter('Instances',
Type='Number',
Description='Number of core instances',
MaxValue='10'))
cluster = template.add_resource(
emr.Cluster(
'Cluster',
Name='Generic Cluster',
ReleaseLabel=cfg['version'],
JobFlowRole='GenericEMRInstanceProfile',
ServiceRole='GenericEMRServiceRole',
from troposphere.constants import NUMBER
from troposphere import Output, Parameter, Ref, Template, GetAtt
from troposphere import Join
import troposphere.kinesis as kinesis
from troposphere.sqs import Queue, QueuePolicy
from troposphere.awslambda import Function, Code, MEMORY_VALUES, EventSourceMapping
from troposphere.iam import Role, Policy, PolicyType
template = Template()
template.add_description("AWS CloudFormation Template: "
"Kinesis Stream + Lambda + SQS.")
s3_bucket = template.add_parameter(
Parameter(
"CodeS3Bucket", Description="Name of code bucket", Type="String"))
s3_key = template.add_parameter(
Parameter("CodeS3Key", Description="Name of code zip file", Type="String"))
s3_object_version_id = template.add_parameter(
Parameter(
"CodeS3ObjectVersionID",
Description="Version ID of zip file",
Type="String"))
memory_size = template.add_parameter(
Parameter(
'LambdaMemorySize',
Type=NUMBER,
Description='Amount of memory to allocate to the Lambda Function',
from troposphere import Ref, Template, Tags, Join
from troposphere.ec2 import VPC, Subnet, NetworkAcl, NetworkAclEntry, InternetGateway, \
VPCGatewayAttachment, RouteTable, Route, SubnetRouteTableAssociation, SubnetNetworkAclAssociation
VPC_NETWORK = "172.20.0.0/16"
VPC_PRIVATE_A = "172.20.1.0/24"
VPC_PRIVATE_B = "172.20.2.0/24"
VPC_PRIVATE_C = "172.20.3.0/24"
VPC_PUBLIC_A = "172.20.128.0/24"
VPC_PUBLIC_B = "172.20.129.0/24"
VPC_PUBLIC_C = "172.20.130.0/24"
t = Template()
t.add_description("Stack creating a basic VPC")
vpc = t.add_resource(VPC(
"VPC",
CidrBlock=VPC_NETWORK,
InstanceTenancy="default",
EnableDnsSupport=True,
EnableDnsHostnames=False,
Tags=Tags(
Name=Ref("AWS::StackName")
)
))
# internet gateway
internetGateway = t.add_resource(InternetGateway(
"InternetGateway",
Tags=Tags(
# Converted from S3_Bucket.template located at:
# http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
from troposphere import Output, Ref, Template
from troposphere.s3 import Bucket, PublicRead
t = Template()
t.add_description(
"AWS CloudFormation Sample Template S3_Bucket: Sample template showing "
"how to create a publicly accessible S3 bucket. "
"**WARNING** This template creates an Amazon S3 Bucket. "
"You will be billed for the AWS resources used if you create "
"a stack from this template.")
s3bucket = t.add_resource(Bucket("S3Bucket", AccessControl=PublicRead,))
t.add_output(Output(
"BucketName",
Value=Ref(s3bucket),
Description="Name of S3 bucket to hold website content"
))
print(t.to_json())
"""Generating CloudFormation template."""
from troposphere import (Export, Join, Output, Parameter, Ref, Template)
from troposphere.ecr import Repository
t = Template()
t.add_description("ECR Repository")
t.add_parameter(
Parameter("RepoName",
Type="String",
Description="Name of the ECR repository to create"))
t.add_resource(Repository("Repository", RepositoryName=Ref("RepoName")))
t.add_output(
Output(
"Repository",
Description="ECR repository",
Value=Ref("RepoName"),
Export=Export(Join("-", [Ref("RepoName"), "repo"])),
))
print(t.to_json())
# Converted from Redshift.template located at:
# http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
from troposphere import Template, Parameter, Ref, Equals
from troposphere import If, Output, Join, GetAtt
from troposphere.redshift import Cluster, ClusterParameterGroup
from troposphere.redshift import AmazonRedshiftParameter, ClusterSubnetGroup
from troposphere.ec2 import VPC, Subnet, InternetGateway, VPCGatewayAttachment
from troposphere.ec2 import SecurityGroup, SecurityGroupIngress
t = Template()
t.add_version("2010-09-09")
t.add_description(
"AWS CloudFormation Sample Template: Redshift cluster in a VPC")
dbname = t.add_parameter(Parameter(
"DatabaseName",
Description="The name of the first database to be created when the "
"redshift cluster is created",
Type="String",
Default="defaultdb",
AllowedPattern="([a-z]|[0-9])+",
))
clustertype = t.add_parameter(Parameter(
"ClusterType",
Description="The type of the cluster",
Type="String",
Default="single-node",
from troposphere import Template, Ref, Output, GetAtt
from troposphere.iam import AccessKey, User
tpl = Template()
tpl.add_version('2010-09-09')
tpl.add_description(
"Create a CircleCI user with access to S3 bucket."
)
# Resources
superuser = tpl.add_resource(User(
title='czpycon2015circleci',
))
access_keys = tpl.add_resource(AccessKey(
"Troposphere",
Status="Active",
UserName=Ref(superuser))
)
# Outputs
tpl.add_output(Output(
"AccessKey",
Value=Ref(access_keys),
Description="AWSAccessKeyId",
))
tpl.add_output(Output(
"SecretKey",
Value=GetAtt(access_keys, "SecretAccessKey"),
Description="AWSSecretKey",
from troposphere import Template, Parameter, Ref, Tags, Output, GetAtt, ec2
import template_utils as utils
import troposphere.autoscaling as asg
import troposphere.cloudwatch as cw
import troposphere.elasticloadbalancing as elb
t = Template()
t.add_version('2010-09-09')
t.add_description('An application server stack for the nyc-trees project.')
#
# Parameters
#
color_param = t.add_parameter(Parameter(
'StackColor', Type='String',
Description='Stack color', AllowedValues=['Blue', 'Green'],
ConstraintDescription='must be either Blue or Green'
))
vpc_param = t.add_parameter(Parameter(
'VpcId', Type='String', Description='Name of an existing VPC'
))
keyname_param = t.add_parameter(Parameter(
'KeyName', Type='String', Default='nyc-trees-stg',
Description='Name of an existing EC2 key pair'
))
notification_arn_param = t.add_parameter(Parameter(
Join,
Ref,
Template
)
from troposphere.codebuild import (
Artifacts,
Environment,
Project,
Source
)
from troposphere.iam import Role
t = Template()
t.add_description("Effective DevOps in AWS: CodeBuild - Helloworld container")
t.add_resource(Role(
"ServiceRole",
AssumeRolePolicyDocument=Policy(
Statement=[
Statement(
Effect=Allow,
Action=[AssumeRole],
Principal=Principal("Service", ["codebuild.amazonaws.com"])
)
]
),
Path="/",
ManagedPolicyArns=[
'arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess',
class Wordpress(object):
def __init__(self, sceptre_user_data):
self.template = Template()
self.template.add_description("VPC Stack")
self.sceptreUserData = sceptre_user_data
self.environment = self.sceptreUserData['environment']
self.add_parameters()
self.defaultTags = [Tag('Contact', Ref(self.ownerEmailParam))]
self.namePrefix = Join(
"",
[Ref(self.ownerNameParam), self.sceptreUserData['environment']])
self.add_elb()
self.add_security_groups()
self.add_rds()
self.add_autoscaling_group()
self.add_outputs()
def add_parameters(self):
t = self.template
self.vpcIdParam = t.add_parameter(
Parameter(
"vpcId",
Type="String",
Description="The VPC ID.",
))
self.keyPairParam = t.add_parameter(
Parameter(
"keyPair",
Type="AWS::EC2::KeyPair::KeyName",
Description=
"Name of an existing EC2 KeyPair to enable SSH access to the instances.",
))
self.ownerNameParam = t.add_parameter(
Parameter('ownerName', Type='String'))
self.ownerEmailParam = t.add_parameter(
Parameter('ownerEmail', Type='String'))
self.dbMultiAzParam = t.add_parameter(
Parameter(
"dbMultiAz",
Default='false',
Type="String",
Description="The WordPress database admin account password",
AllowedValues=['true', 'false'],
ConstraintDescription="Must be either ture or false."))
self.dbNameParam = t.add_parameter(
Parameter(
"dbName",
Type="String",
Default="wordpressdb",
Description="The WordPress database name",
MinLength=1,
MaxLength=64,
AllowedPattern="[a-zA-Z][a-zA-Z0-9]*",
ConstraintDescription=
"Must begin with a letter and contain only alphanumeric characters."
))
self.dbUserParam = t.add_parameter(
Parameter(
"dbUser",
Type="String",
Description="The WordPress database admin account username",
MinLength=1,
MaxLength=16,
AllowedPattern="[a-zA-Z][a-zA-Z0-9]*",
ConstraintDescription=
"Must begin with a letter and contain only alphanumeric characters."
))
self.dbPasswordParam = t.add_parameter(
Parameter(
"dbPassword",
NoEcho=True,
Type="String",
Description="The WordPress database admin account password",
MinLength=6,
AllowedPattern="[a-zA-Z0-9]*",
ConstraintDescription=
"Must only contain alphanumeric characters."))
self.dbStorageParam = t.add_parameter(
Parameter("dbStorage",
NoEcho=True,
Type="Number",
Description="The size of the WordPress database in Gb.",
Default='5',
MinValue='5',
MaxValue='1024'))
self.vpnSgIdParam = t.add_parameter(
Parameter("vpnSgId",
Type="String",
Description="The ID of the VPN security group."))
def add_elb(self):
t = self.template
self.elbSg = t.add_resource(
SecurityGroup(
'ElbSecurityGroup',
VpcId=Ref(self.vpcIdParam),
GroupDescription='Security group for ELB.',
SecurityGroupIngress=[
SecurityGroupRule(ToPort='80',
FromPort='80',
IpProtocol='tcp',
CidrIp="0.0.0.0/0")
#TODO HTTPS
],
Tags=self.defaultTags +
[Tag('Name', Join("", [self.namePrefix, 'ElbSecurityGroup']))
]))
self.elbListener = Listener('ElbListener',
LoadBalancerPort="80",
InstancePort="80",
Protocol="HTTP",
InstanceProtocol="HTTP")
self.elbHealthCheck = HealthCheck(Target="TCP:80",
Timeout="2",
Interval="5",
HealthyThreshold="2",
UnhealthyThreshold="2")
publicSubnetIds = [
self.sceptreUserData['subnets']['publicInfraAZ1Id'],
self.sceptreUserData['subnets']['publicInfraAZ2Id'],
self.sceptreUserData['subnets']['publicInfraAZ3Id']
]
self.elb = t.add_resource(
LoadBalancer('Elb',
Listeners=[self.elbListener],
Scheme='internet-facing',
HealthCheck=self.elbHealthCheck,
CrossZone=True,
Subnets=publicSubnetIds,
SecurityGroups=[Ref(self.elbSg)],
Tags=self.defaultTags +
[Tag('Name', Join("", [self.namePrefix, 'Elb']))]))
return 0
def add_security_groups(self):
t = self.template
self.asgSg = t.add_resource(
SecurityGroup(
'AsgSg',
VpcId=Ref(self.vpcIdParam),
GroupDescription='Security group for ASG.',
SecurityGroupIngress=[
SecurityGroupRule(ToPort='80',
FromPort='80',
IpProtocol='tcp',
SourceSecurityGroupId=Ref(self.elbSg)),
SecurityGroupRule(ToPort='22',
FromPort='22',
IpProtocol='tcp',
SourceSecurityGroupId=Ref(
self.vpnSgIdParam))
#TODO HTTPS
],
Tags=self.defaultTags +
[Tag('Name', Join("", [self.namePrefix, 'AsgSg']))]))
self.rdsSg = t.add_resource(
SecurityGroup('RdsSg',
VpcId=Ref(self.vpcIdParam),
GroupDescription='Security group for RDS.',
SecurityGroupIngress=[
SecurityGroupRule(ToPort='3306',
FromPort='3306',
IpProtocol='tcp',
SourceSecurityGroupId=Ref(
self.asgSg))
],
Tags=self.defaultTags +
[Tag('Name', Join("", [self.namePrefix, 'RdsSg']))]))
return 0
def add_rds(self):
t = self.template
dbSubnetIds = [
self.sceptreUserData['subnets']['privateDataAZ1Id'],
self.sceptreUserData['subnets']['privateDataAZ2Id'],
self.sceptreUserData['subnets']['privateDataAZ3Id']
]
self.rdsSubnetGroup = t.add_resource(
DBSubnetGroup(
'DbSubnetGroup',
DBSubnetGroupDescription='Subnet group for RDS.',
SubnetIds=dbSubnetIds,
Tags=self.defaultTags +
[Tag('Name', Join("", [self.namePrefix, 'DbSubnetGroup']))]))
self.rds = t.add_resource(
DBInstance('RdsInstance',
AllocatedStorage=Ref(self.dbStorageParam),
DBInstanceClass='db.t2.micro',
DBName=Ref(self.dbNameParam),
DBSubnetGroupName=Ref(self.rdsSubnetGroup),
VPCSecurityGroups=[Ref(self.rdsSg)],
Engine='MySQL',
EngineVersion='5.5.46',
MasterUsername=Ref(self.dbUserParam),
MasterUserPassword=Ref(self.dbPasswordParam),
MultiAZ=Ref(self.dbMultiAzParam)))
return 0
def add_autoscaling_group(self):
t = self.template
self.asgLaunchConfig = t.add_resource(
LaunchConfiguration(
'ASGLaunchConfig',
ImageId='ami-0b33d91d', #TODO Mapping for different regions
InstanceMonitoring=False,
AssociatePublicIpAddress=False,
InstanceType="t2.micro",
SecurityGroups=[Ref(self.asgSg)],
KeyName=Ref(self.keyPairParam),
UserData=Base64(
Join(
"",
[
"#!/bin/bash -xe\n",
"yum update -y aws-cfn-bootstrap\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource LaunchConfig ",
" --configsets wordpress_install ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
# "/opt/aws/bin/cfn-signal -e $? ",
# " --stack ", { "Ref" : "AWS::StackName" },
# " --resource WebServerGroup ",
# " --region ", { "Ref" : "AWS::Region" }, "\n"
])),
Metadata=cfn.Metadata(
cfn.Init(
cfn.InitConfigSets(wordpress_install=[
'install_cfn', 'install_chefdk', "install_chef",
"install_wordpress", "run_chef"
]),
install_cfn=cfn.InitConfig(
# Starts cfn-hup daemon which detects changes in metadata
# and runs user-specified actions when a change is detected.
# This allows configuration updates through UpdateStack.
# The cfn-hup.conf file stores the name of the stack and
# the AWS credentials that the cfn-hup daemon targets.
# The cfn-hup daemon parses and loads each file in the /etc/cfn/hooks.d directory.
files={
"/etc/cfn/cfn-hup.conf": {
"content": {
"Fn::Join": [
"",
[
"[main]\n", "stack=", {
"Ref": "AWS::StackId"
}, "\n", "region=", {
"Ref": "AWS::Region"
}, "\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
},
"/etc/cfn/hooks.d/cfn-auto-reloader.conf": {
"content": {
"Fn::Join": [
"",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.LaunchConfig.Metadata.AWS::CloudFormation::Init\n",
"action=/opt/aws/bin/cfn-init -v ",
" --stack ", {
"Ref": "AWS::StackName"
},
" --resource LaunchConfig ",
" --configsets wordpress_install ",
" --region ", {
"Ref": "AWS::Region"
}, "\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
}
},
services={
"sysvinit": {
"cfn-hup": {
"enabled":
"true",
"ensureRunning":
"true",
"files": [
"/etc/cfn/cfn-hup.conf",
"/etc/cfn/hooks.d/cfn-auto-reloader.conf"
]
}
}
}),
install_chefdk=cfn.InitConfig(
packages={
"rpm": {
"chefdk":
"https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chefdk-0.2.0-2.el6.x86_64.rpm"
}
}),
install_chef=cfn.InitConfig(
sources={
# Set up a local Chef repository on the instance.
"/var/chef/chef-repo":
"http://github.com/opscode/chef-repo/tarball/master"
},
files={
# Chef installation file.
"/tmp/install.sh": {
"source":
"https://www.opscode.com/chef/install.sh",
"mode": "000400",
"owner": "root",
"group": "root"
},
# Knife configuration file.
"/var/chef/chef-repo/.chef/knife.rb": {
"content": {
"Fn::Join": [
"",
[
"cookbook_path [ '/var/chef/chef-repo/cookbooks' ]\n",
"node_path [ '/var/chef/chef-repo/nodes' ]\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
},
# Chef client configuration file.
"/var/chef/chef-repo/.chef/client.rb": {
"content": {
"Fn::Join": [
"",
[
"cookbook_path [ '/var/chef/chef-repo/cookbooks' ]\n",
"node_path [ '/var/chef/chef-repo/nodes' ]\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
}
},
commands={
# make the /var/chef directory readable, run the
# Chef installation, and then start Chef local mode
# by using the client.rb file that was created.
# The commands are run in alphanumeric order.
"01_make_chef_readable": {
"command": "chmod +rx /var/chef"
},
"02_install_chef": {
"command": "bash /tmp/install.sh",
"cwd": "/var/chef"
},
"03_create_node_list": {
"command":
"chef-client -z -c /var/chef/chef-repo/.chef/client.rb",
"cwd": "/var/chef/chef-repo",
"env": {
"HOME": "/var/chef"
}
}
}),
install_wordpress=cfn.InitConfig(
# Installs WordPress by using a WordPress cookbook.
files={
# knife.rb and client.rb files are overwritten to
# point to the cookbooks that are required to install WordPress.
"/var/chef/chef-repo/.chef/knife.rb": {
"content": {
"Fn::Join": [
"",
[
"cookbook_path [ '/var/chef/chef-repo/cookbooks/wordpress/berks-cookbooks' ]\n",
"node_path [ '/var/chef/chef-repo/nodes' ]\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
},
"/var/chef/chef-repo/.chef/client.rb": {
"content": {
"Fn::Join": [
"",
[
"cookbook_path [ '/var/chef/chef-repo/cookbooks/wordpress/berks-cookbooks' ]\n",
"node_path [ '/var/chef/chef-repo/nodes' ]\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
},
# Specify the Amazon RDS database instance as the WordPress database
"/var/chef/chef-repo/cookbooks/wordpress/attributes/aws_rds_config.rb":
{
"content": {
"Fn::Join": [
"",
[
"normal['wordpress']['db']['pass'] = '******'\n",
"normal['wordpress']['db']['user'] = '******'\n",
"normal['wordpress']['db']['host'] = '",
GetAtt(self.rds,
"Endpoint.Address"),
"'\n",
"normal['wordpress']['db']['name'] = '",
Ref(self.dbNameParam), "'\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
}
},
commands={
"01_get_cookbook": {
"command":
"knife cookbook site download wordpress",
"cwd": "/var/chef/chef-repo",
"env": {
"HOME": "/var/chef"
}
},
"02_unpack_cookbook": {
"command":
"tar xvfz /var/chef/chef-repo/wordpress*",
"cwd": "/var/chef/chef-repo/cookbooks"
},
"03_init_berkshelf": {
"command":
"berks init /var/chef/chef-repo/cookbooks/wordpress --skip-vagrant --skip-git",
"cwd":
"/var/chef/chef-repo/cookbooks/wordpress",
"env": {
"HOME": "/var/chef"
}
},
"04_vendorize_berkshelf": {
"command": "berks vendor",
"cwd":
"/var/chef/chef-repo/cookbooks/wordpress",
"env": {
"HOME": "/var/chef"
}
},
"05_configure_node_run_list": {
"command":
"knife node run_list add -z `knife node list -z` recipe[wordpress]",
"cwd": "/var/chef/chef-repo",
"env": {
"HOME": "/var/chef"
}
}
}),
run_chef=cfn.InitConfig(
commands={
"01_run_chef_client": {
"command":
"chef-client -z -c /var/chef/chef-repo/.chef/client.rb",
"cwd": "/var/chef/chef-repo",
"env": {
"HOME": "/var/chef"
}
}
})))))
webserverSubnetIds = [
self.sceptreUserData['subnets']['privateWebAZ1Id'],
self.sceptreUserData['subnets']['privateWebAZ2Id'],
self.sceptreUserData['subnets']['privateWebAZ3Id']
]
self.webServerASG = t.add_resource(
AutoScalingGroup(
'WebServerASG',
LaunchConfigurationName=Ref(self.asgLaunchConfig),
LoadBalancerNames=[Ref(self.elb)],
MinSize='1',
DesiredCapacity='2',
Cooldown='1',
MaxSize='5',
UpdatePolicy=UpdatePolicy(
AutoScalingRollingUpdate=AutoScalingRollingUpdate(
MinInstancesInService="1")),
VPCZoneIdentifier=webserverSubnetIds,
Tags=[
ASTag('Contact', Ref(self.ownerEmailParam), True),
ASTag('Name', Join("", [self.namePrefix, 'ASG']), True)
]))
return 0
def add_outputs(self):
t = self.template
self.websiteUrl = t.add_output(
Output('websiteUrl',
Value=Join(
'', ['http://', GetAtt(self.elb, 'DNSName')]),
Description='Wordpress website URL.'))
return 0
# Python script to generate the cloudformation template json file
# This is not strictly needed, but it takes the pain out of writing a
# cloudformation template by hand. It also allows for DRY approaches
# to maintaining cloudformation templates.
from troposphere import Ref, Template, Parameter, Output, Join, GetAtt, Tags
import troposphere.ec2 as ec2
import configuration
t = Template()
t.add_description(
'Couchbase Servers'
)
keynameparameter = t.add_parameter(Parameter(
'KeyNameParameter', Type='AWS::EC2::KeyPair::KeyName',
Description='KeyName'
))
subnetid1parameter = t.add_parameter(Parameter(
'SubnetId1Parameter', Type='AWS::EC2::Subnet::Id',
Description='SubnetId'
))
subnetid2parameter = t.add_parameter(Parameter(
'SubnetId2Parameter', Type='AWS::EC2::Subnet::Id',
Description='SubnetId'
))
def main():
"""
Create a ElastiCache Redis Node and EC2 Instance
"""
template = Template()
# Description
template.add_description(
'AWS CloudFormation Sample Template ElastiCache_Redis:'
'Sample template showIing how to create an Amazon'
'ElastiCache Redis Cluster. **WARNING** This template'
'creates an Amazon EC2 Instance and an Amazon ElastiCache'
'Cluster. You will be billed for the AWS resources used'
'if you create a stack from this template.')
# Mappings
template.add_mapping(
'AWSInstanceType2Arch', {
't1.micro': {
'Arch': 'PV64'
},
't2.micro': {
'Arch': 'HVM64'
},
't2.small': {
'Arch': 'HVM64'
},
't2.medium': {
'Arch': 'HVM64'
},
'm1.small': {
'Arch': 'PV64'
},
'm1.medium': {
'Arch': 'PV64'
},
'm1.large': {
'Arch': 'PV64'
},
'm1.xlarge': {
'Arch': 'PV64'
},
'm2.xlarge': {
'Arch': 'PV64'
},
'm2.2xlarge': {
'Arch': 'PV64'
},
'm2.4xlarge': {
'Arch': 'PV64'
},
'm3.medium': {
'Arch': 'HVM64'
},
'm3.large': {
'Arch': 'HVM64'
},
'm3.xlarge': {
'Arch': 'HVM64'
},
'm3.2xlarge': {
'Arch': 'HVM64'
},
'c1.medium': {
'Arch': 'PV64'
},
'c1.xlarge': {
'Arch': 'PV64'
},
'c3.large': {
'Arch': 'HVM64'
},
'c3.xlarge': {
'Arch': 'HVM64'
},
'c3.2xlarge': {
'Arch': 'HVM64'
},
'c3.4xlarge': {
'Arch': 'HVM64'
},
'c3.8xlarge': {
'Arch': 'HVM64'
},
'c4.large': {
'Arch': 'HVM64'
},
'c4.xlarge': {
'Arch': 'HVM64'
},
'c4.2xlarge': {
'Arch': 'HVM64'
},
'c4.4xlarge': {
'Arch': 'HVM64'
},
'c4.8xlarge': {
'Arch': 'HVM64'
},
'g2.2xlarge': {
'Arch': 'HVMG2'
},
'r3.large': {
'Arch': 'HVM64'
},
'r3.xlarge': {
'Arch': 'HVM64'
},
'r3.2xlarge': {
'Arch': 'HVM64'
},
'r3.4xlarge': {
'Arch': 'HVM64'
},
'r3.8xlarge': {
'Arch': 'HVM64'
},
'i2.xlarge': {
'Arch': 'HVM64'
},
'i2.2xlarge': {
'Arch': 'HVM64'
},
'i2.4xlarge': {
'Arch': 'HVM64'
},
'i2.8xlarge': {
'Arch': 'HVM64'
},
'd2.xlarge': {
'Arch': 'HVM64'
},
'd2.2xlarge': {
'Arch': 'HVM64'
},
'd2.4xlarge': {
'Arch': 'HVM64'
},
'd2.8xlarge': {
'Arch': 'HVM64'
},
'hi1.4xlarge': {
'Arch': 'HVM64'
},
'hs1.8xlarge': {
'Arch': 'HVM64'
},
'cr1.8xlarge': {
'Arch': 'HVM64'
},
'cc2.8xlarge': {
'Arch': 'HVM64'
}
})
template.add_mapping(
'AWSRegionArch2AMI', {
'us-east-1': {
'PV64': 'ami-0f4cfd64',
'HVM64': 'ami-0d4cfd66',
'HVMG2': 'ami-5b05ba30'
},
'us-west-2': {
'PV64': 'ami-d3c5d1e3',
'HVM64': 'ami-d5c5d1e5',
'HVMG2': 'ami-a9d6c099'
},
'us-west-1': {
'PV64': 'ami-85ea13c1',
'HVM64': 'ami-87ea13c3',
'HVMG2': 'ami-37827a73'
},
'eu-west-1': {
'PV64': 'ami-d6d18ea1',
'HVM64': 'ami-e4d18e93',
'HVMG2': 'ami-72a9f105'
},
'eu-central-1': {
'PV64': 'ami-a4b0b7b9',
'HVM64': 'ami-a6b0b7bb',
'HVMG2': 'ami-a6c9cfbb'
},
'ap-northeast-1': {
'PV64': 'ami-1a1b9f1a',
'HVM64': 'ami-1c1b9f1c',
'HVMG2': 'ami-f644c4f6'
},
'ap-southeast-1': {
'PV64': 'ami-d24b4280',
'HVM64': 'ami-d44b4286',
'HVMG2': 'ami-12b5bc40'
},
'ap-southeast-2': {
'PV64': 'ami-ef7b39d5',
'HVM64': 'ami-db7b39e1',
'HVMG2': 'ami-b3337e89'
},
'sa-east-1': {
'PV64': 'ami-5b098146',
'HVM64': 'ami-55098148',
'HVMG2': 'NOT_SUPPORTED'
},
'cn-north-1': {
'PV64': 'ami-bec45887',
'HVM64': 'ami-bcc45885',
'HVMG2': 'NOT_SUPPORTED'
}
})
template.add_mapping(
'Region2Principal', {
'us-east-1': {
'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'
},
'us-west-2': {
'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'
},
'us-west-1': {
'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'
},
'eu-west-1': {
'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'
},
'ap-southeast-1': {
'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'
},
'ap-northeast-1': {
'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'
},
'ap-southeast-2': {
'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'
},
'sa-east-1': {
'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'
},
'cn-north-1': {
'EC2Principal': 'ec2.amazonaws.com.cn',
'OpsWorksPrincipal': 'opsworks.amazonaws.com.cn'
},
'eu-central-1': {
'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'
}
})
# Parameters
cachenodetype = template.add_parameter(
Parameter(
'ClusterNodeType',
Description=
'The compute and memory capacity of the nodes in the Redis'
' Cluster',
Type='String',
Default='cache.m1.small',
AllowedValues=[
'cache.m1.small', 'cache.m1.large', 'cache.m1.xlarge',
'cache.m2.xlarge', 'cache.m2.2xlarge', 'cache.m2.4xlarge',
'cache.c1.xlarge'
],
ConstraintDescription='must select a valid Cache Node type.',
))
instancetype = template.add_parameter(
Parameter(
'InstanceType',
Description='WebServer EC2 instance type',
Type='String',
Default='t2.micro',
AllowedValues=[
't1.micro', 't2.micro', 't2.small', 't2.medium', 'm1.small',
'm1.medium', 'm1.large', 'm1.xlarge', 'm2.xlarge',
'm2.2xlarge', 'm2.4xlarge', 'm3.medium', 'm3.large',
'm3.xlarge', 'm3.2xlarge', 'c1.medium', 'c1.xlarge',
'c3.large', 'c3.xlarge', 'c3.2xlarge', 'c3.4xlarge',
'c3.8xlarge', 'c4.large', 'c4.xlarge', 'c4.2xlarge',
'c4.4xlarge', 'c4.8xlarge', 'g2.2xlarge', 'r3.large',
'r3.xlarge', 'r3.2xlarge', 'r3.4xlarge', 'r3.8xlarge',
'i2.xlarge', 'i2.2xlarge', 'i2.4xlarge', 'i2.8xlarge',
'd2.xlarge', 'd2.2xlarge', 'd2.4xlarge', 'd2.8xlarge',
'hi1.4xlarge', 'hs1.8xlarge', 'cr1.8xlarge', 'cc2.8xlarge',
'cg1.4xlarge'
],
ConstraintDescription='must be a valid EC2 instance type.',
))
keyname = template.add_parameter(
Parameter(
'KeyName',
Description='Name of an existing EC2 KeyPair to enable SSH access'
' to the instance',
Type='AWS::EC2::KeyPair::KeyName',
ConstraintDescription=
'must be the name of an existing EC2 KeyPair.',
))
sshlocation = template.add_parameter(
Parameter('SSHLocation',
Description='The IP address range that can be used to SSH to'
' the EC2 instances',
Type='String',
MinLength='9',
MaxLength='18',
Default='0.0.0.0/0',
AllowedPattern='(\\d{1,3})\\.(\\d{1,3})\\.'
'(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})',
ConstraintDescription='must be a valid IP CIDR range of the'
' form x.x.x.x/x.'))
# Resources
webserverrole = template.add_resource(
iam.Role(
'WebServerRole',
AssumeRolePolicyDocument=Policy(Statement=[
Statement(
Effect=Allow,
Action=[AssumeRole],
Principal=Principal('Service', [
FindInMap('Region2Principal', Ref('AWS::Region'),
'EC2Principal')
]),
)
]),
Path='/',
))
template.add_resource(
iam.PolicyType(
'WebServerRolePolicy',
PolicyName='WebServerRole',
PolicyDocument=awacs.aws.Policy(Statement=[
awacs.aws.Statement(Action=[
awacs.aws.Action("elasticache", "DescribeCacheClusters")
],
Resource=["*"],
Effect=awacs.aws.Allow)
]),
Roles=[Ref(webserverrole)],
))
webserverinstanceprofile = template.add_resource(
iam.InstanceProfile(
'WebServerInstanceProfile',
Path='/',
Roles=[Ref(webserverrole)],
))
webserversg = template.add_resource(
ec2.SecurityGroup('WebServerSecurityGroup',
GroupDescription='Enable HTTP and SSH access',
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol='tcp',
FromPort='22',
ToPort='22',
CidrIp=Ref(sshlocation),
),
ec2.SecurityGroupRule(
IpProtocol='tcp',
FromPort='80',
ToPort='80',
CidrIp='0.0.0.0/0',
)
]))
webserverinstance = template.add_resource(
ec2.Instance(
'WebServerInstance',
Metadata=cloudformation.Metadata(
cloudformation.Init({
'config':
cloudformation.InitConfig(
packages={
'yum': {
'httpd': [],
'php': [],
'php-devel': [],
'gcc': [],
'make': []
}
},
files=cloudformation.InitFiles({
'/var/www/html/index.php':
cloudformation.
InitFile(content=Join('', [
'<?php\n',
'echo \"<h1>AWS CloudFormation sample'
' application for Amazon ElastiCache'
' Redis Cluster</h1>\";\n', '\n',
'$cluster_config = json_decode('
'file_get_contents(\'/tmp/cacheclusterconfig\''
'), true);\n',
'$endpoint = $cluster_config[\'CacheClusters'
'\'][0][\'CacheNodes\'][0][\'Endpoint\'][\'Add'
'ress\'];\n',
'$port = $cluster_config[\'CacheClusters\'][0]'
'[\'CacheNodes\'][0][\'Endpoint\'][\'Port\'];'
'\n', '\n',
'echo \"<p>Connecting to Redis Cache Cluster '
'node \'{$endpoint}\' on port {$port}</p>\";'
'\n', '\n', '$redis=new Redis();\n',
'$redis->connect($endpoint, $port);\n',
'$redis->set(\'testkey\', \'Hello World!\');'
'\n', '$return = $redis->get(\'testkey\');\n',
'\n',
'echo \"<p>Retrieved value: $return</p>\";'
'\n', '?>\n'
]),
mode='000644',
owner='apache',
group='apache'),
'/etc/cron.d/get_cluster_config':
cloudformation.InitFile(
content='*/5 * * * * root'
' /usr/local/bin/get_cluster_config',
mode='000644',
owner='root',
group='root'),
'/usr/local/bin/get_cluster_config':
cloudformation.InitFile(content=Join(
'', [
'#! /bin/bash\n',
'aws elasticache describe-cache-clusters ',
' --cache-cluster-id ',
Ref('RedisCluster'),
' --show-cache-node-info'
' --region ',
Ref('AWS::Region'),
' > /tmp/cacheclusterconfig\n'
]),
mode='000755',
owner='root',
group='root'),
'/usr/local/bin/install_phpredis':
cloudformation.InitFile(content=Join(
'', [
'#! /bin/bash\n', 'cd /tmp\n',
'wget https://github.com/nicolasff/'
'phpredis/zipball/master -O phpredis.zip'
'\n', 'unzip phpredis.zip\n',
'cd nicolasff-phpredis-*\n', 'phpize\n',
'./configure\n', 'make && make install\n',
'touch /etc/php.d/redis.ini\n',
'echo extension=redis.so > /etc/php.d/'
'redis.ini\n'
]),
mode='000755',
owner='root',
group='root'),
'/etc/cfn/cfn-hup.conf':
cloudformation.InitFile(content=Join(
'', [
'[main]\n', 'stack=',
Ref('AWS::StackId'), '\n', 'region=',
Ref('AWS::Region'), '\n'
]),
mode='000400',
owner='root',
group='root'),
'/etc/cfn/hooks.d/cfn-auto-reloader.conf':
cloudformation.
InitFile(content=Join('', [
'[cfn-auto-reloader-hook]\n',
'triggers=post.update\n',
'path=Resources.WebServerInstance.Metadata'
'.AWS::CloudFormation::Init\n',
'action=/opt/aws/bin/cfn-init -v ',
' --stack ',
Ref('AWS::StackName'),
' --resource WebServerInstance ',
' --region ',
Ref('AWS::Region'), '\n', 'runas=root\n'
]),
# Why doesn't the Amazon template have this?
# mode='000400',
# owner='root',
# group='root'
),
}),
commands={
'01-install_phpredis': {
'command': '/usr/local/bin/install_phpredis'
},
'02-get-cluster-config': {
'command': '/usr/local/bin/get_cluster_config'
}
},
services={
"sysvinit":
cloudformation.InitServices({
"httpd":
cloudformation.InitService(
enabled=True,
ensureRunning=True,
),
"cfn-hup":
cloudformation.InitService(
enabled=True,
ensureRunning=True,
files=[
'/etc/cfn/cfn-hup.conf',
'/etc/cfn/hooks.d/'
'cfn-auto-reloader.conf'
]),
}),
},
)
})),
ImageId=FindInMap(
'AWSRegionArch2AMI', Ref('AWS::Region'),
FindInMap('AWSInstanceType2Arch', Ref(instancetype), 'Arch')),
InstanceType=Ref(instancetype),
SecurityGroups=[Ref(webserversg)],
KeyName=Ref(keyname),
IamInstanceProfile=Ref(webserverinstanceprofile),
UserData=Base64(
Join('', [
'#!/bin/bash -xe\n', 'yum update -y aws-cfn-bootstrap\n',
'# Setup the PHP sample application\n',
'/opt/aws/bin/cfn-init -v ', ' --stack ',
Ref('AWS::StackName'),
' --resource WebServerInstance ',
' --region ',
Ref('AWS::Region'), '\n',
'# Signal the status of cfn-init\n',
'/opt/aws/bin/cfn-signal -e $? ', ' --stack ',
Ref('AWS::StackName'),
' --resource WebServerInstance ',
' --region ',
Ref('AWS::Region'), '\n'
])),
CreationPolicy=CreationPolicy(ResourceSignal=ResourceSignal(
Timeout='PT15M')),
Tags=Tags(Application=Ref('AWS::StackId'),
Details='Created using Troposhpere')))
redisclustersg = template.add_resource(
elasticache.SecurityGroup(
'RedisClusterSecurityGroup',
Description='Lock the cluster down',
))
template.add_resource(
elasticache.SecurityGroupIngress(
'RedisClusterSecurityGroupIngress',
CacheSecurityGroupName=Ref(redisclustersg),
EC2SecurityGroupName=Ref(webserversg),
))
template.add_resource(
elasticache.CacheCluster(
'RedisCluster',
Engine='redis',
CacheNodeType=Ref(cachenodetype),
NumCacheNodes='1',
CacheSecurityGroupNames=[Ref(redisclustersg)],
))
# Outputs
template.add_output([
Output('WebsiteURL',
Description='Application URL',
Value=Join('', [
'http://',
GetAtt(webserverinstance, 'PublicDnsName'),
]))
])
# Print CloudFormation Template
print(template.to_json())
# Converted from s3_processor located at:
# https://github.com/awslabs/serverless-application-model/blob/dbc54b5d0cd31bf5cebd16d765b74aee9eb34641/examples/2016-10-31/s3_processor/template.yaml
from troposphere import Template, Ref
from troposphere.s3 import Bucket
from troposphere.serverless import Function, S3Event
t = Template()
t.add_description(
"A function is triggered off an upload to a bucket. It logs the content "
"type of the uploaded object.")
t.add_transform('AWS::Serverless-2016-10-31')
s3_bucket = t.add_resource(
Bucket("Bucket")
)
t.add_resource(
Function(
"ProcessorFunction",
Handler='index.handler',
Runtime='nodejs4.3',
CodeUri='s3://<bucket>/s3_processor.zip',
Policies='AmazonS3ReadOnlyAccess',
Events={
'PhotoUpload': S3Event(
'PhotoUpload',
Bucket=Ref(s3_bucket),
parser = argparse.ArgumentParser(description="OpenEMR Standard stack builder")
parser.add_argument(
"--recovery", help="load OpenEMR stack from backups", action="store_true")
parser.add_argument(
"--dev", help="purge development resources on exit", action="store_true")
args = parser.parse_args()
t = Template()
t.add_version('2010-09-09')
descString = 'OpenEMR Cloud Standard v5.0.1-1 cloud deployment'
if (args.dev):
descString += ' [developer]'
if (args.recovery):
descString += ' [recovery]'
t.add_description(descString)
# reduce to consistent names
if (args.recovery):
OpenEMRKeyID = Select('1', Split('/', Ref('RecoveryKMSKey')))
OpenEMRKeyARN = Ref('RecoveryKMSKey')
else:
OpenEMRKeyID = Ref('OpenEMRKey')
OpenEMRKeyARN = GetAtt('OpenEMRKey', 'Arn')
if (args.recovery):
setRecoveryInputs(t, args)
else:
setInputs(t, args)
setMappings(t, args)
from troposphere import Template, Ref, Output, GetAtt
from troposphere.iam import AccessKey, User
tpl = Template()
tpl.add_version('2010-09-09')
tpl.add_description(
"Create a superadmin user with all required privileges for this project. "
)
# Resources
superuser = tpl.add_resource(User(
title='czpycon2015',
))
access_keys = tpl.add_resource(AccessKey(
"Troposphere",
Status="Active",
UserName=Ref(superuser))
)
# Outputs
tpl.add_output(Output(
"AccessKey",
Value=Ref(access_keys),
Description="AWSAccessKeyId of superuser",
))
tpl.add_output(Output(
"SecretKey",
Value=GetAtt(access_keys, "SecretAccessKey"),
Description="AWSSecretKey of superuser",
class StandUp:
region = "ap-southeast-2"
subnet = "subnet-cb5facae"
type = "m3.xlarge"
ami = "ami-e95c31d3"
stackname = "TestIOStack"
name = "windows-2012-test"
instance_template = "TestIO"
timezone = "Australia/Brisbane"
environment = "Development"
comment = "Comments"
keypair = "IOTEST"
iamrole = "IAM-EC2-Default"
securitygroups = ["sg-02b36667"]
monitoring = False
rollback = False
volume = ""
ec2conn = ""
cfnconn = ""
template = ""
def __init__(self):
self.build()
self.output_to_file()
def output_to_file(self):
output = self.template.to_json()
fd = open('standup.json', 'w')
fd.write(output)
fd.close()
print(output)
def metadata(self):
m = MetadataObject()
m.add_configkeys(
'AWS::CloudFormation::Init', 'InitRAID', 'files', {
"C:\\cfn\\scripts\\striperaidebs.txt": {
"content":
"""select disk 1
clean
convert dynamic
select disk 2
clean
convert dynamic
create volume stripe disk=1,2
list volume
select volume 2
assign letter=e
format fs=ntfs quick"""
},
"C:\\cfn\\scripts\\striperaidephemeral.txt": {
"content":
"""select disk 2
clean
convert dynamic
select disk 3
clean
convert dynamic
create volume stripe disk=2,3
select volume 2
assign letter=E
format fs=ntfs quick"""
}
})
m.add_configkeys(
'AWS::CloudFormation::Init', 'InitRAID', 'commands', {
"1-initialize-raid-1": {
"command":
"""diskpart /s C:\\cfn\\scripts\\striperaidebs.txt""",
"waitAfterCompletion": 0
}
})
m.add_configkeys(
'AWS::CloudFormation::Init', 'TestIO', 'packages', {
"msi": {
"python":
"""https://www.python.org/ftp/python/3.4.2/python-3.4.2.amd64.msi"""
}
})
m.add_configkeys(
'AWS::CloudFormation::Init', 'TestIO', 'files', {
"C:\\cfn\\scripts\\DiskRobIOt.py":
"""https://raw.githubusercontent.com/monk-ee/DiskRobIOt/master/DiskRobIOt.py"""
})
m.add_configkeys(
'AWS::CloudFormation::Init', 'TestIO', 'commands', {
"1-python-path": {
"command": """setx path "%path%;C:\\Python34" """,
"waitAfterCompletion": 0
},
"2-run-disktest": {
"command":
"""c:\\cfn\\scripts\DiskRobIOt.py --path e:\\ """,
"waitAfterCompletion": 0
}
})
m.add_configkeys('AWS::CloudFormation::Init', 'configSets', 'config',
["InitRAID", "TestIO"])
return m
def build(self):
self.template = Template()
self.template.add_version()
self.template.add_description(self.comment)
m = self.metadata()
ec2_instance = self.template.add_resource(
ec2.Instance(
self.instance_template,
ImageId=self.ami,
InstanceType=self.type,
KeyName=self.keypair,
SubnetId=self.subnet,
SecurityGroupIds=self.securitygroups,
Monitoring=self.monitoring,
IamInstanceProfile=self.iamrole,
UserData=Base64("""<script> cfn-init -v -s """ +
self.stackname + """ -r """ +
self.instance_template + """ --region """ +
self.region +
""" --configset config</script>"""),
Metadata=m.JSONrepr(),
BlockDeviceMappings=[
ec2.BlockDeviceMapping(
DeviceName="/dev/xvdca",
VirtualName="ephemeral0",
),
ec2.BlockDeviceMapping(
DeviceName="/dev/xvdcb",
VirtualName="ephemeral1",
),
ec2.BlockDeviceMapping(
DeviceName="/dev/xvdb",
Ebs=ec2.EBSBlockDevice(DeleteOnTermination=True,
VolumeSize="45",
VolumeType="gp2"),
),
ec2.BlockDeviceMapping(
DeviceName="/dev/xvdc",
Ebs=ec2.EBSBlockDevice(DeleteOnTermination=True,
VolumeSize="45",
VolumeType="gp2"),
)
],
Tags=Tags(
Name=self.name,
Environment=self.environment,
Comment=self.comment,
Role=self.iamrole,
),
))
self.template.add_resource(
ec2.EIP(
"EIP",
InstanceId=Ref(ec2_instance),
Domain='vpc',
))
self.template.add_output([
Output(
"InstanceId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(ec2_instance),
),
Output(
"PrivateIP",
Description=
"Private IP address of the newly created EC2 instance",
Value=GetAtt(ec2_instance, "PrivateIp"),
),
Output(
"PrivateDNS",
Description="Private DNSName of the newly created EC2 instance",
Value=GetAtt(ec2_instance, "PrivateDnsName"),
)
])
def cloudform(self):
try:
self.cfnconn.create_stack(self.stackname,
template_body=self.template.to_json(),
disable_rollback=self.rollback)
output = self.template.to_json()
return output
except Exception as e:
raise
def ec2_connect_to_region(self):
try:
self.ec2conn = boto.ec2.connect_to_region(self.region)
except:
raise
def vpc_connect_to_region(self):
try:
self.vpcconn = boto.vpc.connect_to_region(self.region)
except:
raise
def iam_connect_to_region(self):
try:
self.iamconn = boto.iam.connect_to_region(self.region)
except:
raise
def cfn_connect_to_region(self):
try:
self.cfnconn = boto.cloudformation.connect_to_region(self.region)
except:
raise
# Python script to generate the cloudformation template json file
# This is not strictly needed, but it takes the pain out of writing a
# cloudformation template by hand. It also allows for DRY approaches
# to maintaining cloudformation templates.
from troposphere import Ref, Template, Parameter, Output, Join, GetAtt, Tags
import troposphere.ec2 as ec2
t = Template()
t.add_description(
'An Ec2-classic stack with Couchbase Server, Sync Gateway + load testing tools '
)
NUM_COUCHBASE_SERVERS=3
NUM_SYNC_GW_SERVERS=1
NUM_GATELOADS=1
COUCHBASE_INSTANCE_TYPE="m3.medium"
SYNC_GW_INSTANCE_TYPE="m3.medium"
GATELOAD_INSTANCE_TYPE="m3.medium"
def createCouchbaseSecurityGroups(t):
# Couchbase security group
secGrpCouchbase = ec2.SecurityGroup('CouchbaseSecurityGroup')
secGrpCouchbase.GroupDescription = "Allow access to Couchbase Server"
secGrpCouchbase.SecurityGroupIngress = [
ec2.SecurityGroupRule(
IpProtocol="tcp",
from troposphere.autoscaling import (
AutoScalingGroup,
LaunchConfiguration,
ScalingPolicy,
)
from troposphere.cloudwatch import (
Alarm,
MetricDimension,
)
from awacs.sts import AssumeRole
t = Template()
t.add_description('ElasticSearch Template')
t.add_parameter(Parameter("VpcId", Type="AWS::EC2::VPC::Id",
Description="VPC"))
t.add_parameter(
Parameter("PrivateSubnet",
Description="PrivateSubnet",
Type="List<AWS::EC2::Subnet::Id>",
ConstraintDescription="PrivateSubnet"))
t.add_parameter(
Parameter(
"InstanceType",
Type="String",
Description="instance type",
from troposphere import Parameter, Ref, Template
from troposphere import cloudformation, autoscaling
from troposphere.autoscaling import AutoScalingGroup, Tag
from troposphere.autoscaling import LaunchConfiguration, ScalingPolicy
from troposphere.elasticloadbalancing import LoadBalancer
from troposphere.policies import (
AutoScalingReplacingUpdate, AutoScalingRollingUpdate, UpdatePolicy
)
import troposphere.ec2 as ec2
import troposphere.elasticloadbalancing as elb
from troposphere.cloudwatch import Alarm, MetricDimension
t = Template()
t.add_description("""\
Configures autoscaling group for api app""")
SecurityGroup = t.add_parameter(Parameter(
"SecurityGroup",
Type="String",
Description="Security group for api instances.",
))
DeployBucket = t.add_parameter(Parameter(
"DeployBucket",
Type="String",
Description="The S3 bucket with the cloudformation scripts.",
))
SSLCertificateId = t.add_parameter(Parameter(
"SSLCertificateId",
MetricName="TestMetric",
Namespace="AWS/ElasticMapReduce",
Period="300",
Statistic="AVERAGE",
Threshold="50",
Unit="PERCENT",
Dimensions=[
emr.MetricDimension('my.custom.master.property',
'my.custom.master.value')
])))
]
return rules
template = Template()
template.add_description(
"Sample CloudFormation template for creating an EMR cluster")
keyname = template.add_parameter(
Parameter("KeyName",
Description="Name of an existing EC2 KeyPair to enable SSH "
"to the instances",
Type=KEY_PAIR_NAME))
subnet = template.add_parameter(
Parameter("Subnet",
Description="Subnet ID for creating the EMR cluster",
Type=SUBNET_ID))
spot = template.add_parameter(
Parameter("SpotPrice",
Description="Spot price (or use 0 for 'on demand' instance)",
ref_ambariserver = GetAtt('AmbariNode',
'PrivateDnsName')
ref_java_provider = Ref('JavaProvider')
ref_java_version = Ref('JavaVersion')
ref_additional_instance_count = Ref('AdditionalInstanceCount')
ref_ambari_pass = Ref('AmbariPass')
ref_ambari_services = Ref('AmbariServices')
ref_deploy_cluster = Ref('DeployCluster')
ref_wait_ambari = Ref('waitHandleAmbari')
# now the work begins
t = Template()
t.add_version("2010-09-09")
t.add_description("""\
CloudFormation template to Deploy Hortonworks Data Platform on VPC with a public subnet""")
## Parameters
BootDiskSize = t.add_parameter(Parameter(
"BootDiskSize",
Type="Number",
Default="80",
MinValue=10,
MaxValue=2000,
Description="Size of boot disk.",
))
InstanceType = t.add_parameter(Parameter(
"InstanceType",
Default="m4.xlarge",
from troposphere.cloudfront import Distribution, DistributionConfig
from troposphere.cloudfront import Origin, DefaultCacheBehavior
from troposphere.policies import CreationPolicy, ResourceSignal
ref_stack_id = Ref('AWS::StackId')
ref_region = Ref('AWS::Region')
ref_stack_name = Ref('AWS::StackName')
ref_ambariserver = GetAtt('AmbariNode',
'PrivateDnsName')
ref_java_provider = Ref('JavaProvider')
t = Template()
t.add_version("2010-09-09")
t.add_description("""\
CloudFormation template to Deploy Hortonworks Data Platform on VPC with a public subnet""")
AmbariInstanceType = t.add_parameter(Parameter(
"AmbariInstanceType",
Default="m3.large",
ConstraintDescription="Must be a valid EC2 instance type.",
Type="String",
Description="Instance type for Ambari node",
))
WorkerInstanceCount = t.add_parameter(Parameter(
"WorkerInstanceCount",
Default="2",
Type="Number",
Description="Number of Worker instances",
MaxValue="99",
MinValue="1",
def main():
"""
Create a ElastiCache Redis Node and EC2 Instance
"""
template = Template()
# Description
template.add_description(
'AWS CloudFormation Sample Template ElastiCache_Redis:'
'Sample template showing how to create an Amazon'
'ElastiCache Redis Cluster. **WARNING** This template'
'creates an Amazon EC2 Instance and an Amazon ElastiCache'
'Cluster. You will be billed for the AWS resources used'
'if you create a stack from this template.')
# Mappings
template.add_mapping('AWSInstanceType2Arch', {
't1.micro': {'Arch': 'PV64'},
't2.micro': {'Arch': 'HVM64'},
't2.small': {'Arch': 'HVM64'},
't2.medium': {'Arch': 'HVM64'},
'm1.small': {'Arch': 'PV64'},
'm1.medium': {'Arch': 'PV64'},
'm1.large': {'Arch': 'PV64'},
'm1.xlarge': {'Arch': 'PV64'},
'm2.xlarge': {'Arch': 'PV64'},
'm2.2xlarge': {'Arch': 'PV64'},
'm2.4xlarge': {'Arch': 'PV64'},
'm3.medium': {'Arch': 'HVM64'},
'm3.large': {'Arch': 'HVM64'},
'm3.xlarge': {'Arch': 'HVM64'},
'm3.2xlarge': {'Arch': 'HVM64'},
'c1.medium': {'Arch': 'PV64'},
'c1.xlarge': {'Arch': 'PV64'},
'c3.large': {'Arch': 'HVM64'},
'c3.xlarge': {'Arch': 'HVM64'},
'c3.2xlarge': {'Arch': 'HVM64'},
'c3.4xlarge': {'Arch': 'HVM64'},
'c3.8xlarge': {'Arch': 'HVM64'},
'c4.large': {'Arch': 'HVM64'},
'c4.xlarge': {'Arch': 'HVM64'},
'c4.2xlarge': {'Arch': 'HVM64'},
'c4.4xlarge': {'Arch': 'HVM64'},
'c4.8xlarge': {'Arch': 'HVM64'},
'g2.2xlarge': {'Arch': 'HVMG2'},
'r3.large': {'Arch': 'HVM64'},
'r3.xlarge': {'Arch': 'HVM64'},
'r3.2xlarge': {'Arch': 'HVM64'},
'r3.4xlarge': {'Arch': 'HVM64'},
'r3.8xlarge': {'Arch': 'HVM64'},
'i2.xlarge': {'Arch': 'HVM64'},
'i2.2xlarge': {'Arch': 'HVM64'},
'i2.4xlarge': {'Arch': 'HVM64'},
'i2.8xlarge': {'Arch': 'HVM64'},
'd2.xlarge': {'Arch': 'HVM64'},
'd2.2xlarge': {'Arch': 'HVM64'},
'd2.4xlarge': {'Arch': 'HVM64'},
'd2.8xlarge': {'Arch': 'HVM64'},
'hi1.4xlarge': {'Arch': 'HVM64'},
'hs1.8xlarge': {'Arch': 'HVM64'},
'cr1.8xlarge': {'Arch': 'HVM64'},
'cc2.8xlarge': {'Arch': 'HVM64'}
})
template.add_mapping('AWSRegionArch2AMI', {
'us-east-1': {'PV64': 'ami-0f4cfd64',
'HVM64': 'ami-0d4cfd66',
'HVMG2': 'ami-5b05ba30'},
'us-west-2': {'PV64': 'ami-d3c5d1e3',
'HVM64': 'ami-d5c5d1e5',
'HVMG2': 'ami-a9d6c099'},
'us-west-1': {'PV64': 'ami-85ea13c1',
'HVM64': 'ami-87ea13c3',
'HVMG2': 'ami-37827a73'},
'eu-west-1': {'PV64': 'ami-d6d18ea1',
'HVM64': 'ami-e4d18e93',
'HVMG2': 'ami-72a9f105'},
'eu-central-1': {'PV64': 'ami-a4b0b7b9',
'HVM64': 'ami-a6b0b7bb',
'HVMG2': 'ami-a6c9cfbb'},
'ap-northeast-1': {'PV64': 'ami-1a1b9f1a',
'HVM64': 'ami-1c1b9f1c',
'HVMG2': 'ami-f644c4f6'},
'ap-southeast-1': {'PV64': 'ami-d24b4280',
'HVM64': 'ami-d44b4286',
'HVMG2': 'ami-12b5bc40'},
'ap-southeast-2': {'PV64': 'ami-ef7b39d5',
'HVM64': 'ami-db7b39e1',
'HVMG2': 'ami-b3337e89'},
'sa-east-1': {'PV64': 'ami-5b098146',
'HVM64': 'ami-55098148',
'HVMG2': 'NOT_SUPPORTED'},
'cn-north-1': {'PV64': 'ami-bec45887',
'HVM64': 'ami-bcc45885',
'HVMG2': 'NOT_SUPPORTED'}
})
template.add_mapping('Region2Principal', {
'us-east-1': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'us-west-2': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'us-west-1': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'eu-west-1': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'ap-southeast-1': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'ap-northeast-1': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'ap-southeast-2': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'sa-east-1': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'cn-north-1': {'EC2Principal': 'ec2.amazonaws.com.cn',
'OpsWorksPrincipal': 'opsworks.amazonaws.com.cn'},
'eu-central-1': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'}
})
# Parameters
cachenodetype = template.add_parameter(Parameter(
'ClusterNodeType',
Description='The compute and memory capacity of the nodes in the Redis'
' Cluster',
Type='String',
Default='cache.m1.small',
AllowedValues=['cache.m1.small',
'cache.m1.large',
'cache.m1.xlarge',
'cache.m2.xlarge',
'cache.m2.2xlarge',
'cache.m2.4xlarge',
'cache.c1.xlarge'],
ConstraintDescription='must select a valid Cache Node type.',
))
instancetype = template.add_parameter(Parameter(
'InstanceType',
Description='WebServer EC2 instance type',
Type='String',
Default='t2.micro',
AllowedValues=['t1.micro',
't2.micro',
't2.small',
't2.medium',
'm1.small',
'm1.medium',
'm1.large',
'm1.xlarge',
'm2.xlarge',
'm2.2xlarge',
'm2.4xlarge',
'm3.medium',
'm3.large',
'm3.xlarge',
'm3.2xlarge',
'c1.medium',
'c1.xlarge',
'c3.large',
'c3.xlarge',
'c3.2xlarge',
'c3.4xlarge',
'c3.8xlarge',
'c4.large',
'c4.xlarge',
'c4.2xlarge',
'c4.4xlarge',
'c4.8xlarge',
'g2.2xlarge',
'r3.large',
'r3.xlarge',
'r3.2xlarge',
'r3.4xlarge',
'r3.8xlarge',
'i2.xlarge',
'i2.2xlarge',
'i2.4xlarge',
'i2.8xlarge',
'd2.xlarge',
'd2.2xlarge',
'd2.4xlarge',
'd2.8xlarge',
'hi1.4xlarge',
'hs1.8xlarge',
'cr1.8xlarge',
'cc2.8xlarge',
'cg1.4xlarge'],
ConstraintDescription='must be a valid EC2 instance type.',
))
keyname = template.add_parameter(Parameter(
'KeyName',
Description='Name of an existing EC2 KeyPair to enable SSH access'
' to the instance',
Type='AWS::EC2::KeyPair::KeyName',
ConstraintDescription='must be the name of an existing EC2 KeyPair.',
))
sshlocation = template.add_parameter(Parameter(
'SSHLocation',
Description='The IP address range that can be used to SSH to'
' the EC2 instances',
Type='String',
MinLength='9',
MaxLength='18',
Default='0.0.0.0/0',
AllowedPattern='(\\d{1,3})\\.(\\d{1,3})\\.'
'(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})',
ConstraintDescription='must be a valid IP CIDR range of the'
' form x.x.x.x/x.'
))
# Resources
webserverrole = template.add_resource(iam.Role(
'WebServerRole',
AssumeRolePolicyDocument=Policy(
Statement=[
Statement(
Effect=Allow,
Action=[AssumeRole],
Principal=Principal('Service',
[FindInMap('Region2Principal',
Ref('AWS::Region'),
'EC2Principal')]),
)
]
),
Path='/',
))
template.add_resource(iam.PolicyType(
'WebServerRolePolicy',
PolicyName='WebServerRole',
PolicyDocument=awacs.aws.Policy(
Statement=[awacs.aws.Statement(
Action=[awacs.aws.Action("elasticache",
"DescribeCacheClusters")],
Resource=["*"],
Effect=awacs.aws.Allow
)]
),
Roles=[Ref(webserverrole)],
))
webserverinstanceprofile = template.add_resource(iam.InstanceProfile(
'WebServerInstanceProfile',
Path='/',
Roles=[Ref(webserverrole)],
))
webserversg = template.add_resource(ec2.SecurityGroup(
'WebServerSecurityGroup',
GroupDescription='Enable HTTP and SSH access',
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol='tcp',
FromPort='22',
ToPort='22',
CidrIp=Ref(sshlocation),
),
ec2.SecurityGroupRule(
IpProtocol='tcp',
FromPort='80',
ToPort='80',
CidrIp='0.0.0.0/0',
)
]
))
webserverinstance = template.add_resource(ec2.Instance(
'WebServerInstance',
Metadata=cloudformation.Metadata(
cloudformation.Init({
'config': cloudformation.InitConfig(
packages={
'yum': {
'httpd': [],
'php': [],
'php-devel': [],
'gcc': [],
'make': []
}
},
files=cloudformation.InitFiles({
'/var/www/html/index.php': cloudformation.InitFile(
content=Join('', [
'<?php\n',
'echo \"<h1>AWS CloudFormation sample'
' application for Amazon ElastiCache'
' Redis Cluster</h1>\";\n',
'\n',
'$cluster_config = json_decode('
'file_get_contents(\'/tmp/cacheclusterconfig\''
'), true);\n',
'$endpoint = $cluster_config[\'CacheClusters'
'\'][0][\'CacheNodes\'][0][\'Endpoint\'][\'Add'
'ress\'];\n',
'$port = $cluster_config[\'CacheClusters\'][0]'
'[\'CacheNodes\'][0][\'Endpoint\'][\'Port\'];'
'\n',
'\n',
'echo \"<p>Connecting to Redis Cache Cluster '
'node \'{$endpoint}\' on port {$port}</p>\";'
'\n',
'\n',
'$redis=new Redis();\n',
'$redis->connect($endpoint, $port);\n',
'$redis->set(\'testkey\', \'Hello World!\');'
'\n',
'$return = $redis->get(\'testkey\');\n',
'\n',
'echo \"<p>Retrieved value: $return</p>\";'
'\n',
'?>\n'
]),
mode='000644',
owner='apache',
group='apache'
),
'/etc/cron.d/get_cluster_config':
cloudformation.InitFile(
content='*/5 * * * * root'
' /usr/local/bin/get_cluster_config',
mode='000644',
owner='root',
group='root'
),
'/usr/local/bin/get_cluster_config':
cloudformation.InitFile(
content=Join('', [
'#! /bin/bash\n',
'aws elasticache describe-cache-clusters ',
' --cache-cluster-id ',
Ref('RedisCluster'),
' --show-cache-node-info'
' --region ', Ref('AWS::Region'),
' > /tmp/cacheclusterconfig\n'
]),
mode='000755',
owner='root',
group='root'
),
'/usr/local/bin/install_phpredis':
cloudformation.InitFile(
content=Join('', [
'#! /bin/bash\n',
'cd /tmp\n',
'wget https://github.com/nicolasff/'
'phpredis/zipball/master -O phpredis.zip'
'\n',
'unzip phpredis.zip\n',
'cd nicolasff-phpredis-*\n',
'phpize\n',
'./configure\n',
'make && make install\n',
'touch /etc/php.d/redis.ini\n',
'echo extension=redis.so > /etc/php.d/'
'redis.ini\n'
]),
mode='000755',
owner='root',
group='root'
),
'/etc/cfn/cfn-hup.conf': cloudformation.InitFile(
content=Join('', [
'[main]\n',
'stack=', Ref('AWS::StackId'), '\n',
'region=', Ref('AWS::Region'), '\n'
]),
mode='000400',
owner='root',
group='root'
),
'/etc/cfn/hooks.d/cfn-auto-reloader.conf':
cloudformation.InitFile(
content=Join('', [
'[cfn-auto-reloader-hook]\n',
'triggers=post.update\n',
'path=Resources.WebServerInstance.Metadata'
'.AWS::CloudFormation::Init\n',
'action=/opt/aws/bin/cfn-init -v ',
' --stack ', Ref('AWS::StackName'),
' --resource WebServerInstance ',
' --region ', Ref('AWS::Region'),
'\n',
'runas=root\n'
]),
# Why doesn't the Amazon template have this?
# mode='000400',
# owner='root',
# group='root'
),
}),
commands={
'01-install_phpredis': {
'command': '/usr/local/bin/install_phpredis'
},
'02-get-cluster-config': {
'command': '/usr/local/bin/get_cluster_config'
}
},
services={
"sysvinit": cloudformation.InitServices({
"httpd": cloudformation.InitService(
enabled=True,
ensureRunning=True,
),
"cfn-hup": cloudformation.InitService(
enabled=True,
ensureRunning=True,
files=['/etc/cfn/cfn-hup.conf',
'/etc/cfn/hooks.d/'
'cfn-auto-reloader.conf']
),
}),
},
)
})
),
ImageId=FindInMap('AWSRegionArch2AMI', Ref('AWS::Region'),
FindInMap('AWSInstanceType2Arch',
Ref(instancetype), 'Arch')),
InstanceType=Ref(instancetype),
SecurityGroups=[Ref(webserversg)],
KeyName=Ref(keyname),
IamInstanceProfile=Ref(webserverinstanceprofile),
UserData=Base64(Join('', [
'#!/bin/bash -xe\n',
'yum update -y aws-cfn-bootstrap\n',
'# Setup the PHP sample application\n',
'/opt/aws/bin/cfn-init -v ',
' --stack ', Ref('AWS::StackName'),
' --resource WebServerInstance ',
' --region ', Ref('AWS::Region'), '\n',
'# Signal the status of cfn-init\n',
'/opt/aws/bin/cfn-signal -e $? ',
' --stack ', Ref('AWS::StackName'),
' --resource WebServerInstance ',
' --region ', Ref('AWS::Region'), '\n'
])),
CreationPolicy=CreationPolicy(
ResourceSignal=ResourceSignal(Timeout='PT15M')
),
Tags=Tags(Application=Ref('AWS::StackId'),
Details='Created using Troposhpere')
))
redisclustersg = template.add_resource(elasticache.SecurityGroup(
'RedisClusterSecurityGroup',
Description='Lock the cluster down',
))
template.add_resource(elasticache.SecurityGroupIngress(
'RedisClusterSecurityGroupIngress',
CacheSecurityGroupName=Ref(redisclustersg),
EC2SecurityGroupName=Ref(webserversg),
))
template.add_resource(elasticache.CacheCluster(
'RedisCluster',
Engine='redis',
CacheNodeType=Ref(cachenodetype),
NumCacheNodes='1',
CacheSecurityGroupNames=[Ref(redisclustersg)],
))
# Outputs
template.add_output([
Output(
'WebsiteURL',
Description='Application URL',
Value=Join('', [
'http://',
GetAtt(webserverinstance, 'PublicDnsName'),
])
)
])
# Print CloudFormation Template
print(template.to_json())
SecurityGroupRule, SecurityGroup
from troposphere.policies import CreationPolicy, ResourceSignal
from troposphere.cloudformation import Init, InitFile, InitFiles, \
InitConfig, InitService, InitServices
import boto3
import sys
import datetime
ami_id = sys.argv[1]
stack_name = 'testing%s' % datetime.datetime.now().strftime("%Y%M%d%H%M")
t = Template()
t.add_version('2010-09-09')
t.add_description("""Test template to take in new ami id from packer""")
keyname_param = t.add_parameter(
Parameter(
'KeyName',
ConstraintDescription='must be the name of an existing EC2 KeyPair.',
Description='Name of an existing EC2 KeyPair to enable SSH access to \
the instance',
Type='AWS::EC2::KeyPair::KeyName',
Default='keyname'
))
amiid_param = t.add_parameter(
Parameter(
'AMIID',
ConstraintDescription='AMI ID of the new image',
# Converted from Elasticsearch Domain example located at:
# http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#d0e51519
from troposphere import Template, constants
from troposphere.elasticsearch import Domain, EBSOptions
from troposphere.elasticsearch import ElasticsearchClusterConfig
from troposphere.elasticsearch import SnapshotOptions
templ = Template()
templ.add_description('Elasticsearch Domain example')
es_domain = templ.add_resource(Domain(
'ElasticsearchDomain',
DomainName="ExampleElasticsearchDomain",
ElasticsearchClusterConfig=ElasticsearchClusterConfig(
DedicatedMasterEnabled=True,
InstanceCount=2,
ZoneAwarenessEnabled=True,
InstanceType=constants.ELASTICSEARCH_M3_MEDIUM,
DedicatedMasterType=constants.ELASTICSEARCH_M3_MEDIUM,
DedicatedMasterCount=3
),
EBSOptions=EBSOptions(EBSEnabled=True,
Iops=0,
VolumeSize=20,
VolumeType="gp2"),
SnapshotOptions=SnapshotOptions(AutomatedSnapshotStartHour=0),
AccessPolicies={'Version': '2012-10-17',
'Statement': [{
ApplicationName = "helloworld"
ApplicationPort = "3000"
GithubAccount = "EffectiveDevOpsWithAWS"
GithubAnsibleURL = "https://github.com/{}/ansible".format(GithubAccount)
PublicCidrIp = str(ip_network(get_ip()))
AnsiblePullCmd = \
"/usr/bin/ansible-pull -U {} {}.yml -i localhost".format(GithubAnsibleURL,
ApplicationName
)
t = Template()
t.add_description("Effective DevOps in AWS: HelloWorld web application")
t.add_parameter(
Parameter(
"KeyPair",
Description="Name of an existing EC2 KeyPair to SSH",
Type="AWS::EC2::KeyPair::KeyName",
ConstraintDescription="must be the name of an existing EC2 KeyPair.",
))
t.add_resource(
ec2.SecurityGroup(
"SecurityGroup",
GroupDescription="Allow SSH and TCP/{} access".format(ApplicationPort),
SecurityGroupIngress=[
ec2.SecurityGroupRule(
#!/usr/bin/python
# Asgard CloudFormation template
from troposphere import Template, Parameter, Join, Ref, FindInMap, Output, GetAtt
import troposphere.ec2 as ec2
template = Template()
template.add_description('NetflixOSS Asgard 1.4.1 - Template by Answers for AWS')
keyname = template.add_parameter(Parameter(
"KeyPairName",
Description = "Name of an existing EC2 KeyPair to enable SSH access to the instance",
Type = "String",
MinLength = "1",
MaxLength = "64",
AllowedPattern = "[-_ a-zA-Z0-9]*",
ConstraintDescription = "can contain only alphanumeric characters, spaces, dashes and underscores."
))
ip_address = template.add_parameter(Parameter(
"YourIpAddress",
Description = "Your IP address",
Type = "String",
))
instance_type = template.add_parameter(Parameter(
"InstanceType",
Description = "EC2 instance type to launch for Application servers",
Type = "String",
from awacs.sts import AssumeRole
ApplicationName = "jenkins"
ApplicationPort = "8080"
PublicCidrIp = str(ip_network(get_ip()))
GithubAccount = "gane-dev"
GithubAnsibleURL = "https://github.com/{}/ansible".format(GithubAccount)
t = Template()
AnsiblePullCmd = "/usr/local/bin/ansible-pull -U {} {}.yml -i localhost".format(
GithubAnsibleURL,
ApplicationName
)
t.add_description("Simple HelloWorld web application")
t.add_parameter(Parameter(
"KeyPair",
Description="GaneshAwsDevOps2",
Type="AWS::EC2::KeyPair::KeyName",
ConstraintDescription="must be the name of an existing EC2 KeyPair.",
))
t.add_resource(ec2.SecurityGroup(
"SecurityGroup",
GroupDescription="Allow SSH and TCP/{} access".format(ApplicationPort),
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="22",
# Converted from ElasticBeanstalk_Python_Sample.template located at:
# http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
from troposphere import GetAtt, Join, Output
from troposphere import Parameter, Ref, Template
from troposphere.elasticbeanstalk import Application, Environment
from troposphere.elasticbeanstalk import ApplicationVersion, OptionSettings
from troposphere.elasticbeanstalk import SourceBundle
t = Template()
t.add_description(
"AWS CloudFormation Sample Template ElasticBeanstalk_Python_Sample: "
"Configure and launch the AWS Elastic Beanstalk Python sample "
"application. **WARNING** This template creates one or more Amazon EC2 "
"instances. You will be billed for the AWS resources used if you create "
"a stack from this template.")
keyname = t.add_parameter(Parameter(
"KeyName",
Description="Name of an existing EC2 KeyPair to enable SSH access "
"to the AWS Elastic Beanstalk instance",
Type="String",
))
sampleApp = t.add_resource(Application(
"sampleApplication",
Description="AWS Elastic Beanstalk Python Sample Application",
ApplicationVersions=[
ApplicationVersion(
from troposphere.awslambda import Code, Environment, Function, Permission
from troposphere.iam import Role, Policy
from troposphere.events import Rule, Target
from troposphere.sns import Topic
if len(sys.argv) > 2:
source = open(sys.argv[2], "r").read()
# Reclaim a few bytes (maximum size is 4096!) by converting four space
# indents to single space indents
indent_re = re.compile(r"^((?: ){1,})", re.MULTILINE)
source = indent_re.sub(lambda m: " " * (len(m.group(1)) / 4), source)
else:
source = None
t = Template()
t.add_description("Chaos Lambda")
if source is None:
s3_bucket = t.add_parameter(
Parameter(
"S3Bucket",
Description="Name of the S3 bucket containing the Lambda zip file",
Type="String",
))
s3_key = t.add_parameter(
Parameter(
"S3Key",
Description="Path to the Lambda zip file under the bucket",
Default="chaos-lambda.zip",
Type="String",
))
