Example #1
0
    def add_bucket_access(self, bucket_list):
        """Authorize access to a list of buckets using vpc endpoint.

        Note that this just allow an instance in the vpc to ask access
        to a given bucket through the endpoint. This does not change
        the bucket policy.

        The function creates also automatically the S3 VPC endpoint
        on the first call.

        :param bucket_list: list of bucket names
        :type bucket_list: list[Bucket] | list[str]
        """
        if self.name + 'S3EndPoint' not in self:
            self.add(VPCEndpoint(self.name + 'S3EndPoint',
                                 's3',
                                 self.subnet.vpc,
                                 [self.route_table],
                                 PolicyDocument()))
        for bucket in bucket_list:
            if isinstance(bucket, Bucket):
                bucket_name = bucket.ref
            else:
                bucket_name = bucket
            self.s3_endpoint.policy_document.append(
                Allow(to='s3:*',
                      on=[Join(['arn:aws:s3:::', bucket_name]),
                          Join(['arn:aws:s3:::', bucket_name, '/*'])],
                      apply_to=Principal(PrincipalKind.EVERYONE)))
Example #2
0
 def properties(self):
     return {
         "VpcId":
         self.vpc.ref,
         "ServiceName":
         Join(["com.amazonaws.",
               Ref("AWS::Region"), "." + self.service]),
         "PolicyDocument":
         self.policy_document.properties,
         "RouteTableIds": [rt.ref for rt in self.route_tables],
     }
Example #3
0
 def properties(self):
     return {
         'VpcId':
         self.vpc.ref,
         'ServiceName':
         Join(["com.amazonaws.",
               Ref("AWS::Region"), "." + self.service]),
         'PolicyDocument':
         self.policy_document.properties,
         'RouteTableIds': [rt.ref for rt in self.route_tables]
     }
Example #4
0
    def properties(self):
        """Serialize the object as a simple dict.

        Can be used to transform to CloudFormation Yaml format.

        :rtype: dict
        """
        props = []
        for kind, part in self.parts:
            props.append('<%s>\n%s\n</%s>' % (kind, part, kind))
        return Base64(Join(props))
Example #5
0
 def properties(self):
     return {
         "VpcId":
         self.subnet.vpc.ref,
         "ServiceName":
         Join(["com.amazonaws.",
               Ref("AWS::Region"), "." + self.service]),
         "PolicyDocument":
         self.policy_document.properties,
         "PrivateDnsEnabled":
         "true",
         "VpcEndpointType":
         "Interface",
         "SubnetIds": [self.subnet.ref],
         "SecurityGroupIds": [self.security_group.group_id],
     }
Example #6
0
    def set_cfn_init(
        self,
        config="init",
        cfn_init="/usr/local/bin/cfn-init",
        resource=None,
        metadata=None,
        init_script="",
        use_instance_role=False,
    ):
        """Add CFN init call on first boot of the instance.

        :param config: name of the configset to be launch (default: init)
        :type config: str
        :param cfn_init: location of cfn-init on the instance
            (default: /usr/local/bin/cfn-init)
        :type cfn_init: str
        :param resource: resource in which the metadata will be added. Default
            is to use current resource
        :type resource: str | None
        :param metadata: dict conforming to AWS::CloudFormation::Init
            specifications
        :type metadata: dict | None
        :param init_script: command to launch after cfn-init
        :type init_script: powershell command for windows and bash command for
            linuxes
        """
        if resource is None:
            resource = self.name

        if use_instance_role:
            cfn_init_options = Join([" --role ", self.instance_profile.role])
        else:
            cfn_init_options = ""

        if self.image.is_windows:
            self.add_user_data(
                "powershell",
                CFN_INIT_STARTUP_SCRIPT_WIN + init_script,
                variables={
                    "Cfninit": cfn_init,
                    "Config": config,
                    "Resource": resource,
                    "CfninitOptions": cfn_init_options,
                },
            )
            self.add_user_data("persist", "true")
        else:
            self.add_user_data(
                "x-shellscript",
                CFN_INIT_STARTUP_SCRIPT + init_script,
                "init.sh",
                variables={
                    "Cfninit": cfn_init,
                    "Config": config,
                    "Resource": resource,
                    "CfninitOptions": cfn_init_options,
                },
            )

        if metadata is not None:
            self.metadata["AWS::CloudFormation::Init"] = metadata