def add_nat_asg(self):
user_data = [resources.get_resource('nat_takeover.sh')]
if self.enable_ntp:
user_data.append(resources.get_resource('ntp_takeover.sh'))
if self.extra_user_data:
user_data.append(open(self.extra_user_data).read())
nat_asg_name = "Nat%sASG" % str(self.subnet_index)
user_data.extend([
"\n", "cfn-signal -s true", " --resource ", nat_asg_name,
" --stack ", {
"Ref": "AWS::StackName"
}, " --region ", {
"Ref": "AWS::Region"
}
])
nat_launch_config = self.add_resource(
LaunchConfiguration("Nat%sLaunchConfig" % str(self.subnet_index),
UserData=Base64(Join('', user_data)),
ImageId=FindInMap('RegionMap',
Ref('AWS::Region'),
'natAmiId'),
KeyName=Ref('ec2Key'),
SecurityGroups=[Ref(self.sg)],
EbsOptimized=False,
IamInstanceProfile=Ref(self.instance_profile),
InstanceType=self.instance_type,
AssociatePublicIpAddress=True))
# Create the NAT in a public subnet
subnet_layer = self._subnets['public'].keys()[0]
nat_asg = self.add_resource(
AutoScalingGroup(
nat_asg_name,
DesiredCapacity=1,
Tags=[
Tag("Name", Join("-", [
"NAT",
self.subnet_index,
]), True),
Tag("isNat", "true", True)
],
MinSize=1,
MaxSize=1,
Cooldown="30",
LaunchConfigurationName=Ref(nat_launch_config),
HealthCheckGracePeriod=30,
HealthCheckType="EC2",
VPCZoneIdentifier=[
self._subnets['public'][subnet_layer][self.subnet_index]
],
CreationPolicy=CreationPolicy(
ResourceSignal=ResourceSignal(Count=1, Timeout='PT15M'))))
return nat_asg
def add_nat_asg(self):
user_data = [resources.get_resource('nat_takeover.sh')]
if self.enable_ntp:
user_data.append(resources.get_resource('ntp_takeover.sh'))
if self.extra_user_data:
user_data.append(open(self.extra_user_data).read())
nat_asg_name = "Nat%sASG" % str(self.subnet_index)
user_data.extend([
"\n",
"cfn-signal -s true",
" --resource ", nat_asg_name,
" --stack ", {"Ref": "AWS::StackName"},
" --region ", {"Ref": "AWS::Region"}
])
nat_launch_config = self.add_resource(LaunchConfiguration(
"Nat%sLaunchConfig" % str(self.subnet_index),
UserData=Base64(Join('', user_data)),
ImageId=FindInMap('RegionMap', Ref('AWS::Region'), 'natAmiId'),
KeyName=Ref('ec2Key'),
SecurityGroups=[Ref(self.sg)],
EbsOptimized=False,
IamInstanceProfile=Ref(self.instance_profile),
InstanceType=self.instance_type,
AssociatePublicIpAddress=True
))
# Create the NAT in a public subnet
subnet_layer = self._subnets['public'].keys()[0]
nat_asg = self.add_resource(AutoScalingGroup(
nat_asg_name,
DesiredCapacity=1,
Tags=[
Tag("Name", Join("-", ["NAT", self.subnet_index,]), True),
Tag("isNat", "true", True)
],
MinSize=1,
MaxSize=1,
Cooldown="30",
LaunchConfigurationName=Ref(nat_launch_config),
HealthCheckGracePeriod=30,
HealthCheckType="EC2",
VPCZoneIdentifier=[self._subnets['public'][subnet_layer][self.subnet_index]],
CreationPolicy=CreationPolicy(
ResourceSignal=ResourceSignal(
Count=1,
Timeout='PT15M'
)
)
))
return nat_asg
def add_nat_asg(self):
user_data = [resources.get_resource('nat_takeover.sh')]
if self.enable_ntp:
user_data.append(resources.get_resource('ntp_takeover.sh'))
if self.extra_user_data:
user_data.append(open(self.extra_user_data).read())
nat_launch_config = self.add_resource(
LaunchConfiguration("Nat%sLaunchConfig" % str(self.subnet_index),
UserData=Base64(Join('\n', user_data)),
ImageId=FindInMap('RegionMap',
Ref('AWS::Region'),
'natAmiId'),
KeyName=Ref('ec2Key'),
SecurityGroups=[Ref(self.sg)],
EbsOptimized=False,
IamInstanceProfile=Ref(self.instance_profile),
InstanceType=self.instance_type,
AssociatePublicIpAddress=True))
nat_asg = self.add_resource(
AutoScalingGroup("Nat%sASG" % str(self.subnet_index),
DesiredCapacity=1,
Tags=[
Tag("Name",
Join("-", [Ref(self.vpc_id), "NAT"]),
True),
Tag("isNat", "true", True)
],
MinSize=1,
MaxSize=1,
Cooldown="30",
LaunchConfigurationName=Ref(nat_launch_config),
HealthCheckGracePeriod=30,
HealthCheckType="EC2",
VPCZoneIdentifier=[
Ref(self.subnets['public'][self.subnet_index])
]))
return nat_asg
def add_nat_asg(self):
user_data = [resources.get_resource('nat_takeover.sh')]
if self.enable_ntp:
user_data.append(resources.get_resource('ntp_takeover.sh'))
if self.extra_user_data:
user_data.append(open(self.extra_user_data).read())
nat_launch_config = self.add_resource(LaunchConfiguration(
"Nat%sLaunchConfig" % str(self.subnet_index),
UserData=Base64(Join('\n', user_data)),
ImageId=FindInMap('RegionMap', Ref('AWS::Region'), 'natAmiId'),
KeyName=Ref('ec2Key'),
SecurityGroups=[Ref(self.sg)],
EbsOptimized=False,
IamInstanceProfile=Ref(self.instance_profile),
InstanceType=self.instance_type,
AssociatePublicIpAddress=True
))
nat_asg = self.add_resource(AutoScalingGroup(
"Nat%sASG" % str(self.subnet_index),
DesiredCapacity=1,
Tags=[
Tag("Name", Join("-", [Ref(self.vpc_id), "NAT"]), True),
Tag("isNat", "true", True)
],
MinSize=1,
MaxSize=1,
Cooldown="30",
LaunchConfigurationName=Ref(nat_launch_config),
HealthCheckGracePeriod=30,
HealthCheckType="EC2",
VPCZoneIdentifier=[Ref(self.subnets['public'][self.subnet_index])]
))
return nat_asg
"cloudformation:ListStackResources"],
"Resource": "*"
}, {
"Effect": "Allow",
"Action": [
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:DescribeAddresses",
"ec2:DisassociateAddress"
],
"Resource": ["*"]
}
]
})
JUMPBOX_USERDATA = resources.get_resource('jumpbox_userdata.sh', __name__)
AMI_NAME = 'openVpn2020'
SUBNET_LABEL = 'jumpbox'
class VPNJumpbox(Template):
def __init__(self,
subnet_cidrs=FACTORY_DEFAULTS['subnet_cidrs'],
instance_type=FACTORY_DEFAULTS['instance_type'],
remote_access_cidr=FACTORY_DEFAULTS['remote_access_cidr'],
ec2_key=FACTORY_DEFAULTS['ec2_key'],
admin_user=FACTORY_DEFAULTS['admin_user']):
super(VPNJumpbox, self).__init__('VPNJumpbox')
