def _create_from_arguments(self, name, number_of_availability_zones): # type: (str, int) -> None """ Creates a new Network from the constructor arguments (i.e. not from a VPC that already exists). :param name: The name of the new network :param number_of_availability_zones: The number of AZs to create subnets in :return: None """ number_of_availability_zones = number_of_availability_zones or 2 if number_of_availability_zones < 1 or number_of_availability_zones >= 4: raise RunError( "Unsupported number of available zones for Network: " + str(number_of_availability_zones)) self.use_private_subnets = self.use_private_subnets or False vpc = ec2.Vpc(name, cidr_block="10.10.0.0/16", enable_dns_hostnames=True, enable_dns_support=True, tags={ "Name": name, }, __opts__=ResourceOptions(parent=self)) self.vpc_id = vpc.id self.security_group_ids = [vpc.default_security_group_id] internet_gateway = ec2.InternetGateway( name, vpc_id=vpc.id, tags={ "Name": name, }, __opts__=ResourceOptions(parent=self)) public_route_table = ec2.RouteTable( name, vpc_id=vpc.id, routes=[{ "cidrBlock": "0.0.0.0/0", "gatewayId": internet_gateway.id }], tags={"Name": name}, __opts__=ResourceOptions(parent=self)) self.subnet_ids = [] self.public_subnet_ids = [] for i in range(number_of_availability_zones): route_table, subnet = self._create_subnet(name, public_route_table, i) # pylint: disable=unused-variable route_table_association = ec2.RouteTableAssociation( "%s-%d" % (name, i), subnet_id=subnet.id, route_table_id=route_table.id, __opts__=ResourceOptions(parent=self)) self.subnet_ids.append(subnet.id)
def _create_public_subnet(self, vpcid, public_route_table_id, azid): subnet_name = "%s-%d-public-subnet" % (self.name, azid) az_id = self._get_az(azid) subnet = ec2.Subnet(subnet_name, availability_zone_id=az_id, cidr_block=("10.0.%d.0/24" % azid), vpc_id=vpcid, tags=self.vpc_tags, map_public_ip_on_launch=True, __opts__=ResourceOptions(parent=self)) prta_name = "%s-rt-assoc" % subnet_name public_route_table_association = ec2.RouteTableAssociation( prta_name, route_table_id=public_route_table_id, subnet_id=subnet.id, __opts__=ResourceOptions(parent=self)) return subnet.id
def _create_private_subnet(self, vpcid, private_route_table_id, azid): if private_route_table_id is None: raise RunError( "attempting to create a private subnet without a private subnet route table" ) subnet_name = "%s-%d-private-subnet" % (self.name, azid) az_id = self._get_az(azid) subnet = ec2.Subnet(subnet_name, availability_zone_id=az_id, cidr_block=("10.0.%d.0/24" % azid), vpc_id=vpcid, tags=self.vpc_tags, map_public_ip_on_launch=False, __opts__=ResourceOptions(parent=self)) prta_name = "%s-rt-assoc" % subnet_name private_route_table_assocation = ec2.RouteTableAssociation( prta_name, route_table_id=private_route_table_id, subnet_id=subnet.id, __opts__=ResourceOptions(parent=self)) return subnet.id
gateway_id=internet_gateway.id) ]) zones = Output.from_input(get_availability_zones()) zone_names = zones.apply(lambda zs: zs.names) subnet0 = ec2.Subnet( "test0", vpc_id=vpc.id, availability_zone=zone_names.apply(lambda names: names[0]), cidr_block="10.11.0.0/24", map_public_ip_on_launch=True) subnet1 = ec2.Subnet( "test1", vpc_id=vpc.id, availability_zone=zone_names.apply(lambda names: names[1]), cidr_block="10.11.1.0/24", map_public_ip_on_launch=True) route_table_association0 = ec2.RouteTableAssociation( 'test0', subnet_id=subnet0.id, route_table_id=route_table.id) route_table_association1 = ec2.RouteTableAssociation( 'test1', subnet_id=subnet1.id, route_table_id=route_table.id) group = applicationloadbalancing.LoadBalancer('test', load_balancer_type='application', internal=False, subnets=[subnet0.id, subnet1.id])
def __init__(self, name: str, args: VpcArgs, opts: pulumi.ResourceOptions = None): """ Constructs a Vpc. :param name: The Pulumi resource name. Child resource names are constructed based on this. :param args: A VpcArgs object containing the arguments for VPC constructin. :param opts: A pulumi.ResourceOptions object. """ super().__init__('Vpc', name, None, opts) # Make base info available to other methods self.name = name self.description = args.description self.base_tags = args.base_tags # Create VPC and Internet Gateway resources self.vpc = ec2.Vpc(f"{name}-vpc", cidr_block=args.base_cidr, enable_dns_hostnames=True, enable_dns_support=True, tags={ **args.base_tags, "Name": f"{args.description} VPC" }, opts=pulumi.ResourceOptions(parent=self, )) self.internet_gateway = ec2.InternetGateway( f"{name}-igw", vpc_id=self.vpc.id, tags={ **args.base_tags, "Name": f"{args.description} VPC Internet Gateway" }, opts=pulumi.ResourceOptions(parent=self.vpc, )) # Calculate subnet CIDR blocks and create subnets subnet_distributor = SubnetDistributor( args.base_cidr, len(args.availability_zone_names)) self.public_subnets = [ ec2.Subnet(f"{name}-public-subnet-{i}", vpc_id=self.vpc.id, cidr_block=cidr, availability_zone=args.availability_zone_names[i], map_public_ip_on_launch=True, tags={ **args.base_tags, "Name": f"${args.description} Public Subnet {i}" }, opts=pulumi.ResourceOptions(parent=self.vpc, )) for i, cidr in enumerate(subnet_distributor.public_subnets) ] self.private_subnets = [ ec2.Subnet(f"{name}-private-subnet-{i}", vpc_id=self.vpc.id, cidr_block=cidr, availability_zone=args.availability_zone_names[i], tags={ **args.base_tags, "Name": f"${args.description} Private Subnet {i}" }, opts=pulumi.ResourceOptions(parent=self.vpc, )) for i, cidr in enumerate(subnet_distributor.private_subnets) ] # Adopt the default route table for this VPC and adapt it for use with public subnets self.public_route_table = ec2.DefaultRouteTable( f"{name}-public-rt", default_route_table_id=self.vpc.default_route_table_id, tags={ **args.base_tags, "Name": f"${args.description} Public Route Table" }, opts=pulumi.ResourceOptions(parent=self.vpc, )) ec2.Route(f"{name}-route-public-sn-to-ig", route_table_id=self.public_route_table.id, destination_cidr_block="0.0.0.0/0", gateway_id=self.internet_gateway.id, opts=pulumi.ResourceOptions(parent=self.public_route_table)) for i, subnet in enumerate(self.public_subnets): ec2.RouteTableAssociation( f"{name}-public-rta-{i + 1}", subnet_id=subnet.id, route_table_id=self.public_route_table, opts=pulumi.ResourceOptions(parent=self.public_route_table)) self.nat_elastic_ip_addresses: [ec2.Eip] = list() self.nat_gateways: [ec2.NatGateway] = list() self.private_route_tables: [ec2.RouteTable] = list() # Create a NAT Gateway and appropriate route table for each private subnet for i, subnet in enumerate(self.private_subnets): self.nat_elastic_ip_addresses.append( ec2.Eip(f"{name}-nat-{i + 1}", tags={ **args.base_tags, "Name": f"{args.description} NAT Gateway EIP {i + 1}" }, opts=pulumi.ResourceOptions(parent=subnet))) self.nat_gateways.append( ec2.NatGateway( f"{name}-nat-gateway-{i + 1}", allocation_id=self.nat_elastic_ip_addresses[i].id, subnet_id=self.public_subnets[i].id, tags={ **args.base_tags, "Name": f"{args.description} NAT Gateway {i + 1}" }, opts=pulumi.ResourceOptions(parent=subnet))) self.private_route_tables.append( ec2.RouteTable(f"{name}-private-rt-{i + 1}", vpc_id=self.vpc.id, tags={ **args.base_tags, "Name": f"{args.description} Private RT {i + 1}" }, opts=pulumi.ResourceOptions(parent=subnet))) ec2.Route(f"{name}-route-private-sn-to-nat-{i + 1}", route_table_id=self.private_route_tables[i].id, destination_cidr_block="0.0.0.0/0", nat_gateway_id=self.nat_gateways[i].id, opts=pulumi.ResourceOptions( parent=self.private_route_tables[i])) ec2.RouteTableAssociation( f"{name}-private-rta-{i + 1}", subnet_id=subnet.id, route_table_id=self.private_route_tables[i].id, opts=pulumi.ResourceOptions( parent=self.private_route_tables[i])) # Create S3 endpoint if necessary if args.create_s3_endpoint: ec2.VpcEndpoint(f"{name}-s3-endpoint", vpc_id=self.vpc.id, service_name=f"com.amazonaws.{config.region}.s3", route_table_ids=[ self.public_route_table.id, *[rt.id for rt in self.private_route_tables] ], opts=pulumi.ResourceOptions(parent=self.vpc)) # Create DynamoDB endpoint if necessary if args.create_dynamodb_endpoint: ec2.VpcEndpoint( f"{name}-dynamodb-endpoint", vpc_id=self.vpc.id, service_name=f"com.amazonaws.{config.region}.dynamodb", route_table_ids=[ self.public_route_table.id, *[rt.id for rt in self.private_route_tables] ], opts=pulumi.ResourceOptions(parent=self.vpc)) super().register_outputs({})
## Subnets, one for each AZ in a region zones = get_availability_zones() subnet_ids = [] for zone in zones.names: vpc_subnet = ec2.Subnet(f'vpc-subnet-{zone}', assign_ipv6_address_on_creation=False, vpc_id=vpc.id, map_public_ip_on_launch=True, cidr_block=f'10.100.{len(subnet_ids)}.0/24', availability_zone=zone, tags={'Name': f'pulumi-sn-{zone}'}) ec2.RouteTableAssociation( f'vpc-route-table-assoc-{zone}', route_table_id=eks_route_table.id, subnet_id=vpc_subnet.id, ) subnet_ids.append(vpc_subnet.id) ## Security Group eks_security_group = ec2.SecurityGroup( 'eks-cluster-sg', vpc_id=vpc.id, description='Allow all HTTP(s) traffic to EKS Cluster', tags={'Name': 'pulumi-cluster-sg'}, ingress=[{ 'cidr_blocks': ['0.0.0.0/0'], 'from_port': '443',
# AWS: source-based routing. To get closer to a specific destination CIDR, # forward traffic to corresponding target, e.g., # # Destination Target # 10.0.0.0/16 Local # 172.31.0.0/16 pcx-1a2b3c4d # 0.0.0.0/0 igw-11aa22bb # AKA 'new-igw-route' public_route = ec2.Route(resource_name='new-public-route', destination_cidr_block='0.0.0.0/0', gateway_id=igw.id, route_table_id=public_subnet_rt.id) public_subnet_rta = ec2.RouteTableAssociation( resource_name='new-public-subnet-rta', route_table_id=public_subnet_rt.id, subnet_id=public_subnet_1.id) private_subnet_1 = ec2.Subnet( resource_name='new-private-subnet-1', vpc_id=vpc.id, cidr_block='10.0.2.0/24', availability_zone=_az1, tags={ 'Name': 'infra private subnet (front-back-autoscaling)', 'Creator': 'timc' }) private_subnet_2 = ec2.Subnet( resource_name='new-private-subnet-2', vpc_id=vpc.id,
def __init__(self, name: str, args: VpcArgs, opts: ResourceOptions = None): super().__init__('custom:resource:VPC', name, {}, opts) vpc_name = name + '-vpc' self.vpc = ec2.Vpc(vpc_name, cidr_block=args.cidr_block, instance_tenancy=args.instance_tenancy, enable_dns_hostnames=args.enable_dns_hostnames, enable_dns_support=args.enable_dns_support, tags={'Name': vpc_name}, opts=ResourceOptions(parent=self)) igw_name = name + '-igw' self.igw = ec2.InternetGateway(igw_name, vpc_id=self.vpc.id, tags={'Name': igw_name}, opts=ResourceOptions(parent=self)) rt_name = name + '-rt' self.route_table = ec2.RouteTable(rt_name, vpc_id=self.vpc.id, routes=[ ec2.RouteTableRouteArgs( cidr_block='0.0.0.0/0', gateway_id=self.igw.id, ) ], tags={'Name': rt_name}, opts=ResourceOptions(parent=self)) # Subnets, at least across two zones. all_zones = get_availability_zones() # limiting to 2 zones for speed and to meet minimal requirements. zone_names = [all_zones.names[0], all_zones.names[1]] self.subnets = [] subnet_name_base = f'{name}-subnet' for zone in zone_names: vpc_subnet = ec2.Subnet( f'{subnet_name_base}-{zone}', assign_ipv6_address_on_creation=False, vpc_id=self.vpc.id, map_public_ip_on_launch=True, cidr_block=f'10.100.{len(self.subnets)}.0/24', availability_zone=zone, tags={ 'Name': f'{subnet_name_base}-{zone}', }, opts=ResourceOptions(parent=self)) ec2.RouteTableAssociation(f'vpc-route-table-assoc-{zone}', route_table_id=self.route_table.id, subnet_id=vpc_subnet.id, opts=ResourceOptions(parent=self)) self.subnets.append(vpc_subnet) # Security Groups rds_sg_name = f'{name}-rds-sg' self.rds_security_group = ec2.SecurityGroup( rds_sg_name, vpc_id=self.vpc.id, description='Allow client access.', tags={'Name': rds_sg_name}, ingress=[ ec2.SecurityGroupIngressArgs(cidr_blocks=['0.0.0.0/0'], from_port=3306, to_port=3306, protocol='tcp', description='Allow rds access.'), ], egress=[ ec2.SecurityGroupEgressArgs( protocol='-1', from_port=0, to_port=0, cidr_blocks=['0.0.0.0/0'], ) ], opts=ResourceOptions(parent=self)) fe_sg_name = f'{name}-fe-sg' self.fe_security_group = ec2.SecurityGroup( fe_sg_name, vpc_id=self.vpc.id, description='Allow all HTTP(s) traffic.', tags={'Name': fe_sg_name}, ingress=[ ec2.SecurityGroupIngressArgs(cidr_blocks=['0.0.0.0/0'], from_port=443, to_port=443, protocol='tcp', description='Allow https.'), ec2.SecurityGroupIngressArgs(cidr_blocks=['0.0.0.0/0'], from_port=80, to_port=80, protocol='tcp', description='Allow http access'), ], egress=[ ec2.SecurityGroupEgressArgs( protocol='-1', from_port=0, to_port=0, cidr_blocks=['0.0.0.0/0'], ) ], opts=ResourceOptions(parent=self)) self.register_outputs({})
'Name': 'vpc-1-subnet', 'kubernetes.io/cluster/pulumi-kubeflow-ml': 'shared' }) # https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/route_table.html.markdown eks_route_table = ec2.RouteTable('eks-route-table', vpc_id=vpc.id, routes=[{ 'cidr_block': '0.0.0.0/0', 'gateway_id': edge.id }], tags={'Name': 'vpc'}) vpc_0_route_table_assoc = ec2.RouteTableAssociation( 'vpc-0-route-table-assoc', route_table_id=eks_route_table.id, subnet_id=vpc_0_subnet.id) vpc_1_route_table_assoc = ec2.RouteTableAssociation( 'vpc-1-route-table-assoc', route_table_id=eks_route_table.id, subnet_id=vpc_1_subnet.id) kfp_cluster = eks.Cluster('pulumi-kubeflow-ml', name='pulumi-kubeflow-ml', role_arn=eks_role.arn, vpc_config={ 'subnet_ids': [vpc_0_subnet.id, vpc_1_subnet.id], 'security_group_ids': [eks_cluster_sg.id] }, enabled_cluster_log_types=['api'])
# # Destination Target # 10.0.0.0/16 Local # 172.31.0.0/16 pcx-1a2b3c4d # 0.0.0.0/0 igw-11aa22bb route = ec2.Route('default-route', destination_cidr_block='0.0.0.0/0', gateway_id=igw.id, route_table_id=rt.id) # AWS: Maybe I should drop the route definition above, and use a # MainRouteTableAssociation here. The main route table is sitting idle. rta = ec2.RouteTableAssociation('new-rta', route_table_id=rt.id, subnet_id=subnet.id) sg = ec2.SecurityGroup(resource_name='new-sg', description='HTTP and SSH ingress', vpc_id=vpc.id, ingress=[ { 'protocol': 'tcp', 'fromPort': 22, 'toPort': 22, 'cidrBlocks': ['0.0.0.0/0'] }, { 'protocol': 'tcp', 'fromPort': 80,
def __init__(self): resource_specs = ParseYAML(resource_type).getSpecs() aws_vpc_id = VPCs.VPCId() aws_igw_id = InternetGateways.InternetGatewayId() aws_natgw_id = NATGateways.NATGatewayId() aws_subnet_id = Subnets.SubnetId() for rtb_name, rtb_configuration in resource_specs.items(): # AWS Route Table Variables resource_name = rtb_name resource_vpc = rtb_configuration["vpc"] resource_tags = None resource_tags = rtb_configuration[ "tags"] if "tags" in rtb_configuration else None # Getting list of tags from configuration file tags_list = {} if resource_tags is not None: for each_tag_name, each_tag_value in resource_tags.items(): tags_list.update({each_tag_name: each_tag_value}) # Adding mandatory tags tags_list.update({"Name": resource_name}) tags_list.update({ "Project/Stack": pulumi.get_project() + "/" + pulumi.get_stack() }) tags_list.update(resource_mandatory_tags) this_vpc = aws_vpc_id[str(resource_vpc)] # # Create Route Table # aws_rtb = rtb.RouteTable(resource_name, vpc_id=this_vpc, tags=tags_list) rtb_ids_dict.update({aws_rtb._name: aws_rtb.id}) # Export the name of each Route Table pulumi.export(aws_rtb._name, aws_rtb.id) # # Route Table Routes # # Routes list routes_list = [] for each_route_entry, each_route_entry_configuration in rtb_configuration[ "routes"].items(): # NAT Gateways if each_route_entry_configuration[ "target_type"] == "nat_gateway": this_natgw = aws_natgw_id[str( each_route_entry_configuration["target"])] routes_list.append( rtb.Route( (each_route_entry + "-route"), route_table_id=aws_rtb.id, destination_cidr_block= each_route_entry_configuration["destination"], nat_gateway_id=this_natgw)) # Internet Gateways elif each_route_entry_configuration[ "target_type"] == "internet_gateway": this_igw = aws_igw_id[str( each_route_entry_configuration["target"])] routes_list.append( rtb.Route( (each_route_entry + "-route"), route_table_id=aws_rtb.id, destination_cidr_block= each_route_entry_configuration["destination"], gateway_id=this_igw), ) else: print("ERROR | Unsupported 'target_type' found") for each_route_type in routes_list: # print(each_route_entry) rtb_route = ( each_route_type # opts = pulumi.ResourceOptions(depends_on=[aws_rtb[resource_name]]) ) # # Subnet Associations # # Checking if route-table: key is present resource_associated_subnet = None resource_associated_subnet = rtb_configuration[ "associated_subnets"] if "associated_subnets" in rtb_configuration else None # If the key is present then we'll get the value # and we'll invoke the association if resource_associated_subnet is not None: subnets_count = 0 for each_associated_subnet in resource_associated_subnet: subnets_count = subnets_count + 1 this_subnet = aws_subnet_id[str(each_associated_subnet)] route_table_association = rtb.RouteTableAssociation( (resource_name + "-rtb-as-" + str(subnets_count).zfill(2)), subnet_id=this_subnet, route_table_id=aws_rtb.id) # Export the name of each Route Table Association pulumi.export(route_table_association._name, route_table_association.id)
def _create_subnet(self, network_name, public_route_table, az_id): """ Creates a subnet in the network with the given name and using the given public route table to access the internet. The new subnet is created in the AZ with the given AZ index. :param network_name: The name of the network being created :param public_route_table: The route table to connect this subnet to the internet :param az_id: The AZ ID for this new subnet :return: A tuple of a public route table that this subnet will use to connect to the internet and the new subnet itself. If this subnet is private, the route table will point to a public NAT gateway that is connected to the new private subnet. """ # type: (str, ec2.RouteTable, int) -> (ec2.RouteTable, ec2.Subnet) subnet_name = "%s-%d" % (network_name, az_id) # Create the subnet for this AZ - either public or private subnet = ec2.Subnet( subnet_name, vpc_id=self.vpc_id, availability_zone=get_aws_az(az_id), cidr_block="10.10.%d.0/24" % az_id, map_public_ip_on_launch=not self.use_private_subnets, # Only assign public IP if we are exposing public subnets tags={ "Name": subnet_name, }, __opts__=ResourceOptions(parent=self)) # We will use a different route table for this subnet depending on # whether we are in a public or private subnet if self.use_private_subnets: # We need a public subnet for the NAT Gateway nat_name = "%s-nat-%d" % (network_name, az_id) nat_gateway_public_subnet = ec2.Subnet( nat_name, vpc_id=self.vpc_id, availability_zone=get_aws_az(az_id), # Use top half of the subnet space cidr_block="10.10.%d.0/24" % (az_id + 64), # Always assign a public IP in NAT subnet map_public_ip_on_launch=True, tags={"Name": nat_name}, __opts__=ResourceOptions(parent=self)) # And we need to route traffic from that public subnet to the Internet Gateway nat_gateway_routes = ec2.RouteTableAssociation( nat_name, subnet_id=nat_gateway_public_subnet.id, route_table_id=public_route_table.id, __opts__=ResourceOptions(parent=self)) self.public_subnet_ids.append(nat_gateway_public_subnet.id) # We need an Elastic IP for the NAT Gateway eip = ec2.Eip(nat_name, __opts__=ResourceOptions(parent=self)) # And we need a NAT Gateway to be able to access the Internet nat_gateway = ec2.NatGateway( nat_name, subnet_id=nat_gateway_public_subnet.id, allocation_id=eip.id, tags={"Name": nat_name}, __opts__=ResourceOptions(parent=self, depends_on=[nat_gateway_routes])) nat_route_table = ec2.RouteTable( nat_name, vpc_id=self.vpc_id, routes=[{ "cidrBlock": "0.0.0.0/0", "natGatewayId": nat_gateway.id }], tags={"Name": network_name}, __opts__=ResourceOptions(parent=self)) # Route through the NAT gateway for the private subnet return nat_route_table, subnet self.public_subnet_ids.append(subnet.id) return public_route_table, subnet
def setup_vpc(): # Create a VPC vpc_config = Config().require_object("vpc_config") vpc = ec2.Vpc("chatapp-vpc", cidr_block=vpc_config['cidr'], enable_dns_hostnames=True, enable_dns_support=True) # Create public subnet to place NGW public_subnet = ec2.Subnet("PublicSubnet", vpc_id=vpc.id, cidr_block=vpc_config['public_subnet_cidr'], availability_zone="ap-southeast-1a") # Create private subnets 1 and 2 for rds and redis clusters private_subnet_1 = ec2.Subnet( "PrivateSubnet1", vpc_id=vpc.id, cidr_block=vpc_config['private_subnet_1_cidr'], availability_zone="ap-southeast-1b") private_subnet_2 = ec2.Subnet( "PrivateSubnet2", vpc_id=vpc.id, cidr_block=vpc_config['private_subnet_2_cidr'], availability_zone="ap-southeast-1c") # Create internet gateway inet_gw = ec2.InternetGateway( "inet-gateway", vpc_id=vpc.id, ) # create NAT gateway elastic_ip = ec2.Eip("eip1", opts=ResourceOptions(delete_before_replace=True)) nat_gw = ec2.NatGateway("nat-gateway", subnet_id=public_subnet.id, allocation_id=elastic_ip.id) # Create private routed route-table private_subnet_route_table = ec2.RouteTable("privatesubnetroutetable", routes=[{ "cidr_block": "0.0.0.0/0", "gateway_id": nat_gw.id }], vpc_id=vpc.id) # Create public routed route-table public_subnet_route_table = ec2.RouteTable("publicsubnetroutetable", routes=[{ "cidr_block": "0.0.0.0/0", "gateway_id": inet_gw.id }], vpc_id=vpc.id) # Attach route tables to subnets ec2.RouteTableAssociation("PrivateSubnetRT1", subnet_id=private_subnet_1.id, route_table_id=private_subnet_route_table.id) ec2.RouteTableAssociation("PrivateSubnetRT2", subnet_id=private_subnet_2.id, route_table_id=private_subnet_route_table.id) ec2.RouteTableAssociation("PublicSubnetRT", subnet_id=public_subnet.id, route_table_id=public_subnet_route_table.id) return dict(vpc=vpc, private_subnets=[private_subnet_1, private_subnet_2])
'Name': 'rtb-pub', 'Environment': _env } ) rte_pub = ec2.Route( f"{APP}-rte-pub", destination_cidr_block="0.0.0.0/0", gateway_id=igw.id, route_table_id=rtb_pub.id ) for i in subnets["public"]: ec2.RouteTableAssociation( f"{APP}-rtb-assoc-pub{i}", route_table_id=rtb_pub.id, subnet_id=subnets["public"][i] ) rtb_privs = [] if not ha: eip = ec2.Eip( f"{APP}-eip0", vpc=True, tags={ 'Name': f"{APP}-eip0", 'Environment': _env } ) ngw = ec2.NatGateway( f"{APP}-ngw0",
zones, private_subnet_cidrs, public_subnet_cidrs): ### public stuff public_subnet = ec2.Subnet( f"pulumi-public-subnet-{zone}", assign_ipv6_address_on_creation=False, vpc_id=vpc.id, map_public_ip_on_launch=True, cidr_block=public_subnet_cidr, availability_zone=zone, tags={"Name": f"pulumi-public-subnet-{zone}"}, ) ec2.RouteTableAssociation( f"pulumi-public-rta-{zone}", route_table_id=public_rt.id, subnet_id=public_subnet.id, ) public_subnet_ids.append(public_subnet.id) #### private stuff private_subnet = ec2.Subnet( f"pulumi-private-subnet-{zone}", assign_ipv6_address_on_creation=False, vpc_id=vpc.id, map_public_ip_on_launch=False, cidr_block=private_subnet_cidr, availability_zone=zone, tags={"Name": f"pulumi-private-subnet-{zone}"}, )
def __init__( self, name, opts=None, ): super().__init__("nuage:aws:DevelopmentEnvironment:VPC", f"{name}VpcEnvironment", None, opts) vpc = ec2.Vpc( f"{name}Vpc", cidr_block="172.32.0.0/16", enable_dns_hostnames=True, enable_dns_support=True, ) subnet_1 = ec2.Subnet( f"{name}VpcSubnetA", availability_zone="eu-west-1a", vpc_id=vpc.id, cidr_block="172.32.0.0/20", opts=ResourceOptions(depends_on=[vpc]), ) subnet_2 = ec2.Subnet( f"{name}VpcSubnetB", availability_zone="eu-west-1b", vpc_id=vpc.id, cidr_block="172.32.16.0/20", opts=ResourceOptions(depends_on=[vpc]), ) subnet_3 = ec2.Subnet( f"{name}VpcSubnetC", availability_zone="eu-west-1c", vpc_id=vpc.id, cidr_block="172.32.32.0/20", opts=ResourceOptions(depends_on=[vpc]), ) private_subnet_1 = ec2.Subnet( f"{name}VpcPrivateSubnetA", availability_zone="eu-west-1a", vpc_id=vpc.id, cidr_block="172.32.48.0/20", opts=ResourceOptions(depends_on=[vpc]), ) security_group = ec2.SecurityGroup( f"{name}SecurityGroup", vpc_id=vpc.id, opts=ResourceOptions(depends_on=[vpc]), ) security_group_rule = ec2.SecurityGroupRule( f"{name}SSHRule", security_group_id=security_group.id, type="ingress", protocol="tcp", from_port=22, to_port=22, cidr_blocks=["0.0.0.0/0"], ) security_group_rule = ec2.SecurityGroupRule( f"{name}InboundRule", security_group_id=security_group.id, type="ingress", protocol="all", from_port=0, to_port=65535, source_security_group_id=security_group.id, ) security_group_rule = ec2.SecurityGroupRule( f"{name}OutboundRule", security_group_id=security_group.id, type="egress", protocol="all", from_port=0, to_port=65535, cidr_blocks=["0.0.0.0/0"], ) subnets = [subnet_1, subnet_2, subnet_3] gateway = ec2.InternetGateway( f"{name}InternetGateway", vpc_id=vpc.id, opts=ResourceOptions(depends_on=[vpc]), ) gateway_route = ec2.Route( f"{name}GatewayRoute", destination_cidr_block="0.0.0.0/0", gateway_id=gateway.id, route_table_id=vpc.default_route_table_id, ) elastic_ip = ec2.Eip(f"{name}Eip", vpc=True, opts=ResourceOptions(depends_on=[gateway])) nat_gateway = ec2.NatGateway( f"{name}NatGateway", subnet_id=subnet_1.id, allocation_id=elastic_ip.id, opts=ResourceOptions(depends_on=[subnet_1, elastic_ip]), ) private_route_table = ec2.RouteTable( f"{name}PrivateRouteTable", routes=[ { "cidr_block": "0.0.0.0/0", "nat_gateway_id": nat_gateway.id, }, ], vpc_id=vpc.id, opts=ResourceOptions(depends_on=[private_subnet_1]), ) private_route_table_assoc = ec2.RouteTableAssociation( f"{name}PrivateRouteTableAssoc", route_table_id=private_route_table.id, subnet_id=private_subnet_1.id, ) outputs = { "vpc": vpc, "security_group": security_group, "public_subnets": [subnet_1, subnet_2, subnet_3], "private_subnet": private_subnet_1, "nat_gateway": nat_gateway, } self.set_outputs(outputs)