def add_nat_asg(self): user_data = [resources.get_resource('nat_takeover.sh')] if self.enable_ntp: user_data.append(resources.get_resource('ntp_takeover.sh')) if self.extra_user_data: user_data.append(open(self.extra_user_data).read()) nat_asg_name = "Nat%sASG" % str(self.subnet_index) user_data.extend([ "\n", "cfn-signal -s true", " --resource ", nat_asg_name, " --stack ", { "Ref": "AWS::StackName" }, " --region ", { "Ref": "AWS::Region" } ]) nat_launch_config = self.add_resource( LaunchConfiguration("Nat%sLaunchConfig" % str(self.subnet_index), UserData=Base64(Join('', user_data)), ImageId=FindInMap('RegionMap', Ref('AWS::Region'), 'natAmiId'), KeyName=Ref('ec2Key'), SecurityGroups=[Ref(self.sg)], EbsOptimized=False, IamInstanceProfile=Ref(self.instance_profile), InstanceType=self.instance_type, AssociatePublicIpAddress=True)) # Create the NAT in a public subnet subnet_layer = self._subnets['public'].keys()[0] nat_asg = self.add_resource( AutoScalingGroup( nat_asg_name, DesiredCapacity=1, Tags=[ Tag("Name", Join("-", [ "NAT", self.subnet_index, ]), True), Tag("isNat", "true", True) ], MinSize=1, MaxSize=1, Cooldown="30", LaunchConfigurationName=Ref(nat_launch_config), HealthCheckGracePeriod=30, HealthCheckType="EC2", VPCZoneIdentifier=[ self._subnets['public'][subnet_layer][self.subnet_index] ], CreationPolicy=CreationPolicy( ResourceSignal=ResourceSignal(Count=1, Timeout='PT15M')))) return nat_asg
def add_nat_asg(self): user_data = [resources.get_resource('nat_takeover.sh')] if self.enable_ntp: user_data.append(resources.get_resource('ntp_takeover.sh')) if self.extra_user_data: user_data.append(open(self.extra_user_data).read()) nat_asg_name = "Nat%sASG" % str(self.subnet_index) user_data.extend([ "\n", "cfn-signal -s true", " --resource ", nat_asg_name, " --stack ", {"Ref": "AWS::StackName"}, " --region ", {"Ref": "AWS::Region"} ]) nat_launch_config = self.add_resource(LaunchConfiguration( "Nat%sLaunchConfig" % str(self.subnet_index), UserData=Base64(Join('', user_data)), ImageId=FindInMap('RegionMap', Ref('AWS::Region'), 'natAmiId'), KeyName=Ref('ec2Key'), SecurityGroups=[Ref(self.sg)], EbsOptimized=False, IamInstanceProfile=Ref(self.instance_profile), InstanceType=self.instance_type, AssociatePublicIpAddress=True )) # Create the NAT in a public subnet subnet_layer = self._subnets['public'].keys()[0] nat_asg = self.add_resource(AutoScalingGroup( nat_asg_name, DesiredCapacity=1, Tags=[ Tag("Name", Join("-", ["NAT", self.subnet_index,]), True), Tag("isNat", "true", True) ], MinSize=1, MaxSize=1, Cooldown="30", LaunchConfigurationName=Ref(nat_launch_config), HealthCheckGracePeriod=30, HealthCheckType="EC2", VPCZoneIdentifier=[self._subnets['public'][subnet_layer][self.subnet_index]], CreationPolicy=CreationPolicy( ResourceSignal=ResourceSignal( Count=1, Timeout='PT15M' ) ) )) return nat_asg
def add_nat_asg(self): user_data = [resources.get_resource('nat_takeover.sh')] if self.enable_ntp: user_data.append(resources.get_resource('ntp_takeover.sh')) if self.extra_user_data: user_data.append(open(self.extra_user_data).read()) nat_launch_config = self.add_resource( LaunchConfiguration("Nat%sLaunchConfig" % str(self.subnet_index), UserData=Base64(Join('\n', user_data)), ImageId=FindInMap('RegionMap', Ref('AWS::Region'), 'natAmiId'), KeyName=Ref('ec2Key'), SecurityGroups=[Ref(self.sg)], EbsOptimized=False, IamInstanceProfile=Ref(self.instance_profile), InstanceType=self.instance_type, AssociatePublicIpAddress=True)) nat_asg = self.add_resource( AutoScalingGroup("Nat%sASG" % str(self.subnet_index), DesiredCapacity=1, Tags=[ Tag("Name", Join("-", [Ref(self.vpc_id), "NAT"]), True), Tag("isNat", "true", True) ], MinSize=1, MaxSize=1, Cooldown="30", LaunchConfigurationName=Ref(nat_launch_config), HealthCheckGracePeriod=30, HealthCheckType="EC2", VPCZoneIdentifier=[ Ref(self.subnets['public'][self.subnet_index]) ])) return nat_asg
def add_nat_asg(self): user_data = [resources.get_resource('nat_takeover.sh')] if self.enable_ntp: user_data.append(resources.get_resource('ntp_takeover.sh')) if self.extra_user_data: user_data.append(open(self.extra_user_data).read()) nat_launch_config = self.add_resource(LaunchConfiguration( "Nat%sLaunchConfig" % str(self.subnet_index), UserData=Base64(Join('\n', user_data)), ImageId=FindInMap('RegionMap', Ref('AWS::Region'), 'natAmiId'), KeyName=Ref('ec2Key'), SecurityGroups=[Ref(self.sg)], EbsOptimized=False, IamInstanceProfile=Ref(self.instance_profile), InstanceType=self.instance_type, AssociatePublicIpAddress=True )) nat_asg = self.add_resource(AutoScalingGroup( "Nat%sASG" % str(self.subnet_index), DesiredCapacity=1, Tags=[ Tag("Name", Join("-", [Ref(self.vpc_id), "NAT"]), True), Tag("isNat", "true", True) ], MinSize=1, MaxSize=1, Cooldown="30", LaunchConfigurationName=Ref(nat_launch_config), HealthCheckGracePeriod=30, HealthCheckType="EC2", VPCZoneIdentifier=[Ref(self.subnets['public'][self.subnet_index])] )) return nat_asg
"cloudformation:ListStackResources"], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:DescribeAddresses", "ec2:DisassociateAddress" ], "Resource": ["*"] } ] }) JUMPBOX_USERDATA = resources.get_resource('jumpbox_userdata.sh', __name__) AMI_NAME = 'openVpn2020' SUBNET_LABEL = 'jumpbox' class VPNJumpbox(Template): def __init__(self, subnet_cidrs=FACTORY_DEFAULTS['subnet_cidrs'], instance_type=FACTORY_DEFAULTS['instance_type'], remote_access_cidr=FACTORY_DEFAULTS['remote_access_cidr'], ec2_key=FACTORY_DEFAULTS['ec2_key'], admin_user=FACTORY_DEFAULTS['admin_user']): super(VPNJumpbox, self).__init__('VPNJumpbox')