def routeTablePub(vpc, gateway):
resp = ec2.RouteTable("Pulumi Public Route Table", vpc_id=vpc)
route1 = ec2.Route(
"Default Out",
destination_cidr_block="0.0.0.0/0",
gateway_id=gateway,
route_table_id=resp,
)
return resp
def __init__(self,
name: str,
args: VpcArgs,
opts: pulumi.ResourceOptions = None):
"""
Constructs a Vpc.
:param name: The Pulumi resource name. Child resource names are constructed based on this.
:param args: A VpcArgs object containing the arguments for VPC constructin.
:param opts: A pulumi.ResourceOptions object.
"""
super().__init__('Vpc', name, None, opts)
# Make base info available to other methods
self.name = name
self.description = args.description
self.base_tags = args.base_tags
# Create VPC and Internet Gateway resources
self.vpc = ec2.Vpc(f"{name}-vpc",
cidr_block=args.base_cidr,
enable_dns_hostnames=True,
enable_dns_support=True,
tags={
**args.base_tags, "Name":
f"{args.description} VPC"
},
opts=pulumi.ResourceOptions(parent=self, ))
self.internet_gateway = ec2.InternetGateway(
f"{name}-igw",
vpc_id=self.vpc.id,
tags={
**args.base_tags, "Name":
f"{args.description} VPC Internet Gateway"
},
opts=pulumi.ResourceOptions(parent=self.vpc, ))
# Calculate subnet CIDR blocks and create subnets
subnet_distributor = SubnetDistributor(
args.base_cidr, len(args.availability_zone_names))
self.public_subnets = [
ec2.Subnet(f"{name}-public-subnet-{i}",
vpc_id=self.vpc.id,
cidr_block=cidr,
availability_zone=args.availability_zone_names[i],
map_public_ip_on_launch=True,
tags={
**args.base_tags, "Name":
f"${args.description} Public Subnet {i}"
},
opts=pulumi.ResourceOptions(parent=self.vpc, ))
for i, cidr in enumerate(subnet_distributor.public_subnets)
]
self.private_subnets = [
ec2.Subnet(f"{name}-private-subnet-{i}",
vpc_id=self.vpc.id,
cidr_block=cidr,
availability_zone=args.availability_zone_names[i],
tags={
**args.base_tags, "Name":
f"${args.description} Private Subnet {i}"
},
opts=pulumi.ResourceOptions(parent=self.vpc, ))
for i, cidr in enumerate(subnet_distributor.private_subnets)
]
# Adopt the default route table for this VPC and adapt it for use with public subnets
self.public_route_table = ec2.DefaultRouteTable(
f"{name}-public-rt",
default_route_table_id=self.vpc.default_route_table_id,
tags={
**args.base_tags, "Name":
f"${args.description} Public Route Table"
},
opts=pulumi.ResourceOptions(parent=self.vpc, ))
ec2.Route(f"{name}-route-public-sn-to-ig",
route_table_id=self.public_route_table.id,
destination_cidr_block="0.0.0.0/0",
gateway_id=self.internet_gateway.id,
opts=pulumi.ResourceOptions(parent=self.public_route_table))
for i, subnet in enumerate(self.public_subnets):
ec2.RouteTableAssociation(
f"{name}-public-rta-{i + 1}",
subnet_id=subnet.id,
route_table_id=self.public_route_table,
opts=pulumi.ResourceOptions(parent=self.public_route_table))
self.nat_elastic_ip_addresses: [ec2.Eip] = list()
self.nat_gateways: [ec2.NatGateway] = list()
self.private_route_tables: [ec2.RouteTable] = list()
# Create a NAT Gateway and appropriate route table for each private subnet
for i, subnet in enumerate(self.private_subnets):
self.nat_elastic_ip_addresses.append(
ec2.Eip(f"{name}-nat-{i + 1}",
tags={
**args.base_tags, "Name":
f"{args.description} NAT Gateway EIP {i + 1}"
},
opts=pulumi.ResourceOptions(parent=subnet)))
self.nat_gateways.append(
ec2.NatGateway(
f"{name}-nat-gateway-{i + 1}",
allocation_id=self.nat_elastic_ip_addresses[i].id,
subnet_id=self.public_subnets[i].id,
tags={
**args.base_tags, "Name":
f"{args.description} NAT Gateway {i + 1}"
},
opts=pulumi.ResourceOptions(parent=subnet)))
self.private_route_tables.append(
ec2.RouteTable(f"{name}-private-rt-{i + 1}",
vpc_id=self.vpc.id,
tags={
**args.base_tags, "Name":
f"{args.description} Private RT {i + 1}"
},
opts=pulumi.ResourceOptions(parent=subnet)))
ec2.Route(f"{name}-route-private-sn-to-nat-{i + 1}",
route_table_id=self.private_route_tables[i].id,
destination_cidr_block="0.0.0.0/0",
nat_gateway_id=self.nat_gateways[i].id,
opts=pulumi.ResourceOptions(
parent=self.private_route_tables[i]))
ec2.RouteTableAssociation(
f"{name}-private-rta-{i + 1}",
subnet_id=subnet.id,
route_table_id=self.private_route_tables[i].id,
opts=pulumi.ResourceOptions(
parent=self.private_route_tables[i]))
# Create S3 endpoint if necessary
if args.create_s3_endpoint:
ec2.VpcEndpoint(f"{name}-s3-endpoint",
vpc_id=self.vpc.id,
service_name=f"com.amazonaws.{config.region}.s3",
route_table_ids=[
self.public_route_table.id,
*[rt.id for rt in self.private_route_tables]
],
opts=pulumi.ResourceOptions(parent=self.vpc))
# Create DynamoDB endpoint if necessary
if args.create_dynamodb_endpoint:
ec2.VpcEndpoint(
f"{name}-dynamodb-endpoint",
vpc_id=self.vpc.id,
service_name=f"com.amazonaws.{config.region}.dynamodb",
route_table_ids=[
self.public_route_table.id,
*[rt.id for rt in self.private_route_tables]
],
opts=pulumi.ResourceOptions(parent=self.vpc))
super().register_outputs({})
tags={
'Name': 'infra public route table (front-back-autoscaling)',
'Creator': 'timc'
})
# AWS: source-based routing. To get closer to a specific destination CIDR,
# forward traffic to corresponding target, e.g.,
#
# Destination Target
# 10.0.0.0/16 Local
# 172.31.0.0/16 pcx-1a2b3c4d
# 0.0.0.0/0 igw-11aa22bb
# AKA 'new-igw-route'
public_route = ec2.Route(resource_name='new-public-route',
destination_cidr_block='0.0.0.0/0',
gateway_id=igw.id,
route_table_id=public_subnet_rt.id)
public_subnet_rta = ec2.RouteTableAssociation(
resource_name='new-public-subnet-rta',
route_table_id=public_subnet_rt.id,
subnet_id=public_subnet_1.id)
private_subnet_1 = ec2.Subnet(
resource_name='new-private-subnet-1',
vpc_id=vpc.id,
cidr_block='10.0.2.0/24',
availability_zone=_az1,
tags={
'Name': 'infra private subnet (front-back-autoscaling)',
'Creator': 'timc'
}],
tags={
'Name': 'infra route table',
'Creator': 'timc'
})
# AWS: source-based routing. To get closer to a specific destination CIDR,
# forward traffic to corresponding target, e.g.,
#
# Destination Target
# 10.0.0.0/16 Local
# 172.31.0.0/16 pcx-1a2b3c4d
# 0.0.0.0/0 igw-11aa22bb
route = ec2.Route('default-route',
destination_cidr_block='0.0.0.0/0',
gateway_id=igw.id,
route_table_id=rt.id)
# AWS: Maybe I should drop the route definition above, and use a
# MainRouteTableAssociation here. The main route table is sitting idle.
rta = ec2.RouteTableAssociation('new-rta',
route_table_id=rt.id,
subnet_id=subnet.id)
sg = ec2.SecurityGroup(resource_name='new-sg',
description='HTTP and SSH ingress',
vpc_id=vpc.id,
ingress=[
{
'protocol': 'tcp',
def __init__(self):
resource_specs = ParseYAML(resource_type).getSpecs()
aws_vpc_id = VPCs.VPCId()
aws_igw_id = InternetGateways.InternetGatewayId()
aws_natgw_id = NATGateways.NATGatewayId()
aws_subnet_id = Subnets.SubnetId()
for rtb_name, rtb_configuration in resource_specs.items():
# AWS Route Table Variables
resource_name = rtb_name
resource_vpc = rtb_configuration["vpc"]
resource_tags = None
resource_tags = rtb_configuration[
"tags"] if "tags" in rtb_configuration else None
# Getting list of tags from configuration file
tags_list = {}
if resource_tags is not None:
for each_tag_name, each_tag_value in resource_tags.items():
tags_list.update({each_tag_name: each_tag_value})
# Adding mandatory tags
tags_list.update({"Name": resource_name})
tags_list.update({
"Project/Stack":
pulumi.get_project() + "/" + pulumi.get_stack()
})
tags_list.update(resource_mandatory_tags)
this_vpc = aws_vpc_id[str(resource_vpc)]
#
# Create Route Table
#
aws_rtb = rtb.RouteTable(resource_name,
vpc_id=this_vpc,
tags=tags_list)
rtb_ids_dict.update({aws_rtb._name: aws_rtb.id})
# Export the name of each Route Table
pulumi.export(aws_rtb._name, aws_rtb.id)
#
# Route Table Routes
#
# Routes list
routes_list = []
for each_route_entry, each_route_entry_configuration in rtb_configuration[
"routes"].items():
# NAT Gateways
if each_route_entry_configuration[
"target_type"] == "nat_gateway":
this_natgw = aws_natgw_id[str(
each_route_entry_configuration["target"])]
routes_list.append(
rtb.Route(
(each_route_entry + "-route"),
route_table_id=aws_rtb.id,
destination_cidr_block=
each_route_entry_configuration["destination"],
nat_gateway_id=this_natgw))
# Internet Gateways
elif each_route_entry_configuration[
"target_type"] == "internet_gateway":
this_igw = aws_igw_id[str(
each_route_entry_configuration["target"])]
routes_list.append(
rtb.Route(
(each_route_entry + "-route"),
route_table_id=aws_rtb.id,
destination_cidr_block=
each_route_entry_configuration["destination"],
gateway_id=this_igw), )
else:
print("ERROR | Unsupported 'target_type' found")
for each_route_type in routes_list:
# print(each_route_entry)
rtb_route = (
each_route_type
# opts = pulumi.ResourceOptions(depends_on=[aws_rtb[resource_name]])
)
#
# Subnet Associations
#
# Checking if route-table: key is present
resource_associated_subnet = None
resource_associated_subnet = rtb_configuration[
"associated_subnets"] if "associated_subnets" in rtb_configuration else None
# If the key is present then we'll get the value
# and we'll invoke the association
if resource_associated_subnet is not None:
subnets_count = 0
for each_associated_subnet in resource_associated_subnet:
subnets_count = subnets_count + 1
this_subnet = aws_subnet_id[str(each_associated_subnet)]
route_table_association = rtb.RouteTableAssociation(
(resource_name + "-rtb-as-" +
str(subnets_count).zfill(2)),
subnet_id=this_subnet,
route_table_id=aws_rtb.id)
# Export the name of each Route Table Association
pulumi.export(route_table_association._name,
route_table_association.id)
)
k += 1
rtb_pub = ec2.RouteTable(
f"{APP}-rtb-pub",
vpc_id=vpc.id,
tags={
'Name': 'rtb-pub',
'Environment': _env
}
)
rte_pub = ec2.Route(
f"{APP}-rte-pub",
destination_cidr_block="0.0.0.0/0",
gateway_id=igw.id,
route_table_id=rtb_pub.id
)
for i in subnets["public"]:
ec2.RouteTableAssociation(
f"{APP}-rtb-assoc-pub{i}",
route_table_id=rtb_pub.id,
subnet_id=subnets["public"][i]
)
rtb_privs = []
if not ha:
eip = ec2.Eip(
f"{APP}-eip0",
vpc=True,
def __init__(
self,
name,
opts=None,
):
super().__init__("nuage:aws:DevelopmentEnvironment:VPC",
f"{name}VpcEnvironment", None, opts)
vpc = ec2.Vpc(
f"{name}Vpc",
cidr_block="172.32.0.0/16",
enable_dns_hostnames=True,
enable_dns_support=True,
)
subnet_1 = ec2.Subnet(
f"{name}VpcSubnetA",
availability_zone="eu-west-1a",
vpc_id=vpc.id,
cidr_block="172.32.0.0/20",
opts=ResourceOptions(depends_on=[vpc]),
)
subnet_2 = ec2.Subnet(
f"{name}VpcSubnetB",
availability_zone="eu-west-1b",
vpc_id=vpc.id,
cidr_block="172.32.16.0/20",
opts=ResourceOptions(depends_on=[vpc]),
)
subnet_3 = ec2.Subnet(
f"{name}VpcSubnetC",
availability_zone="eu-west-1c",
vpc_id=vpc.id,
cidr_block="172.32.32.0/20",
opts=ResourceOptions(depends_on=[vpc]),
)
private_subnet_1 = ec2.Subnet(
f"{name}VpcPrivateSubnetA",
availability_zone="eu-west-1a",
vpc_id=vpc.id,
cidr_block="172.32.48.0/20",
opts=ResourceOptions(depends_on=[vpc]),
)
security_group = ec2.SecurityGroup(
f"{name}SecurityGroup",
vpc_id=vpc.id,
opts=ResourceOptions(depends_on=[vpc]),
)
security_group_rule = ec2.SecurityGroupRule(
f"{name}SSHRule",
security_group_id=security_group.id,
type="ingress",
protocol="tcp",
from_port=22,
to_port=22,
cidr_blocks=["0.0.0.0/0"],
)
security_group_rule = ec2.SecurityGroupRule(
f"{name}InboundRule",
security_group_id=security_group.id,
type="ingress",
protocol="all",
from_port=0,
to_port=65535,
source_security_group_id=security_group.id,
)
security_group_rule = ec2.SecurityGroupRule(
f"{name}OutboundRule",
security_group_id=security_group.id,
type="egress",
protocol="all",
from_port=0,
to_port=65535,
cidr_blocks=["0.0.0.0/0"],
)
subnets = [subnet_1, subnet_2, subnet_3]
gateway = ec2.InternetGateway(
f"{name}InternetGateway",
vpc_id=vpc.id,
opts=ResourceOptions(depends_on=[vpc]),
)
gateway_route = ec2.Route(
f"{name}GatewayRoute",
destination_cidr_block="0.0.0.0/0",
gateway_id=gateway.id,
route_table_id=vpc.default_route_table_id,
)
elastic_ip = ec2.Eip(f"{name}Eip",
vpc=True,
opts=ResourceOptions(depends_on=[gateway]))
nat_gateway = ec2.NatGateway(
f"{name}NatGateway",
subnet_id=subnet_1.id,
allocation_id=elastic_ip.id,
opts=ResourceOptions(depends_on=[subnet_1, elastic_ip]),
)
private_route_table = ec2.RouteTable(
f"{name}PrivateRouteTable",
routes=[
{
"cidr_block": "0.0.0.0/0",
"nat_gateway_id": nat_gateway.id,
},
],
vpc_id=vpc.id,
opts=ResourceOptions(depends_on=[private_subnet_1]),
)
private_route_table_assoc = ec2.RouteTableAssociation(
f"{name}PrivateRouteTableAssoc",
route_table_id=private_route_table.id,
subnet_id=private_subnet_1.id,
)
outputs = {
"vpc": vpc,
"security_group": security_group,
"public_subnets": [subnet_1, subnet_2, subnet_3],
"private_subnet": private_subnet_1,
"nat_gateway": nat_gateway,
}
self.set_outputs(outputs)