def create_peering(self):
template = Template()
template.add_version('2010-09-09')
source_vpc_name_formatted = ''.join(
e for e in self.source_vpc_name if e.isalnum()).capitalize()
target_vpc_name_formatted = ''.join(
e for e in self.target_vpc_name if e.isalnum()).capitalize()
vpc_peering_connection = template.add_resource(
VPCPeeringConnection(
'{}{}{}VpcPeering'.format(self.stage,source_vpc_name_formatted,target_vpc_name_formatted),
VpcId=ImportValue("{}{}VpcId".format(self.stage,source_vpc_name_formatted)),
PeerVpcId=ImportValue("{}{}VpcId".format(self.stage,target_vpc_name_formatted)),
Tags=Tags(
Name="{}_{}_{}_peering".format(self.stage,source_vpc_name_formatted,target_vpc_name_formatted)
)
)
)
template.add_resource(
Route(
'{}{}PublicRoutePeeringRule'.format(self.stage,source_vpc_name_formatted),
VpcPeeringConnectionId=Ref(vpc_peering_connection),
DestinationCidrBlock=self.target_cidr_block,
RouteTableId=ImportValue("{}{}PublicRouteTableId".format(self.stage,source_vpc_name_formatted))
)
)
template.add_resource(
Route(
'{}{}PrivateRoutePeeringRule'.format(self.stage,source_vpc_name_formatted),
VpcPeeringConnectionId=Ref(vpc_peering_connection),
DestinationCidrBlock=self.target_cidr_block,
RouteTableId=ImportValue("{}{}PrivateRouteTableId".format(self.stage,source_vpc_name_formatted))
)
)
template.add_resource(
Route(
'{}{}PublicRoutePeeringRule'.format(self.stage,target_vpc_name_formatted),
VpcPeeringConnectionId=Ref(vpc_peering_connection),
DestinationCidrBlock=self.source_cidr_block,
RouteTableId=ImportValue("{}{}PublicRouteTableId".format(self.stage,target_vpc_name_formatted))
)
)
template.add_resource(
Route(
'{}{}PrivateRoutePeeringRule'.format(self.stage,target_vpc_name_formatted),
VpcPeeringConnectionId=Ref(vpc_peering_connection),
DestinationCidrBlock=self.source_cidr_block,
RouteTableId=ImportValue("{}{}PrivateRouteTableId".format(self.stage,target_vpc_name_formatted))
)
)
f = open("modules/template_peer_vpcs.yaml", 'w')
print(template.to_yaml(), file=f)
def populate_routes(stack, routes):
"""Add VPC Routes Resources."""
tables = {
'private': stack.private_route_table,
'public': stack.public_route_table
}
gateways = {'igw': stack.internet_gateway, 'nat': stack.nat_gateway}
for route in routes:
if route['route'] == 'igw':
stack.stack.add_resource(
Route('{0}'.format(route['route']),
GatewayId=Ref(gateways[route['route']]),
DestinationCidrBlock='{0}'.format(route['cidrblock']),
RouteTableId=Ref(tables[route['routetable']])))
elif route['route'] == 'nat':
stack.stack.add_resource(
Route('{0}'.format(route['route']),
NatGatewayId=Ref(gateways[route['route']]),
DestinationCidrBlock='{0}'.format(route['cidrblock']),
RouteTableId=Ref(tables[route['routetable']])))
elif 'vpc_peer' in route.keys():
create_peer_route(
stack, '{0}{1}'.format(route['route'], route['routetable']),
route['vpc_peer'], '{0}'.format(route['cidrblock']),
Ref(tables[route['routetable']]))
def __init__(self, title, template, *args, **kwargs):
self.props['PeerCidrBlock'] = (str, True)
super().__init__(title, template, *args, **kwargs)
for index in list(template.resources):
resource = template.resources[index]
if isinstance(resource, RouteTable):
Route(index + 'to' + title + 'route',
template,
DestinationCidrBlock=kwargs['PeerCidrBlock'],
RouteTableId=Ref(resource),
VpcPeeringConnectionId=Ref(self))
SecurityGroup(title + "securitygroup",
template,
GroupDescription="Allow SSH & ICMP from " + title,
VpcId=kwargs['VpcId'])
SecurityGroupIngress(title + "sshingress",
template,
GroupId=Ref(title + "securitygroup"),
CidrIp=kwargs['PeerCidrBlock'],
IpProtocol="tcp",
FromPort="22",
ToPort="22")
SecurityGroupIngress(title + "icmpingress",
template,
GroupId=Ref(title + "securitygroup"),
CidrIp=kwargs['PeerCidrBlock'],
IpProtocol="icmp",
FromPort="-1",
ToPort="-1")
self.props.pop('PeerCidrBlock')
self.properties.pop('PeerCidrBlock')
def __create_dmz_subnet(template: Template, vpc, public_subnet):
dmz_subnet_cidr = template.add_parameter(parameter=Parameter(
title='DmzSubnetCidr', Type='String', Default='192.168.3.0/24'))
dmz_subnet = template.add_resource(
resource=Subnet(title='SampleDmzSubnet',
CidrBlock=Ref(dmz_subnet_cidr),
VpcId=Ref(vpc)))
dmz_route_table = template.add_resource(
resource=RouteTable(title='SampleDmzRoteTable', VpcId=Ref(vpc)))
template.add_resource(resource=SubnetRouteTableAssociation(
title='SampleDmzRoteTableAssociation',
RouteTableId=Ref(dmz_route_table),
SubnetId=Ref(dmz_subnet)))
eip = template.add_resource(resource=EIP(title='SampleEip', ))
ngw = template.add_resource(
resource=NatGateway(title='SampleNatGateway',
AllocationId=GetAtt(eip, "AllocationId"),
SubnetId=Ref(public_subnet)))
template.add_resource(resource=Route(title='SampleDmzRoute',
DestinationCidrBlock='0.0.0.0/0',
NatGatewayId=Ref(ngw),
RouteTableId=Ref(dmz_route_table)))
def __create_public_subnet(template: Template, vpc) -> Subnet:
public_subnet_cidr = template.add_parameter(parameter=Parameter(
title='PublicSubnetCidr', Type='String', Default='192.168.1.0/24'))
igw = template.add_resource(resource=InternetGateway(title='SampleIgw'))
template.add_resource(resource=VPCGatewayAttachment(
title='SampleAttachment', VpcId=Ref(vpc), InternetGatewayId=Ref(igw)))
public_subnet = template.add_resource(
resource=Subnet(title='SamplePublicSubnet',
CidrBlock=Ref(public_subnet_cidr),
MapPublicIpOnLaunch=True,
VpcId=Ref(vpc)))
public_route_table = template.add_resource(
resource=RouteTable(title='SamplePublicRoteTable', VpcId=Ref(vpc)))
template.add_resource(resource=SubnetRouteTableAssociation(
title='SamplePublicRoteTableAssociation',
RouteTableId=Ref(public_route_table),
SubnetId=Ref(public_subnet)))
template.add_resource(resource=Route(title='SamplePublicRoute',
DestinationCidrBlock='0.0.0.0/0',
GatewayId=Ref(igw),
RouteTableId=Ref(public_route_table)))
return public_subnet
def _add_subnet_to_az(self, az, cidr, suffix):
subnet = self.add_resource(Subnet(
"%sSubnet%s" % (self.name, suffix),
VpcId=self.vpc_id,
AvailabilityZone=az,
CidrBlock=cidr,
Tags=Tags(
Name=Join("", [Ref("AWS::StackName"), "-public"]),
)
))
route_tbl = self.add_resource(RouteTable(
"%sRouteTable%s" % (self.name, suffix),
VpcId=self.vpc_id,
Tags=Tags(Name=Join("", [Ref("AWS::StackName"), "-public"]))
))
route = self.add_resource(Route(
"%sRoute%s" % (self.name, suffix),
GatewayId=self.igw,
DestinationCidrBlock="0.0.0.0/0",
RouteTableId=Ref(route_tbl),
))
subnet_route_tbl_assoc = self.add_resource(SubnetRouteTableAssociation(
"%sSubnetRouteAssoc%s" % (self.name, suffix),
SubnetId=Ref(subnet),
RouteTableId=Ref(route_tbl),
))
return subnet
def add_default_public_route(self):
self.default_public_route = self.template.add_resource(Route(
'PublicDefaultRoute',
RouteTableId=Ref(self.public_route_table),
DestinationCidrBlock='0.0.0.0/0',
GatewayId=Ref(self.internet_gateway),
))
def create_private_subnet(self, zone, ip_network):
"""Create private subnet and associated resources"""
if not 'Public' in self.network['Subnets'][zone]:
raise Exception(("Public subnet in {} does not exist to "
"create private subnet!").format(zone))
elif not 'NatGateway' in self.network['Subnets'][zone]['Public']:
raise Exception(
("No NAT Gateway in public subnet {} to associate "
"default route with in private subnet!").format(zone))
zone_title = self.data['Title'] + TITLE_CLEANUP_RE.subn('', zone)[0]
tag = Tag(Key='Name',
Value='{} {} Private'.format(self.data['Name'], zone))
subnet = Subnet(title=zone_title + 'Private',
template=self.data['Template'],
AvailabilityZone=zone,
CidrBlock=ip_network,
MapPublicIpOnLaunch=False,
Tags=[tag] + self.data['Tags'],
VpcId=Ref(self.network['VPC']))
tag = Tag(Key='Name',
Value='{} {} Private Route Table'.format(
self.data['Name'], zone))
routetable = RouteTable(title=zone_title + 'PrivateRouteTable',
template=self.data['Template'],
VpcId=Ref(self.network['VPC']),
Tags=[tag] + self.data['Tags'])
nat_gateway_id = Ref(
self.network['Subnets'][zone]['Public']['NatGateway'])
route = Route(title=zone_title + 'PrivateDefaultRoute',
template=self.data['Template'],
DestinationCidrBlock='0.0.0.0/0',
NatGatewayId=nat_gateway_id,
RouteTableId=Ref(routetable))
subnetroutetableassociation = SubnetRouteTableAssociation(
title=zone_title + 'PrivateSubnetRouteTableAssociation',
template=self.data['Template'],
RouteTableId=Ref(routetable),
SubnetId=Ref(subnet))
self.network['Subnets'][zone]['Private'] = {}
self.network['Subnets'][zone]['Private']['Subnet'] = subnet
self.network['Subnets'][zone]['Private']['RouteTable'] = routetable
self.network['Subnets'][zone]['Private']['DefaultRoute'] = route
self.network['Subnets'][zone]['Private'][
'SubnetRouteTableAssociation'] = subnetroutetableassociation
# Export Private Subnet ID
self.add_output(
title=self.data['Title'] + zone_title + 'PrivateSubnet',
description="Private Subnet ID of {} in {}".format(
self.data['Name'], zone),
value=Ref(subnet),
export=Sub('${{AWS::StackName}}{}PrivateSubnet'.format(zone)))
# Export Private Route Table ID
self.add_output(
title=self.data['Title'] + zone_title + 'PrivateRouteTable',
description="Private Route Table ID of {} in {}".format(
self.data['Name'], zone),
value=Ref(routetable),
export=Sub('${{AWS::StackName}}{}PrivateRouteTable'.format(zone)))
def create_route(_title, igw=None, dest_cidr=None, route_table_id=None):
_route = Route(title=_title,
DestinationCidrBlock=dest_cidr,
GatewayId=igw,
RouteTableId=route_table_id)
return _route
def add_nat_gateway_route(self):
self.nat_gateway_route = self.template.add_resource(
Route(
'NatRoute',
RouteTableId=Ref(self.private_route_table),
DestinationCidrBlock='0.0.0.0/0',
NatGatewayId=Ref(self.nat),
))
def add_pub_route(self):
self.PublicRoute = self.template.add_resource(
Route(
"PublicRoute",
GatewayId=self.igw_id,
DestinationCidrBlock="0.0.0.0/0",
RouteTableId=Ref(self.PublicRouteTable),
))
def attach_route_table(template, vpc, subnet, gateway):
routetable = RouteTable("sgdemoroutetable", VpcId = Ref(vpc))
template.add_resource(routetable)
route = Route("sgdemoroute1", RouteTableId = Ref(routetable), DestinationCidrBlock = "0.0.0.0/0", GatewayId = Ref(gateway))
template.add_resource(route)
routetableassoc = SubnetRouteTableAssociation("sgdemosubnetroute1", RouteTableId = Ref(routetable), SubnetId = Ref(subnet))
template.add_resource(routetableassoc)
return routetable
def addRouteToRouteTableNAT(template, routeTable, Gateway,
DestinationCidrBlock, name):
#name = "PrivateRouteToNatGateway"
return template.add_resource(
Route(name,
DestinationCidrBlock=DestinationCidrBlock,
NatGatewayId=Ref(Gateway),
RouteTableId=Ref(routeTable)))
def __build_route_table(
self, subnet_config: SubnetConfig, subnet_ref: Subnet, vpc: VPC, internet_gateway, nat_gateway: NatGateway
):
internet_gateway = If(self.__create_ig, internet_gateway, self.__gateway_id)
route_table = self.__template.add_resource(
RouteTable(
"RouteTable" + subnet_config.name,
VpcId=Ref(vpc),
Tags=Tags(Name=TAGS_PREFIX + "RouteTable" + subnet_config.name, Stack=Ref("AWS::StackId")),
)
)
self.__template.add_resource(
SubnetRouteTableAssociation(
"RouteAssociation" + subnet_config.name, SubnetId=Ref(subnet_ref), RouteTableId=Ref(route_table)
)
)
if subnet_config.default_gateway == Gateways.INTERNET_GATEWAY:
self.__template.add_resource(
Route(
"DefaultRouteDependsOn" + subnet_config.name,
RouteTableId=Ref(route_table),
DestinationCidrBlock="0.0.0.0/0",
GatewayId=internet_gateway,
DependsOn="VPCGatewayAttachment",
Condition=self.__create_ig,
)
)
self.__template.add_resource(
Route(
"DefaultRouteNoDependsOn" + subnet_config.name,
RouteTableId=Ref(route_table),
DestinationCidrBlock="0.0.0.0/0",
GatewayId=internet_gateway,
Condition=self.__existing_ig, # cant use Not()
)
)
elif subnet_config.default_gateway == Gateways.NAT_GATEWAY:
self.__template.add_resource(
Route(
"NatRoute" + subnet_config.name,
RouteTableId=Ref(route_table),
DestinationCidrBlock="0.0.0.0/0",
NatGatewayId=Ref(nat_gateway),
)
)
def create_vpc_template():
template = Template()
vpc_cidr = template.add_parameter(parameter=Parameter(
title='VpcCidr', Type='String', Default='192.168.0.0/16'))
subnet_cidr_a = template.add_parameter(parameter=Parameter(
title='SubnetCidr1', Type='String', Default='192.168.1.0/24'))
subnet_cidr_b = template.add_parameter(parameter=Parameter(
title='SubnetCidr2', Type='String', Default='192.168.2.0/24'))
vpc = template.add_resource(resource=VPC(
title='SampleVpc', CidrBlock=Ref(vpc_cidr), EnableDnsHostnames=True))
igw = template.add_resource(resource=InternetGateway(title='SampleIgw'))
template.add_resource(resource=VPCGatewayAttachment(
title='SampleAttachment', VpcId=Ref(vpc), InternetGatewayId=Ref(igw)))
subnet_a = template.add_resource(
resource=Subnet(title='SampleSubnetA',
AvailabilityZone='us-east-1a',
CidrBlock=Ref(subnet_cidr_a),
MapPublicIpOnLaunch=True,
VpcId=Ref(vpc)))
subnet_b = template.add_resource(
resource=Subnet(title='SampleSubnetB',
AvailabilityZone='us-east-1b',
CidrBlock=Ref(subnet_cidr_b),
MapPublicIpOnLaunch=True,
VpcId=Ref(vpc)))
route_table = template.add_resource(
resource=RouteTable(title='SampleRoteTable', VpcId=Ref(vpc)))
template.add_resource(resource=SubnetRouteTableAssociation(
title='SampleRoteTableAssociationA',
RouteTableId=Ref(route_table),
SubnetId=Ref(subnet_a)))
template.add_resource(resource=SubnetRouteTableAssociation(
title='SampleRoteTableAssociationB',
RouteTableId=Ref(route_table),
SubnetId=Ref(subnet_b)))
template.add_resource(resource=Route(title='SampleRoute',
DestinationCidrBlock='0.0.0.0/0',
GatewayId=Ref(igw),
RouteTableId=Ref(route_table)))
with open('./vpc.yml', mode='w') as file:
file.write(template.to_yaml())
def _create_public_network(self, subnet_configs):
public_route_table = RouteTable(
camelcase("{self.env}Public".format(**locals())),
VpcId=Ref(self.vpc),
Tags=[
{
'Key': 'Name',
'Value': "{self.env}-public".format(**locals())
},
{'Key': 'environment', 'Value': self.env}
],
DependsOn=self.vpc.title)
self.template.add_resource(public_route_table)
subnet_count = 0
existing_subnet_ids, existing_subnet_azs, az_balance = self._get_existing_subnet_info("PublicSubnet")
for subnet_title, subnet_config in subnet_configs.items():
subnet_count += 1
if f"PublicSubnet{subnet_count}" in existing_subnet_ids:
availability_zone = existing_subnet_azs[existing_subnet_ids[f"PublicSubnet{subnet_count}"]]
else:
availability_zone = min(az_balance, key=az_balance.get)
subnet_title = camelcase("{self.env}Public".format(**locals())) + \
pascalcase(re.sub('[^a-zA-Z0-9*]', '', subnet_title))
subnet_name = "{self.env}-public-{subnet_count}".format(**locals())
subnet = Subnet(
subnet_title,
AvailabilityZone=availability_zone,
CidrBlock=subnet_config['cidr'],
VpcId=Ref(self.vpc),
MapPublicIpOnLaunch=True,
Tags=[
{'Key': 'Name', 'Value': subnet_name},
{'Key': 'environment', 'Value': self.env}
]
)
self.public_subnets.append(subnet)
self.template.add_resource(subnet)
subnet_route_table_association = SubnetRouteTableAssociation(
camelcase("{self.env}PublicSubnet{subnet_count}Assoc".format(**locals())),
RouteTableId=Ref(public_route_table),
SubnetId=Ref(subnet)
)
self.template.add_resource(subnet_route_table_association)
internet_gateway_route = Route(
camelcase("{self.env}IgRoute".format(**locals())),
DestinationCidrBlock='0.0.0.0/0',
GatewayId=Ref(self.internet_gateway),
RouteTableId=Ref(public_route_table)
)
self.template.add_resource(internet_gateway_route)
return None
def test_no_validation_method(self):
route = Route(
"Route66",
DestinationCidrBlock="0.0.0.0/0",
RouteTableId=Ref("RouteTable66"),
InstanceId=If("UseNat", Ref("AWS::NoValue"), Ref("UseNat")),
NatGatewayId=If("UseNat", Ref("UseNat"), Ref("AWS::NoValue")),
).no_validation()
t = Template()
t.add_resource(route)
t.to_json()
def test_no_validation_method(self):
route = Route('Route66',
DestinationCidrBlock='0.0.0.0/0',
RouteTableId=Ref('RouteTable66'),
InstanceId=If('UseNat', Ref('AWS::NoValue'),
Ref('UseNat')),
NatGatewayId=If('UseNat', Ref('UseNat'),
Ref('AWS::NoValue'))).no_validation()
t = Template()
t.add_resource(route)
t.to_json()
def test_validation(self):
route = Route(
"Route66",
DestinationCidrBlock="0.0.0.0/0",
RouteTableId=Ref("RouteTable66"),
InstanceId=If("UseNat", Ref("AWS::NoValue"), Ref("UseNat")),
NatGatewayId=If("UseNat", Ref("UseNat"), Ref("AWS::NoValue")),
)
t = Template()
t.add_resource(route)
with self.assertRaises(ValueError):
t.to_json()
def add_private_route(self):
'''
Add a private route with nat gateway
'''
self.cfn_template.add_resource(
Route(
title=constants.PRIV_ROUTE,
RouteTableId=Ref(constants.PRIV_RT),
DestinationCidrBlock='0.0.0.0/0',
NatGatewayId=Ref(constants.NAT),
))
return self.cfn_template
def add_public_route(self):
'''
Add a public route with internet gateway
'''
self.cfn_template.add_resource(
Route(
title=constants.PUB_ROUTE,
RouteTableId=Ref(constants.PUB_RT),
DestinationCidrBlock='0.0.0.0/0',
GatewayId=Ref(constants.IGW),
))
return self.cfn_template
def test_validation(self):
route = Route('Route66',
DestinationCidrBlock='0.0.0.0/0',
RouteTableId=Ref('RouteTable66'),
InstanceId=If('UseNat', Ref('AWS::NoValue'),
Ref('UseNat')),
NatGatewayId=If('UseNat', Ref('UseNat'),
Ref('AWS::NoValue')))
t = Template()
t.add_resource(route)
with self.assertRaises(ValueError):
t.to_json()
def add_routes(self):
t = self.template
for subnet_dict in self.sceptre_user_data['subnets']:
# Add route to Internet Gateway
if subnet_dict['use_igw']:
igw_route = t.add_resource(
Route(
'{}RtIgwRoute'.format(subnet_dict['tier']),
RouteTableId=self.route_table_ids[subnet_dict['tier']],
DestinationCidrBlock='0.0.0.0/0',
GatewayId=Ref(self.igw)))
return 0
def __build_route_table(
self,
subnet_config: SubnetConfig,
subnet_ref: Subnet,
vpc: VPC,
internet_gateway: InternetGateway,
internet_gateway_attachment: VPCGatewayAttachment,
nat_gateway: NatGateway,
):
route_table = self.__template.add_resource(
RouteTable(
"RouteTable" + subnet_config.name,
VpcId=Ref(vpc),
Tags=Tags(Name=Sub("${AWS::StackName}_route_table_" +
subnet_config.name),
Stack=Ref("AWS::StackId")),
))
self.__template.add_resource(
SubnetRouteTableAssociation("RouteAssociation" +
subnet_config.name,
SubnetId=Ref(subnet_ref),
RouteTableId=Ref(route_table)))
if subnet_config.default_gateway == Gateways.INTERNET_GATEWAY:
self.__template.add_resource(
Route(
"DefaultRoute" + subnet_config.name,
RouteTableId=Ref(route_table),
DestinationCidrBlock="0.0.0.0/0",
GatewayId=Ref(internet_gateway),
DependsOn=internet_gateway_attachment,
))
elif subnet_config.default_gateway == Gateways.NAT_GATEWAY:
self.__template.add_resource(
Route(
"NatRoute" + subnet_config.name,
RouteTableId=Ref(route_table),
DestinationCidrBlock="0.0.0.0/0",
NatGatewayId=Ref(nat_gateway),
))
def add_nat_gateway_route(self, name, dest_cidr_block, route_table_id,
nat_gateway_id):
"""
Add route to NAT gateway
:param name: Name to assign to the route
:param dest_cidr_block: Destination CIDR (probably '0.0.0.0/0')
:param route_table_id: ID of the route table to assign the rule to
:param nat_gateway_id: ID of the NAT gateway
"""
self.template.add_resource(
Route(
name,
DestinationCidrBlock=dest_cidr_block,
RouteTableId=route_table_id,
NatGatewayId=nat_gateway_id,
))
def _create_vpc(self):
if self.vpc:
self.tpl.add_output(Output(self.OUTPUT_VPC, Value=self.vpc))
self.tpl.add_output(Output(self.OUTPUT_SUBNETS, Value=','.join(self.subnets)))
return
vpc = VPC(self.RESOURCE_EKS_VPC.name, CidrBlock=self.vpc_cidr, Tags=Tags(Name=self.tag_name))
self.tpl.add_resource(vpc)
gateway = self.tpl.add_resource(InternetGateway(self.RESOURCE_VPC_INTERNET_GATEWAY.name))
self.tpl.add_resource(VPCGatewayAttachment(
self.RESOURCE_VPC_GATEWAY_ATTACHMENT.name, VpcId=Ref(vpc), InternetGatewayId=Ref(gateway),
DependsOn=gateway,
))
rt = self.tpl.add_resource(RouteTable(
self.RESOURCE_VPC_ROUTE_TABLE.name, VpcId=Ref(vpc), DependsOn=gateway,
Tags=Tags(Name='public subnet', Network='public'),
))
self.tpl.add_resource(Route(
self.RESOURCE_VPC_ROUTE.name, RouteTableId=Ref(rt), DestinationCidrBlock='0.0.0.0/0',
GatewayId=Ref(gateway),
))
self.resources.extend(deepcopy([self.RESOURCE_EKS_VPC, self.RESOURCE_VPC_INTERNET_GATEWAY,
self.RESOURCE_VPC_GATEWAY_ATTACHMENT, self.RESOURCE_VPC_ROUTE_TABLE,
self.RESOURCE_VPC_ROUTE]))
subnets = []
vpc_network = IPNetwork(self.vpc_cidr)
prefixlen = IPNetwork(self.vpc_cidr).prefixlen + (len(self.zones) - 1).bit_length()
cidrs = list(vpc_network.subnet(prefixlen))
for i, zone in enumerate(self.zones):
sname = self.RESOURCE_FORMAT_SUBNET.format(i + 1)
staname = self.RESOURCE_FORMAT_SUBNET_RTA.format(i + 1)
subnet = self.tpl.add_resource(Subnet(
sname, AvailabilityZone=zone, VpcId=Ref(vpc), CidrBlock=str(cidrs[i].cidr),
Tags=Tags(Name='{}-{}'.format(self.name, str(i + 1)))
))
self.resources.append(Resource(sname, 'EKS VPC {}'.format(sname), Status.not_exist))
self.tpl.add_resource(SubnetRouteTableAssociation(
staname, SubnetId=Ref(subnet), RouteTableId=Ref(rt)
))
self.resources.append(Resource(staname, 'EKS VPC {}'.format(staname), Status.not_exist))
subnets.append(subnet)
self.subnet_refs = [Ref(s) for s in subnets]
self.tpl.add_output(Output(self.OUTPUT_VPC, Value=Ref(vpc)))
self.tpl.add_output(Output(self.OUTPUT_SUBNETS, Value=Join(',', self.subnet_refs)))
def __init__(self, title, template, *args, **kwargs):
super().__init__(title, template, *args, **kwargs)
RouteTable(title + 'routetable',
template,
VpcId=self.properties['VpcId'],
Tags=kwargs['Tags'])
Route(title + 'route',
template,
DestinationCidrBlock='0.0.0.0/0',
NatGatewayId=Ref(
'public' +
self.properties['AvailabilityZone'].replace('-', '') +
'natgateway'),
RouteTableId=Ref(self.name + 'routetable'))
SubnetRouteTableAssociation(title + 'subnetroutetableassociation',
template,
RouteTableId=Ref(self.name + 'routetable'),
SubnetId=Ref(self))
def __add_route_table(self, route_table_name):
self.template.add_resource(
RouteTable(route_table_name, VpcId=Ref(self.vpc)))
route = self.template.add_resource(
Route(
route_table_name + str(random.randint(1, 999)),
RouteTableId=Ref(route_table_name),
DestinationCidrBlock='0.0.0.0/0',
))
# assumption of a naming convention and a pretty simple use case here.
if "Priv" in route_table_name:
gateway = self.nat_gateway
route.NatGatewayId = Ref(gateway)
route.DependsOn = 'Nat'
else:
gateway = self.igw
route.GatewayId = Ref(gateway)
route.DependsOn = 'AttachGateway'
def add_internet_gateway(self, name, routing_table_name, vpc_name):
"""
Create Internet Gateway
:param name: Name to assign the gateway
:param routing_table_name: Name of routing table
:param vpc_name: Name of VPC
"""
self.template.add_resource(InternetGateway(name, ))
self.template.add_resource(
VPCGatewayAttachment('AttachGateway',
VpcId=Ref(vpc_name),
InternetGatewayId=Ref(name)))
self.template.add_resource(
Route(
"{}IGRoute".format(vpc_name),
DependsOn='AttachGateway',
GatewayId=Ref(name),
DestinationCidrBlock='0.0.0.0/0',
RouteTableId=Ref(routing_table_name),
))
def _add_route_tables(self):
self.routeTable = RouteTable(
'RouteTable',
VpcId=Ref(self.parameters['VpcId']),
Tags=Tags(Name=Join(
'-', [Ref(self.parameters['StackPrefix']), "public"])),
)
self.template.add_resource(self.routeTable)
self.public_route = Route(
'Route',
GatewayId=Ref(self.parameters['IgwId']),
DestinationCidrBlock='0.0.0.0/0',
RouteTableId=Ref(self.routeTable),
)
self.template.add_resource(self.public_route)
self.subnetRouteTableAssociation1 = SubnetRouteTableAssociation(
'PubSubnetRouteTableAssociation1',
SubnetId=Ref(self.public_subnets['PubSubnet1']),
RouteTableId=Ref(self.routeTable),
)
self.template.add_resource(self.subnetRouteTableAssociation1)
gateway_attachment = VPCGatewayAttachment('GatewayAttachment')
gateway_attachment.VpcId = Ref(vpc)
gateway_attachment.InternetGatewayId = Ref('InternetGateway')
t.add_resource(gateway_attachment)
# route table
route_table = RouteTable(config['name'] + 'RouteTable')
route_table.VpcId = Ref(config['name'] + 'Vpc')
route_table.Tags=Tags(
Application = Ref('AWS::StackName'),
Name = config['name'] + '-route-table'
)
t.add_resource(route_table)
# route to igw
route_igw = Route(config['name'] + 'Igw')
route_igw.DestinationCidrBlock = '0.0.0.0/0'
route_igw.GatewayId = Ref(internet_gateway)
route_igw.RouteTableId = Ref(route_table)
t.add_resource(route_igw)
# subnets
app_subnets = []
route_table_associations = []
for subnet in config['vpc']['app_subnets']:
sub = Subnet('PublicSubnet' + subnet[0])
sub.VpcId = Ref(vpc)
sub.CidrBlock = subnet[1]
sub.AvailabilityZone = subnet[2]
sub.Tags = Tags(Application = Ref('AWS::StackName'))
t.add_resource(sub)
