import pulumi from pulumi_aws import ec2, get_ami, GetAmiFilterArgs group = ec2.SecurityGroup('web-secgrp', ingress=[ # Uncomment to fail a test: #{ "protocol": "tcp", "from_port": 22, "to_port": 22, "cidr_blocks": ["0.0.0.0/0"] }, { "protocol": "tcp", "from_port": 80, "to_port": 80, "cidr_blocks": ["0.0.0.0/0"] }, ]) user_data = '#!/bin/bash echo "Hello, World!" > index.html nohup python -m SimpleHTTPServer 80 &' ami_id = get_ami( most_recent=True, owners=["099720109477"], filters=[ GetAmiFilterArgs( name="name", values=["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"] )] ).id server = ec2.Instance('web-server-www', instance_type="t2.micro", vpc_security_group_ids=[ group.id ], # reference the group object above # Comment out to fail a test: tags={'Name': 'webserver'}, # name tag # Uncomment to fail a test: #user_data=user_data) # start a simple web server ami=ami_id)
# Copyright 2016-2018, Pulumi Corporation. All rights reserved. import pulumi from pulumi_aws import ec2 from ami import get_linux_ami size = 't2.micro' group = ec2.SecurityGroup('web-secgrp', description='Enable HTTP access', ingress=[{ 'protocol': 'tcp', 'from_port': 80, 'to_port': 80, 'cidr_blocks': ['0.0.0.0/0'] }]) server = ec2.Instance('web-server-www', instance_type=size, security_groups=[group.name], ami=get_linux_ami(size)) pulumi.export('public_ip', server.public_ip) pulumi.export('public_dns', server.public_dns)
""" import pulumi from pulumi_aws import ec2 # Writes an index.html file, then runs the built-in Python # webserver module on port 80. user_data = """#!/bin/bash echo "<h1>Hello, World!</h1><p>From a Pulumi-managed EC2 server.</p>" > index.html nohup python -m SimpleHTTPServer 80 & """ instance = ec2.Instance( 'web-server-www;', instance_type="t2.micro", tags={"Owner": "Chris"}, # AMI for Amazon Linux 2 us-east-2 (Ohio) ami="ami-0f7919c33c90f5b58", user_data=user_data) group = ec2.SecurityGroup( 'web-secgrp', ingress=[ # SSH { "protocol": "tcp", "from_port": 22, "to_port": 22, "cidr_blocks": ["0.0.0.0/0"] }, # HTTP
import pulumi from pulumi_aws import ec2 group = ec2.SecurityGroup( 'web-secgrp', ingress=[ # Uncomment to fail a test: #{ "protocol": "tcp", "from_port": 22, "to_port": 22, "cidr_blocks": ["0.0.0.0/0"] }, { "protocol": "tcp", "from_port": 80, "to_port": 80, "cidr_blocks": ["0.0.0.0/0"] }, ]) user_data = '#!/bin/bash echo "Hello, World!" > index.html nohup python -m SimpleHTTPServer 80 &' server = ec2.Instance( 'web-server-www;', instance_type="t2.micro", security_groups=[group.name], # reference the group object above # Comment out to fail a test: tags={'Name': 'webserver'}, # name tag ami="ami-c55673a0") # AMI for us-east-2 (Ohio) # Uncomment to fail a test: #user_data=user_data) # start a simple web server
# difficulty trying to automate an AMI selection AMI = "ami-7172b611" sg_web = ec2.SecurityGroup("web-in", ingress=[{ 'protocol': 'tcp', 'from_port': 80, 'to_port': 80, 'cidr_blocks': ["0.0.0.0/0"] }]) instances_web = [] for i in range(COUNT): inst = ec2.Instance('Terraform Demo {}'.format(i), ami=AMI, availability_zone=AZONE, instance_type="t2.micro", vpc_security_group_ids=[sg_web.id]) instances_web.append(inst) volumes_web = [] for i in range(COUNT): vol = ebs.Volume( 'Terraform Demo {}'.format(i), # strange that you can set the azone for instances with pulumi config # but it doesn't take for volumes availability_zone=AZONE, size=10) volumes_web.append(vol) volumes_attach = []
from pulumi import StackReference, Config, export from pulumi_aws import get_ami, ec2 config = Config() company_stack = StackReference(config.require("companyStack")) department_stack = StackReference(config.require("departmentStack")) combines_tags = { "department": department_stack.get_output("departmentName"), "company": company_stack.get_output("companyName"), "team": config.require("teamName"), "Managed By": "Pulumi", } ami_id = get_ami( most_recent="true", owners=["099720109477"], filters=[{ "name": "name", "values": ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"] }]).id instance = ec2.Instance("tagged", instance_type="t2.medium", ami=ami_id, tags=combines_tags) export("instance_id", instance.id) export("instance_tags", instance.tags)
'cidr_blocks': ['0.0.0.0/0'] }], egress=[{ 'protocol': '-1', 'from_port': 0, 'to_port': 0, 'cidr_blocks': ['0.0.0.0/0'] }]) # Create an EC2 (using the ami previously retrieved) instance = ec2.Instance( f"nextcloud-webserver-www-{env}", instance_type=size, # reference security group from above security_groups=[group.name], ami=ami.id, key_name=keyPairName, associate_public_ip_address=True, availability_zone=availabilityZone, user_data=userScript_final, tags={'Name': f"nextcloud-{env}"}, opts=pulumi.ResourceOptions(delete_before_replace=True, )) # Associate our Elastic IP to the instance elastic_ip_association = ec2.EipAssociation( f"nextcloud-elastic-ip-association{env}", opts=None, allocation_id=None, allow_reassociation=None, instance_id=instance.id, network_interface_id=None, private_ip_address=None,
# TODO add ebs_block_devices # TODO add volume_tags # TODO add iam_instance_profile # TODO add user_data # TODO how to allow access to private instance without copying SSH key to this # machine? Looks like I need `SSH agent forwarding`. public_server_1 = ec2.Instance( resource_name='new-public-ec2-1', ami=_ami, # TypeError if not present instance_type=_instance_type, # TypeError if not present security_groups=[public_sg.id], availability_zone=_az1, subnet_id=public_subnet_1.id, associate_public_ip_address=False, key_name=_key_name, # TODO `Quiver`: `Pulumi > Questions > Adding tags forces EC2 replacement?` # edit: I also changed the instance's `resource_name` tags={ 'Name': 'infra public ec2 1 (front-back-autoscaling)', 'Creator': 'timc' }) public_server_2 = ec2.Instance( resource_name='new-public-ec2-2', ami=_ami, # TypeError if not present instance_type=_instance_type, # TypeError if not present security_groups=[public_sg.id], availability_zone=_az2, subnet_id=public_subnet_2.id,
def Instance(): resource_specs = ParseYAML(resource_type).getSpecs() aws_subnet_id = Subnets.SubnetId() aws_sg_id = SecurityGroups.SecurityGroupId() aws_keypair_id = KeyPairs.KeyPairId() for ec2_instance_name, ec2_instance_configuration in resource_specs[ "instance"].items(): # AWS EC2 Dynamic Variables resource_name = ec2_instance_name resource_number_of_instances = ec2_instance_configuration[ "number_of_instances"] if "number_of_instances" in ec2_instance_configuration else 1 resource_ami = ec2_instance_configuration[ "ami"] if "ami" in ec2_instance_configuration else None resource_instance_type = ec2_instance_configuration[ "instance_type"] if "instance_type" in ec2_instance_configuration else None resource_subnet = ec2_instance_configuration[ "subnet"] if "subnet" in ec2_instance_configuration else None resource_security_groups = ec2_instance_configuration[ "security_groups"] if "security_groups" in ec2_instance_configuration else None resource_ebs_optimization = ec2_instance_configuration[ "ebs_optimization"] if "ebs_optimization" in ec2_instance_configuration else None resource_root_disk_volume_type = ec2_instance_configuration[ "root_disk"][ "volume_type"] if "volume_type" in ec2_instance_configuration[ "root_disk"] else None resource_root_disk_volume_size = ec2_instance_configuration[ "root_disk"][ "volume_size"] if "volume_size" in ec2_instance_configuration[ "root_disk"] else None resource_additional_disks = ec2_instance_configuration[ "additional_disks"] if "additional_disks" in ec2_instance_configuration else None resource_public_ipv4_address = ec2_instance_configuration[ "public_ipv4_address"] if "public_ipv4_address" in ec2_instance_configuration else None resource_keypair = ec2_instance_configuration[ "ssh_key"] if "ssh_key" in ec2_instance_configuration else None resource_user_data = ec2_instance_configuration[ "user_data"] if "user_data" in ec2_instance_configuration else None resource_password_data = ec2_instance_configuration[ "password"] if "password" in ec2_instance_configuration else None resource_tags = None resource_tags = ec2_instance_configuration[ "tags"] if "tags" in ec2_instance_configuration else None # Getting list of tags from configuration file tags_list = {} if resource_tags is not None: for each_tag_name, each_tag_value in resource_tags.items(): tags_list.update({each_tag_name: each_tag_value}) # Adding mandatory tags tags_list.update({"Name": resource_name}) tags_list.update({ "Project/Stack": pulumi.get_project() + "/" + pulumi.get_stack() }) tags_list.update(resource_mandatory_tags) this_subnet = aws_subnet_id[str(resource_subnet)] # Check if the KeyPair is provided or not if resource_keypair is not None: this_keypair = aws_keypair_id[str(resource_keypair)] # Getting the list of security groups found security_groups_list = [] for each_security_group_found in resource_security_groups: this_security_group = aws_sg_id[str(each_security_group_found)] security_groups_list.append(this_security_group) for number_of_instances in range( 1, int(resource_number_of_instances) + 1): if resource_number_of_instances > 1: resource_final_name = ( resource_name + str("-" + str(number_of_instances)).zfill(4)) else: resource_final_name = resource_name # # Create EC2 # ec2_instance = ec2.Instance( resource_final_name, ami=resource_ami, instance_type=resource_instance_type, associate_public_ip_address=resource_public_ipv4_address, subnet_id=this_subnet, vpc_security_group_ids=security_groups_list, key_name=this_keypair, ebs_optimized=resource_ebs_optimization, root_block_device={ "volume_type": resource_root_disk_volume_type, "volume_size": resource_root_disk_volume_size }, user_data=resource_user_data, get_password_data=resource_password_data, tags=tags_list) # # Additional Disks (EBS Volumes) # if resource_additional_disks is not None: # This variable is used down below # by Volume Attachment additional_disks_found = 0 for additional_disk_name, additional_disk_config in resource_additional_disks.items( ): if additional_disk_name is not None: # Setting up the default values # for each individual EBS volume default_additional_disk_config_az = ec2_instance.availability_zone default_additional_disk_config_type = "gp2" default_additional_disk_config_size = 20 if additional_disk_config is not None: additional_disk_config_az = additional_disk_config[ "availability_zone"] if "availability_zone" in additional_disk_config else default_additional_disk_config_az additional_disk_config_type = additional_disk_config[ "volume_type"] if "volume_type" in additional_disk_config else default_additional_disk_config_type additional_disk_config_size = additional_disk_config[ "volume_size"] if "volume_size" in additional_disk_config else default_additional_disk_config_size else: additional_disk_config_az = default_additional_disk_config_az additional_disk_config_type = default_additional_disk_config_type additional_disk_config_size = default_additional_disk_config_size # Create EBS Volume ebs_volume = ebs.Volume( additional_disk_name, availability_zone=additional_disk_config_az, type=additional_disk_config_type, size=additional_disk_config_size, tags={ "Name": additional_disk_name, }) # # EBS Volume Attachment # additional_disks_letter = range( 98, 123) # Getting a letter between 'b' and 'z' additional_disk_assigned_letter = additional_disks_letter[ additional_disks_found] additional_disk_device_lettet = "/dev/sd{:c}".format( additional_disk_assigned_letter) ebs_attachment = ec2.VolumeAttachment( (additional_disk_name + "-attachment"), device_name=additional_disk_device_lettet, volume_id=ebs_volume.id, instance_id=ec2_instance.id) additional_disks_found = additional_disks_found + 1 # NOTE EC2 ID Dictionary # Update resource dictionaries ec2_ids_dict.update({ec2_instance._name: ec2_instance.id}) # NOTE Values Test # Print statements below are used only for # testing the functionality, can be ignored # print("Instance name:", ec2_instance._name) # print("Instance ID:", ec2_instance.id) # Export the name of each EC2 Instance pulumi.export( ec2_instance._name, [{ "ID": ec2_instance.id, "ARN": ec2_instance.arn, "State": ec2_instance.instance_state, "Password (Windows)": ec2_instance.password_data, "Private DNS": ec2_instance.private_dns, "Public DNS": ec2_instance.public_dns, "Public IP": ec2_instance.public_ip, "Primary ENI": ec2_instance.primary_network_interface_id }])
'Creator': 'timc' }) # TODO add ebs_block_devices # TODO add volume_tags # TODO add iam_instance_profile # TODO add user_data server = ec2.Instance( resource_name='new-ec2', ami='ami-032509850cf9ee54e', # TypeError if not present instance_type=_instance_type, # TypeError if not present security_groups=[sg.id], availability_zone=_availability_zone, subnet_id=subnet.id, associate_public_ip_address=False, key_name='sl-us-west-2', # TODO `Quiver`: `Pulumi > Questions > Adding tags forces EC2 replacement?` # edit: I also changed the instance's `resource_name` tags={ 'Name': 'infra ec2', 'Creator': 'timc' }) # TODO bug? If you include `associate_with_private_ip = server.private_ip` but # leave off `instance = server.id`, the association is not created eip = ec2.Eip(resource_name='new-eip', instance=server.id, associate_with_private_ip=server.private_ip, tags={ 'Name': 'infra eip',
"values": [ec2_image_id] }], owners=[ec2_image_owner]) # Create a EC2 security group pulumi_security_group = ec2.SecurityGroup( 'pulumi-secgrp', description='pulumi: enable SSH access & outgoing connections', ingress=[{ 'protocol': 'tcp', 'from_port': ec2_ssh_port, 'to_port': ec2_ssh_port, 'cidr_blocks': ['0.0.0.0/0'] }], egress=[{ 'protocol': '-1', 'from_port': 0, 'to_port': 0, 'cidr_blocks': ['0.0.0.0/0'] }]) # Create EC2 instance ec2_instance = ec2.Instance(ec2_instance_name, key_name=ec2_keypair_name, instance_type=ec2_instance_size, security_groups=[pulumi_security_group.name], ami=pulumi_ami.id) pulumi.export('publicIp', ec2_instance.public_ip) pulumi.export('publicHostName', ec2_instance.public_dns)
), undefined=LoggingUndefined) template_env.globals['include_raw'] = include_raw template = template_env.get_template('user-data.j2') user_data = template.render(template_vars) with open('user-data.test', 'w') as f: f.write(user_data) pulumi.info(msg='generated user-data from user-data.j2') elif os.path.exists('user-data.txt'): with open('user-data.txt') as f: user_data = f.read() pulumi.info(msg='read user-data from user-data.txt') server = ec2.Instance('server', instance_type=instance_type, security_groups=[web_group.name, ssh_group.name], user_data=user_data, ami=ami) if DEBUG: pulumi.info("web_group={}".format(attributes(web_group))) pulumi.info("web_group.vpc_id={}".format( Output.all(web_group.vpc_id).apply(lambda s: f"{s[0]}"))) pulumi.info("ssh_group={}".format(attributes(ssh_group))) pulumi.info("ssh_group.vpc_id={}".format( ssh_group.vpc_id.apply(lambda s: f"{s[0]}"))) # Determining the user account for a given AMI is not an easy # task. For details on how to get the default user name, see # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html # Hard code the user until this can be derived programatically.
import pulumi from pulumi_aws import ec2 size = 't2.micro' ami_id = 'ami-0475f60cdd8fd2120' # us-west-2 group = ec2.SecurityGroup('web-secgrp', description='Enable HTTP access', ingress=[{ 'protocol': 'tcp', 'from_port': 80, 'to_port': 80, 'cidr_blocks': ['0.0.0.0/0'] }]) user_data = """ #!/bin/bash echo "Hello, World!" > index.html nohup python -m SimpleHTTPServer 80 & """ server = ec2.Instance('web-server-www', instance_type=size, security_groups=[group.name], user_data=user_data, ami=ami_id) pulumi.export('public_ip', server.public_ip)