def add_kippo_rds(self):
self.template.add_resource(
DBSubnetGroup(
'RdsSubnetGroup',
DBSubnetGroupDescription=
'Subnet group for the kippo RDS instance',
SubnetIds=Ref('RdsSubnetIdList'),
))
self.template.add_resource(
DBInstance(
'RdsInstance',
AllocatedStorage=Ref('RdsStorage'),
DBInstanceClass=Ref('RdsInstanceType'),
DBInstanceIdentifier='kippo-database',
DBSubnetGroupName=Ref('RdsSubnetGroup'),
Engine='MySQL',
EngineVersion='5.6.22',
MasterUsername='******',
MasterUserPassword=Ref('RdsRootPassword'),
MultiAZ=True,
Port=3306,
VPCSecurityGroups=[Ref('RdsSecurityGroup')],
))
self.template.add_output(
Output(
'RdsEndpoint',
Description='RDS endpoint address',
Value=GetAtt('RdsInstance', 'Endpoint.Address'),
))
def create_db_subnet_group(template, conditional=False):
"""
Function to create a subnet group
:param troposphere.Template template: the template to add the subnet group to.
:param bool conditional: Whether or not the object should have a Condition for creation in CFN
:return: group, the DB Subnets Group
:rtype: troposphere.rds.DBSubnetGroup
"""
group = DBSubnetGroup(
CLUSTER_SUBNET_GROUP,
template=template,
DBSubnetGroupName=If(
cfn_conditions.USE_STACK_NAME_CON_T,
Sub("db-subnet-group-${AWS::StackName}"),
Sub(f"db-subnet-group-${{{ROOT_STACK_NAME_T}}}"),
),
DBSubnetGroupDescription=If(
cfn_conditions.USE_STACK_NAME_CON_T,
Sub("DB Subnet group for ${AWS::StackName}"),
Sub(f"DB Subnet group for ${{{ROOT_STACK_NAME_T}}}"),
),
SubnetIds=Ref(STORAGE_SUBNETS),
)
if conditional:
setattr(group, "Condition", rds_conditions.DBS_SUBNET_GROUP_CON_T)
return group
def create_subnet_group(self):
t = self.template
t.add_resource(
DBSubnetGroup(
RDS_SUBNET_GROUP % self.name,
DBSubnetGroupDescription="%s VPC subnet group." % self.name,
SubnetIds=Ref('PrivateSubnets')))
def create_subnet_group(self):
t = self.template
t.add_resource(
DBSubnetGroup(SUBNET_GROUP,
DBSubnetGroupDescription="%s VPC subnet group." %
self.name,
SubnetIds=Ref("Subnets")))
def add_rds(self):
t = self.template
dbSubnetIds = [
self.sceptreUserData['subnets']['privateDataAZ1Id'],
self.sceptreUserData['subnets']['privateDataAZ2Id'],
self.sceptreUserData['subnets']['privateDataAZ3Id']
]
self.rdsSubnetGroup = t.add_resource(
DBSubnetGroup(
'DbSubnetGroup',
DBSubnetGroupDescription='Subnet group for RDS.',
SubnetIds=dbSubnetIds,
Tags=self.defaultTags +
[Tag('Name', Join("", [self.namePrefix, 'DbSubnetGroup']))]))
self.rds = t.add_resource(
DBInstance('RdsInstance',
AllocatedStorage=Ref(self.dbStorageParam),
DBInstanceClass='db.t2.micro',
DBName=Ref(self.dbNameParam),
DBSubnetGroupName=Ref(self.rdsSubnetGroup),
VPCSecurityGroups=[Ref(self.rdsSg)],
Engine='MySQL',
EngineVersion='5.5.46',
MasterUsername=Ref(self.dbUserParam),
MasterUserPassword=Ref(self.dbPasswordParam),
MultiAZ=Ref(self.dbMultiAzParam)))
return 0
def create_db_subnet(stack, name, description, subnet_ids=()):
"""Add DB Subnet Resource."""
return stack.stack.add_resource(
DBSubnetGroup(
'{0}DBSubnet'.format(name),
DBSubnetGroupDescription='{0} Subnet Group'.format(description),
SubnetIds=subnet_ids))
def create_subnet_group(self):
t = self.template
variables = self.get_variables()
t.add_resource(
DBSubnetGroup(SUBNET_GROUP,
DBSubnetGroupDescription="%s VPC subnet group." %
self.name,
SubnetIds=variables["Subnets"].split(",")))
def create_prediction_service_db_subnet_group(self):
t = self.template
return t.add_resource(
DBSubnetGroup(
"Euro2016DBSubnetGroup",
DBSubnetGroupDescription=
"Subnets available for the DB instance",
SubnetIds=Ref("DBSubnetIds"),
))
def _create_database_subnet_group(self):
database_subnet_group = DBSubnetGroup(
"DBSubnetGroup",
DBSubnetGroupName="{self.env}-subnet".format(**locals()),
Tags=[
{'Key': 'category', 'Value': 'services'},
{'Key': 'environment', 'Value': self.env}
],
DBSubnetGroupDescription="{self.env} subnet group".format(
**locals()),
SubnetIds=[Ref(subnet) for subnet in self.private_subnets]
)
self.template.add_resource(database_subnet_group)
def subnetGroupTemplate(name, app, env, subnetsIdsList):
template = Template()
subnetgroup = template.add_resource(
DBSubnetGroup("DBSubnetGroup" + name + app + env,
DBSubnetGroupDescription="Subnet Group for" + env,
SubnetIds=subnetsIdsList))
template.add_output(
Output("SubnetGroup" + name + env,
Description="SubnetGroup" + env,
Value=Ref(subnetgroup),
Export=Export(name + env)))
return (template.to_json())
def create_db_subnet_group(template, db, subnets=None):
"""
Function to create a subnet group
:param troposphere.Template template: the template to add the subnet group to.
:param subnets: The subnets to use.
:return: group, the DB Subnets Group
:rtype: troposphere.rds.DBSubnetGroup
"""
if not subnets:
subnets = STORAGE_SUBNETS
group = DBSubnetGroup(
f"{db.logical_name}SubnetGroup",
template=template,
DBSubnetGroupDescription=Sub(
f"DB Subnet group for {db.logical_name} in ${{AWS::StackName}}"
),
SubnetIds=Ref(subnets),
)
return group
def gen_rds_db(service_name):
db_subnet_group = DBSubnetGroup(
"DBSubnetGroup",
DBSubnetGroupDescription="Subnets available for the RDS DB Instance",
SubnetIds=[
Select(
0,
Split(
",",
ImportValue(
Sub("${NetworkName}-network-vpc-PrivateSubnets")))),
Select(
1,
Split(
",",
ImportValue(
Sub("${NetworkName}-network-vpc-PrivateSubnets"))))
],
)
db = DBInstance("DB",
DBName=Ref(parameters['DBName']),
AllocatedStorage=Ref(parameters['DBStorage']),
DBInstanceClass=Ref(parameters['DBClass']),
DBInstanceIdentifier=service_name,
VPCSecurityGroups=[Ref('DBSecurityGroup')],
Engine=Ref(parameters['DBEngine']),
EngineVersion=Ref(parameters['DBEngineVersion']),
StorageType=Ref(parameters['DBStorageType']),
Iops=Ref(parameters['Iops']),
MasterUsername=Ref(parameters['Username']),
MasterUserPassword=Ref(parameters['Password']),
MultiAZ=Ref(parameters['MultiAZ']),
PubliclyAccessible=Ref(parameters['PubliclyAccessible']),
DBSubnetGroupName=Ref("DBSubnetGroup"),
Tags=gen_tags(service_name))
return [db, db_subnet_group]
def add_resources(self):
self.OracleRestDBSecurityGroup = self.template.add_resource(
ec2.SecurityGroup(
"OracleRestDBSecurityGroup",
GroupDescription="Allow access to db",
VpcId=Ref(self.VpcId),
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=1521,
ToPort=1521,
SourceSecurityGroupId=Ref(
self.ApiServerEC2SecurityGroup),
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=1521,
ToPort=1521,
SourceSecurityGroupId=Ref(
self.LoyaltyNavigatorEC2SecurityGroup),
)
],
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-OracleRDSSG"),
))
self.OracleRestDBSubnetGroup = self.template.add_resource(
DBSubnetGroup(
"OracleRestDBSubnetGroup",
DBSubnetGroupDescription="RDS DB Subnet Group",
SubnetIds=[
Ref(self.RESTPrivSubnet1),
Ref(self.RESTPrivSubnet2)
],
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-OracleRDSSubnetGroup"),
))
self.OracleRestDBInstance = self.template.add_resource(
DBInstance(
"OracleRestDBInstance",
DBName=Ref(self.OracleRestDBName),
DBInstanceIdentifier=Ref(self.OracleRestDBName),
Engine="oracle-se2",
MasterUsername=Ref(self.OracleRestDBUsername),
DBInstanceClass=Ref(self.OracleRestDBClass),
EngineVersion="12.1.0.2.v8",
LicenseModel="license-included",
BackupRetentionPeriod="0",
DBSubnetGroupName=Ref(self.OracleRestDBSubnetGroup),
VPCSecurityGroups=[Ref(self.OracleRestDBSecurityGroup)],
AllocatedStorage=Ref(self.OracleRestDBAllocatedStorage),
StorageType=Ref(self.OracleRestDBStorageType),
Iops=Ref(self.OracleRestDBIOPS),
MasterUserPassword=Ref(self.OracleRestDBPassword),
DBParameterGroupName=Ref(self.OracleDBParameterGroup),
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-OracleRDS"),
))
))
dballocatedstorage = t.add_parameter(Parameter(
"DBAllocatedStorage",
Default="5",
Description="The size of the database (Gb)",
Type="Number",
MinValue="5",
MaxValue="1024",
ConstraintDescription="must be between 5 and 1024Gb.",
))
mydbsubnetgroup = t.add_resource(DBSubnetGroup(
"MyDBSubnetGroup",
DBSubnetGroupDescription="Subnets available for the RDS DB Instance",
SubnetIds=Ref(subnet),
))
myvpcsecuritygroup = t.add_resource(SecurityGroup(
"myVPCSecurityGroup",
GroupDescription="Security group for RDS DB Instance.",
VpcId=Ref(vpcid)
))
mydb = t.add_resource(DBInstance(
"MyDB",
DBName=Ref(dbname),
AllocatedStorage=Ref(dballocatedstorage),
DBInstanceClass=Ref(dbclass),
Engine="MySQL",
def create():
mydb1 = mysql.connector.connect(
host="localhost",
user="******",
passwd="AmazingTheory62",
database="cloud_formation"
)
mycursor = mydb1.cursor()
mycursor.execute("SELECT * FROM rds_table")
myresult = (mycursor.fetchone())
sname = myresult[0]
name = myresult[1]
username = myresult[2]
password = myresult[3]
storage = myresult[4]
instance = myresult[5]
vname = myresult[6]
t = Template()
t.set_description(
"AWS CloudFormation Sample Template VPC_RDS_DB_Instance: Sample template "
"showing how to create an RDS DBInstance in an existing Virtual Private "
"Cloud (VPC). **WARNING** This template creates an Amazon Relational "
"Database Service database instance. You will be billed for the AWS "
"resources used if you create a stack from this template.")
vpcid = t.add_parameter(Parameter(
"VpcId",
Type="String",
Default=vname,
Description="VpcId of your existing Virtual Private Cloud (VPC)"
))
subnet = t.add_parameter(Parameter(
"Subnets",
Type="CommaDelimitedList",
Default="subnet-022285e80f9d67db7, subnet-0cccbdd282866c95e",
Description=(
"The list of SubnetIds, for at least two Availability Zones in the "
"region in your Virtual Private Cloud (VPC)")
))
dbname = t.add_parameter(Parameter(
"DBName",
Default=name,
Description="The database name",
Type="String",
MinLength="1",
MaxLength="64",
AllowedPattern="[a-zA-Z][a-zA-Z0-9]*",
ConstraintDescription=("must begin with a letter and contain only"
" alphanumeric characters.")
))
dbuser = t.add_parameter(Parameter(
"DBUser",
NoEcho=True,
Default=username,
Description="The database admin account username",
Type="String",
MinLength="1",
MaxLength="16",
AllowedPattern="[a-zA-Z][a-zA-Z0-9]*",
ConstraintDescription=("must begin with a letter and contain only"
" alphanumeric characters.")
))
dbpassword = t.add_parameter(Parameter(
"DBPassword",
NoEcho=True,
Default=password,
Description="The database admin account password",
Type="String",
MinLength="1",
MaxLength="41",
AllowedPattern="[a-zA-Z0-9]*",
ConstraintDescription="must contain only alphanumeric characters."
))
dbclass = t.add_parameter(Parameter(
"DBClass",
Default=instance,
Description="Database instance class",
Type="String",
AllowedValues=[
"db.m5.large", "db.m1.small", "db.m5.xlarge", "db.m5.2xlarge", "db.m5.4xlarge",
"db.m5.12xlarge", "db.m5.24xlarge", "db.m4.large", "db.m4.xlarge",
"db.m4.2xlarge", "db.m4.4xlarge", "db.m4.10xlarge", "db.m4.16xlarge",
"db.r4.large", "db.r4.xlarge", "db.r4.2xlarge", "db.r4.4xlarge",
"db.r4.8xlarge", "db.r4.16xlarge", "db.x1e.xlarge", "db.x1e.2xlarge",
"db.x1e.4xlarge", "db.x1e.8xlarge", "db.x1e.16xlarge", "db.x1e.32xlarge",
"db.x1.16xlarge", "db.x1.32xlarge", "db.r3.large", "db.r3.xlarge",
"db.r3.2xlarge", "db.r3.4xlarge", "db.r3.8xlarge", "db.t2.micro",
"db.t2.small", "db.t2.medium", "db.t2.large", "db.t2.xlarge",
"db.t2.2xlarge"
],
ConstraintDescription="must select a valid database instance type.",
))
dballocatedstorage = t.add_parameter(Parameter(
"DBAllocatedStorage",
Default=storage,
Description="The size of the database (Gb)",
Type="Number",
MinValue="5",
MaxValue="1024",
ConstraintDescription="must be between 5 and 1024Gb.",
))
mydbsubnetgroup = t.add_resource(DBSubnetGroup(
"MyDBSubnetGroup",
DBSubnetGroupDescription="Subnets available for the RDS DB Instance",
SubnetIds=Ref(subnet),
))
myvpcsecuritygroup = t.add_resource(SecurityGroup(
"myVPCSecurityGroup",
GroupDescription="Security group for RDS DB Instance.",
VpcId=Ref(vpcid)
))
mydb = t.add_resource(DBInstance(
"MyDB",
DBName=Ref(dbname),
AllocatedStorage=Ref(dballocatedstorage),
DBInstanceClass=Ref(dbclass),
Engine="MySQL",
EngineVersion="5.5",
MasterUsername=Ref(dbuser),
MasterUserPassword=Ref(dbpassword),
DBSubnetGroupName=Ref(mydbsubnetgroup),
VPCSecurityGroups=[Ref(myvpcsecuritygroup)],
))
t.add_output(Output(
"JDBCConnectionString",
Description="JDBC connection string for database",
Value=Join("", [
"jdbc:mysql://",
GetAtt("MyDB", "Endpoint.Address"),
GetAtt("MyDB", "Endpoint.Port"),
"/",
Ref(dbname)
])
))
print(t.to_json())
file = open('rdsjson.json', 'w')
file.write(t.to_json())
file.close()
os.system('aws cloudformation create-stack --stack-name ' + sname + ' --template-body file://rdsjson.json')
def create_aurora_template():
template = Template()
# vpc = template.add_parameter(
# parameter=Parameter(
# title='Vpc',
# Type='String'
# )
# )
#
# subnet_a = template.add_parameter(
# parameter=Parameter(
# title='SubnetA',
# Type='String'
# )
# )
#
# subnet_b = template.add_parameter(
# parameter=Parameter(
# title='SubnetB',
# Type='String'
# )
# )
master_user_name = template.add_parameter(
parameter=Parameter(title='DBMasterUserName', Type='String'))
master_user_password = template.add_parameter(
parameter=Parameter(title='DBMasterUserPassword', Type='String'))
instance_class = template.add_parameter(parameter=Parameter(
title='InstanceClass', Default='db.t2.small', Type='String'))
engine_version = template.add_parameter(parameter=Parameter(
title='EngineVersion', Default='5.7.12', Type='String'))
security_group = template.add_resource(resource=SecurityGroup(
title='SampleSecurityGroup',
GroupDescription='sample-rds',
SecurityGroupIngress=[{
'IpProtocol': 'tcp',
'FromPort': 3306,
'ToPort': 3306,
'CidrIp': '0.0.0.0/0',
}],
# VpcId=Ref(vpc)
VpcId=ImportValue(CommonResource.ExportName.VPC_ID.value)))
db_subnet_group = template.add_resource(resource=DBSubnetGroup(
title='SampleDBSubnetGroup',
DBSubnetGroupDescription='sample-aurora',
DBSubnetGroupName='sample-aurora',
# SubnetIds=[Ref(subnet_a), Ref(subnet_b)]
SubnetIds=[
ImportValue(CommonResource.ExportName.PRIVATE_SUBNET_A_ID.value),
ImportValue(CommonResource.ExportName.PRIVATE_SUBNET_B_ID.value),
]))
db_cluster_parameter_group = template.add_resource(
DBClusterParameterGroup(title='SampleDBClusterParameterGroup',
Description='sample-aurora',
Family='aurora-mysql5.7',
Parameters={'time_zone': 'Asia/Tokyo'}))
cluster = template.add_resource(resource=DBCluster(
title='SampleDBCluster',
DatabaseName='sample_aurora',
DBClusterIdentifier='sample-aurora',
DBClusterParameterGroupName=Ref(db_cluster_parameter_group),
DBSubnetGroupName=Ref(db_subnet_group),
Engine='aurora-mysql',
EngineVersion=Ref(engine_version),
MasterUsername=Ref(master_user_name),
MasterUserPassword=Ref(master_user_password),
VpcSecurityGroupIds=[GetAtt(security_group, 'GroupId')],
))
for suffix in ['A', 'B']:
template.add_resource(resource=DBInstance(
title='SampleDBInstance' + suffix,
DBClusterIdentifier=Ref(cluster),
DBInstanceClass=Ref(instance_class),
Engine='aurora-mysql',
))
output_template_file(template, 'aurora.yml')
def buildStack(bootstrap, env):
t = Template()
t.add_description("""\
Configures autoscaling group for hello world app""")
vpcCidr = t.add_parameter(
Parameter(
"VPCCidr",
Type="String",
Description="VPC cidr (x.x.x.x/xx)",
))
publicSubnet1 = t.add_parameter(
Parameter(
"PublicSubnet1",
Type="String",
Description="A public VPC subnet ID for the api app load balancer.",
))
publicSubnet2 = t.add_parameter(
Parameter(
"PublicSubnet2",
Type="String",
Description="A public VPC subnet ID for the api load balancer.",
))
dbName = t.add_parameter(
Parameter(
"DBName",
Default="HelloWorldApp",
Description="The database name",
Type="String",
MinLength="1",
MaxLength="64",
AllowedPattern="[a-zA-Z][a-zA-Z0-9]*",
ConstraintDescription=("must begin with a letter and contain only"
" alphanumeric characters.")))
dbUser = t.add_parameter(
Parameter(
"DBUser",
NoEcho=True,
Description="The database admin account username",
Type="String",
MinLength="1",
MaxLength="16",
AllowedPattern="[a-zA-Z][a-zA-Z0-9]*",
ConstraintDescription=("must begin with a letter and contain only"
" alphanumeric characters.")))
dbPassword = t.add_parameter(
Parameter(
"DBPassword",
NoEcho=True,
Description="The database admin account password",
Type="String",
MinLength="8",
MaxLength="41",
AllowedPattern="[a-zA-Z0-9]*",
ConstraintDescription="must contain only alphanumeric characters.")
)
dbType = t.add_parameter(
Parameter(
"DBType",
Default="db.t2.medium",
Description="Database instance class",
Type="String",
AllowedValues=[
"db.m5.large", "db.m5.xlarge", "db.m5.2xlarge",
"db.m5.4xlarge", "db.m5.12xlarge", "db.m5.24xlarge",
"db.m4.large", "db.m4.xlarge", "db.m4.2xlarge",
"db.m4.4xlarge", "db.m4.10xlarge", "db.m4.16xlarge",
"db.r4.large", "db.r4.xlarge", "db.r4.2xlarge",
"db.r4.4xlarge", "db.r4.8xlarge", "db.r4.16xlarge",
"db.x1e.xlarge", "db.x1e.2xlarge", "db.x1e.4xlarge",
"db.x1e.8xlarge", "db.x1e.16xlarge", "db.x1e.32xlarge",
"db.x1.16xlarge", "db.x1.32xlarge", "db.r3.large",
"db.r3.xlarge", "db.r3.2xlarge", "db.r3.4xlarge",
"db.r3.8xlarge", "db.t2.micro", "db.t2.small", "db.t2.medium",
"db.t2.large", "db.t2.xlarge", "db.t2.2xlarge"
],
ConstraintDescription="must select a valid database instance type.",
))
dbAllocatedStorage = t.add_parameter(
Parameter(
"DBAllocatedStorage",
Default="5",
Description="The size of the database (Gb)",
Type="Number",
MinValue="5",
MaxValue="1024",
ConstraintDescription="must be between 5 and 1024Gb.",
))
whitelistedCIDR = t.add_parameter(
Parameter(
"WhitelistedCIDR",
Description="CIDR whitelisted to be open on public instances",
Type="String",
))
#### NETWORK SECTION ####
vpc = t.add_resource(
VPC("VPC", CidrBlock=Ref(vpcCidr), EnableDnsHostnames=True))
subnet1 = t.add_resource(
Subnet("Subnet1",
CidrBlock=Ref(publicSubnet1),
AvailabilityZone="eu-west-1a",
VpcId=Ref(vpc)))
subnet2 = t.add_resource(
Subnet("Subnet2",
CidrBlock=Ref(publicSubnet2),
AvailabilityZone="eu-west-1b",
VpcId=Ref(vpc)))
internetGateway = t.add_resource(InternetGateway('InternetGateway'))
gatewayAttachment = t.add_resource(
VPCGatewayAttachment('AttachGateway',
VpcId=Ref(vpc),
InternetGatewayId=Ref(internetGateway)))
routeTable = t.add_resource(RouteTable('RouteTable', VpcId=Ref(vpc)))
route = t.add_resource(
Route(
'Route',
DependsOn='AttachGateway',
GatewayId=Ref('InternetGateway'),
DestinationCidrBlock='0.0.0.0/0',
RouteTableId=Ref(routeTable),
))
subnetRouteTableAssociation = t.add_resource(
SubnetRouteTableAssociation(
'SubnetRouteTableAssociation',
SubnetId=Ref(subnet1),
RouteTableId=Ref(routeTable),
))
subnetRouteTableAssociation2 = t.add_resource(
SubnetRouteTableAssociation(
'SubnetRouteTableAssociation2',
SubnetId=Ref(subnet2),
RouteTableId=Ref(routeTable),
))
#### SECURITY GROUP ####
loadBalancerSg = t.add_resource(
ec2.SecurityGroup(
"LoadBalancerSecurityGroup",
VpcId=Ref(vpc),
GroupDescription="Enable SSH access via port 22",
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="80",
ToPort="80",
CidrIp="0.0.0.0/0",
),
],
))
instanceSg = t.add_resource(
ec2.SecurityGroup(
"InstanceSecurityGroup",
VpcId=Ref(vpc),
GroupDescription="Enable SSH access via port 22",
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="22",
ToPort="22",
CidrIp=Ref(whitelistedCIDR),
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="8000",
ToPort="8000",
SourceSecurityGroupId=Ref(loadBalancerSg),
),
],
))
rdsSg = t.add_resource(
SecurityGroup("RDSSecurityGroup",
GroupDescription="Security group for RDS DB Instance.",
VpcId=Ref(vpc),
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="5432",
ToPort="5432",
SourceSecurityGroupId=Ref(instanceSg),
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="5432",
ToPort="5432",
CidrIp=Ref(whitelistedCIDR),
),
]))
#### DATABASE SECTION ####
subnetGroup = t.add_resource(
DBSubnetGroup(
"SubnetGroup",
DBSubnetGroupDescription=
"Subnets available for the RDS DB Instance",
SubnetIds=[Ref(subnet1), Ref(subnet2)],
))
db = t.add_resource(
DBInstance(
"RDSHelloWorldApp",
DBName=Join("", [Ref(dbName), env]),
DBInstanceIdentifier=Join("", [Ref(dbName), env]),
EnableIAMDatabaseAuthentication=True,
PubliclyAccessible=True,
AllocatedStorage=Ref(dbAllocatedStorage),
DBInstanceClass=Ref(dbType),
Engine="postgres",
EngineVersion="10.4",
MasterUsername=Ref(dbUser),
MasterUserPassword=Ref(dbPassword),
DBSubnetGroupName=Ref(subnetGroup),
VPCSecurityGroups=[Ref(rdsSg)],
))
t.add_output(
Output("RDSConnectionString",
Description="Connection string for database",
Value=GetAtt("RDSHelloWorldApp", "Endpoint.Address")))
if (bootstrap):
return t
#### INSTANCE SECTION ####
keyName = t.add_parameter(
Parameter(
"KeyName",
Type="String",
Description="Name of an existing EC2 KeyPair to enable SSH access",
MinLength="1",
AllowedPattern="[\x20-\x7E]*",
MaxLength="255",
ConstraintDescription="can contain only ASCII characters.",
))
scaleCapacityMin = t.add_parameter(
Parameter(
"ScaleCapacityMin",
Default="1",
Type="String",
Description="Number of api servers to run",
))
scaleCapacityMax = t.add_parameter(
Parameter(
"ScaleCapacityMax",
Default="1",
Type="String",
Description="Number of api servers to run",
))
scaleCapacityDesired = t.add_parameter(
Parameter(
"ScaleCapacityDesired",
Default="1",
Type="String",
Description="Number of api servers to run",
))
amiId = t.add_parameter(
Parameter(
"AmiId",
Type="String",
Default="ami-09693313102a30b2c",
Description="The AMI id for the api instances",
))
instanceType = t.add_parameter(
Parameter("InstanceType",
Description="WebServer EC2 instance type",
Type="String",
Default="t2.medium",
AllowedValues=[
"t2.nano", "t2.micro", "t2.small", "t2.medium",
"t2.large", "m3.medium", "m3.large", "m3.xlarge",
"m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge",
"m4.4xlarge", "m4.10xlarge", "c4.large", "c4.xlarge",
"c4.2xlarge", "c4.4xlarge", "c4.8xlarge"
],
ConstraintDescription="must be a valid EC2 instance type."))
assumeRole = t.add_resource(
Role("AssumeRole",
AssumeRolePolicyDocument=json.loads("""\
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}\
""")))
instanceProfile = t.add_resource(
InstanceProfile("InstanceProfile", Roles=[Ref(assumeRole)]))
rolePolicyType = t.add_resource(
PolicyType("RolePolicyType",
Roles=[Ref(assumeRole)],
PolicyName=Join("", ["CloudWatchHelloWorld", "-", env]),
PolicyDocument=json.loads("""\
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:*"
]
}
]
}\
""")))
appPassword = t.add_parameter(
Parameter(
"AppPassword",
NoEcho=True,
Description="The Password for the app user",
Type="String",
MinLength="8",
MaxLength="41",
AllowedPattern="[a-zA-Z0-9]*",
ConstraintDescription="must contain only alphanumeric characters.")
)
launchConfig = t.add_resource(
LaunchConfiguration(
"LaunchConfiguration",
Metadata=autoscaling.Metadata(
cloudformation.Init({
"config":
cloudformation.InitConfig(files=cloudformation.InitFiles({
"/home/app/environment":
cloudformation.InitFile(content=Join(
"", [
"SPRING_DATASOURCE_URL=", "jdbc:postgresql://",
GetAtt("RDSHelloWorldApp", "Endpoint.Address"),
":5432/HelloWorldApp" + env +
"?currentSchema=hello_world", "\n",
"SPRING_DATASOURCE_USERNAME=app", "\n",
"SPRING_DATASOURCE_PASSWORD="******"\n",
"SPRING_PROFILES_ACTIVE=", env, "\n"
]),
mode="000600",
owner="app",
group="app")
}), )
}), ),
UserData=Base64(
Join('', [
"#!/bin/bash\n", "/opt/aws/bin/cfn-init",
" --resource LaunchConfiguration", " --stack ",
Ref("AWS::StackName"), " --region ",
Ref("AWS::Region"), "\n", "/opt/aws/bin/cfn-signal -e $? ",
" --stack ", {
"Ref": "AWS::StackName"
}, " --resource AutoscalingGroup ",
" --region ", {
"Ref": "AWS::Region"
}, "\n"
])),
ImageId=Ref(amiId),
KeyName=Ref(keyName),
IamInstanceProfile=Ref(instanceProfile),
BlockDeviceMappings=[
ec2.BlockDeviceMapping(DeviceName="/dev/xvda",
Ebs=ec2.EBSBlockDevice(VolumeSize="8")),
],
SecurityGroups=[Ref(instanceSg)],
InstanceType=Ref(instanceType),
AssociatePublicIpAddress='True',
))
applicationElasticLB = t.add_resource(
elb.LoadBalancer("ApplicationElasticLB",
Name="ApplicationElasticLB-" + env,
Scheme="internet-facing",
Type="application",
SecurityGroups=[Ref(loadBalancerSg)],
Subnets=[Ref(subnet1), Ref(subnet2)]))
targetGroup = t.add_resource(
elb.TargetGroup("TargetGroupHelloWorld",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="15",
HealthyThresholdCount="5",
Matcher=elb.Matcher(HttpCode="200,404"),
Port="8000",
Protocol="HTTP",
UnhealthyThresholdCount="3",
TargetGroupAttributes=[
elb.TargetGroupAttribute(
Key="deregistration_delay.timeout_seconds",
Value="120",
)
],
VpcId=Ref(vpc)))
listener = t.add_resource(
elb.Listener("Listener",
Port="80",
Protocol="HTTP",
LoadBalancerArn=Ref(applicationElasticLB),
DefaultActions=[
elb.Action(Type="forward",
TargetGroupArn=Ref(targetGroup))
]))
t.add_output(
Output("URL",
Description="URL of the sample website",
Value=Join("",
["http://",
GetAtt(applicationElasticLB, "DNSName")])))
autoScalingGroup = t.add_resource(
AutoScalingGroup(
"AutoscalingGroup",
DesiredCapacity=Ref(scaleCapacityDesired),
LaunchConfigurationName=Ref(launchConfig),
MinSize=Ref(scaleCapacityMin),
MaxSize=Ref(scaleCapacityMax),
VPCZoneIdentifier=[Ref(subnet1), Ref(subnet2)],
TargetGroupARNs=[Ref(targetGroup)],
HealthCheckType="ELB",
HealthCheckGracePeriod=360,
UpdatePolicy=UpdatePolicy(
AutoScalingReplacingUpdate=AutoScalingReplacingUpdate(
WillReplace=True, ),
AutoScalingRollingUpdate=AutoScalingRollingUpdate(
PauseTime='PT5M',
MinInstancesInService="1",
MaxBatchSize='1',
WaitOnResourceSignals=True)),
CreationPolicy=CreationPolicy(ResourceSignal=ResourceSignal(
Timeout="PT15M", Count=Ref(scaleCapacityDesired)))))
# print(t.to_json())
return t
AllowedPattern="[a-zA-Z0-9]*",
ConstraintDescription="must contain only alphanumeric characters."))
# ##################
""" MAPPINGS """
# ##################
""" CONDITIONS """
# ##################
""" RESOURCES """
subnet_group = t.add_resource(
DBSubnetGroup('DatabaseSubnetGroup',
DBSubnetGroupDescription='RDS subnet group',
SubnetIds=[
ImportValue(Sub("${NetworkStackName}-PrivateSubnet1")),
ImportValue(Sub("${NetworkStackName}-PrivateSubnet2"))
]))
mydb = t.add_resource(
DBInstance("MyDB",
MultiAZ=False,
AllocatedStorage="5",
DBInstanceClass="db.t2.micro",
StorageType="gp2",
Engine="postgres",
MasterUsername=Ref(dbuser),
MasterUserPassword=Ref(dbpassword),
PubliclyAccessible=False,
DBInstanceIdentifier=Ref(dbidentifier),
AvailabilityZone=Select("0", GetAZs("")),
))
ElastiCacheSubnetGroup = t.add_resource(
SubnetGroup(
"ElastiCacheSubnetGroup",
SubnetIds=[Ref("DBSubnet1"),
Ref("DBSubnet2"),
Ref("DBSubnet3")],
Description=Ref("AWS::StackName"),
))
RDSSubnetGroup = t.add_resource(
DBSubnetGroup(
"RDSSubnetGroup",
SubnetIds=[Ref("DBSubnet1"),
Ref("DBSubnet2"),
Ref("DBSubnet3")],
DBSubnetGroupDescription=Ref("AWS::StackName"),
))
VPC = t.add_resource(
VPC(
"VPC",
InstanceTenancy="default",
EnableDnsSupport=True,
CidrBlock="10." + str(environment_index) + ".0.0/16",
EnableDnsHostnames=True,
Tags=Tags(Name=Ref("AWS::StackName"), ),
))
InternetGatewayAttachment = t.add_resource(
Parameter("DBUser",
Type='String',
MinLength='1',
MaxLength='16',
AllowedPattern='[a-zA-Z][a-zA-Z0-9]*'))
dbPassword = t.add_parameter(
Parameter("DBPassword",
Type='String',
MinLength='1',
MaxLength='41',
AllowedPattern='[a-zA-Z09]*'))
dbSubnetGroup = t.add_resource(
DBSubnetGroup("MyDBSubnetGroup",
DBSubnetGroupDescription='Available Subnets',
SubnetIds=[Ref(subnet), Ref(subnetDB)]))
dbInstanceParam = DBInstance("TestDB",
DBName='test_db',
AllocatedStorage='5',
DBInstanceClass='db.t2.micro',
Engine='MySQL',
EngineVersion='5.5',
MasterUsername=Ref(dbUser),
MasterUserPassword=Ref(dbPassword),
DBSubnetGroupName=Ref(dbSubnetGroup),
VPCSecurityGroups=[Ref(instanceSecurityGroup)])
dbInstance = t.add_resource(dbInstanceParam)
Private2RouteTableAssociation = template.add_resource(
SubnetRouteTableAssociation(
"Private2RouteTableAssociation",
SubnetId=Ref(Private2),
RouteTableId=Ref(PrivateRoute2Table),
DependsOn="PrivateRoute2Default",
))
RDSDBSubnetGroup = template.add_resource(
DBSubnetGroup(
"RDSDBSubnetGroup",
DBSubnetGroupName="String",
DBSubnetGroupDescription="String",
SubnetIds=[Ref(IgwSubnet1), Ref(IgwSubnet2)],
Tags=Tags(Name=Sub("${EnvironmentName} RDS Subnet Group"), ),
DependsOn=[
"RDSDBParameterGroup", "RDSInternalSecurityGroup",
"RDSExternalSecurityGroup"
],
))
##############################
# OUTPUTS
##############################
sglambda = template.add_output(
Output(
OUTPUT_SGLAMBDA,
Description="Internal Security Group Id",
Value=Ref(InternalSecurityGroup),
))
def create_wordpress_environment(self):
template = Template()
template.add_version('2010-09-09')
# Wordpress preparation: format vpc name and split private and public subnets in two lists
vpc_name_formatted = ''.join(
e for e in self.private_vpc_name if e.isalnum()).capitalize()
filter_private_subnets = filter(lambda x : x["type"] == "private", self.private_vpc_subnets)
filter_public_subnets = filter(lambda x : x["type"] == "public", self.private_vpc_subnets)
private_subnets = []
for subnet in filter_private_subnets:
subnet_name_formatted = ''.join(e for e in subnet["name"] if e.isalnum()).capitalize()
private_subnets.append(ImportValue("{}{}{}SubnetId".format(self.stage, vpc_name_formatted, subnet_name_formatted)))
public_subnets = []
for subnet in filter_public_subnets:
subnet_name_formatted = ''.join(e for e in subnet["name"] if e.isalnum()).capitalize()
public_subnets.append(ImportValue("{}{}{}SubnetId".format(self.stage, vpc_name_formatted, subnet_name_formatted)))
# Instances Security Groups
web_dmz_security_group = template.add_resource(
SecurityGroup(
"{}WebDMZSecurityGroup".format(self.stage),
GroupName="{}webdmz-sg".format(self.stage),
VpcId=ImportValue("{}{}VpcId".format(self.stage,vpc_name_formatted)),
GroupDescription="Enables external http access to EC2 instance(s) that host the webpages",
SecurityGroupIngress=[
SecurityGroupRule(
IpProtocol="tcp",
FromPort="80",
ToPort="80",
CidrIp="0.0.0.0/0",
),
SecurityGroupRule(
IpProtocol="tcp",
FromPort="22",
ToPort="22",
SourceSecurityGroupId=ImportValue("{}BastionHostSecurityGroupID".format(self.stage))
)
]
)
)
rds_private_security_group = template.add_resource(
SecurityGroup(
"{}RdsPrivateSecurityGroup".format(self.stage),
GroupName="{}rds-private-sg".format(self.stage),
VpcId=ImportValue("{}{}VpcId".format(self.stage,vpc_name_formatted)),
GroupDescription="Allow access to the mysql port from the webservers",
SecurityGroupIngress=[
SecurityGroupRule(
IpProtocol="tcp",
FromPort=self.database_port,
ToPort=self.database_port,
SourceSecurityGroupId=Ref(web_dmz_security_group)
)
]
)
)
# S3 Buckets for wordpress content
bucket_wordpress_code = template.add_resource(
Bucket(
"{}BucketWordpressCode".format(self.stage),
BucketName="{}-wordpress-code".format(self.stage),
AccessControl=Private
)
)
bucket_wordpress_media_assets = template.add_resource(
Bucket(
"{}BucketWordpressMediaAssets".format(self.stage),
BucketName="{}-wordpress-media-assets".format(self.stage),
AccessControl=Private
)
)
# Database Instance to store wordpress data
rds_subnet_group = template.add_resource(
DBSubnetGroup(
"{}PrivateRDSSubnetGroup".format(self.stage),
DBSubnetGroupName="{}private-rds-subnet-group".format(self.stage),
DBSubnetGroupDescription="Subnets available for the RDS DB Instance",
SubnetIds=private_subnets
)
)
template.add_resource(
DBInstance(
"{}RdsInstance".format(self.stage),
DBInstanceIdentifier="{}RdsInstance".format(self.stage),
DBName=self.database_name,
AllocatedStorage="20",
DBInstanceClass=self.database_instance_class,
Engine=self.database_engine,
EngineVersion=self.database_engine_version,
MasterUsername=self.database_username,
MasterUserPassword=self.database_password,
Port=self.database_port,
BackupRetentionPeriod=0,
MultiAZ=self.database_multiaz,
DBSubnetGroupName=Ref(rds_subnet_group),
VPCSecurityGroups=[Ref(rds_private_security_group)],
Tags=Tags(
Name=self.database_name_tag
)
)
)
# Cloudfront Distribution to load images
cloudfront_origin_access_identity = template.add_resource(
CloudFrontOriginAccessIdentity(
"{}CloudfrontOriginAccessIdentity".format(self.stage),
CloudFrontOriginAccessIdentityConfig=CloudFrontOriginAccessIdentityConfig(
"{}CloudFrontOriginAccessIdentityConfig".format(self.stage),
Comment="WordPress Origin Access Identity"
)
)
)
template.add_resource(BucketPolicy(
"{}BucketWordpressMediaAssetsPolicy".format(self.stage),
Bucket=Ref(bucket_wordpress_media_assets),
PolicyDocument={
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"CanonicalUser": GetAtt(cloudfront_origin_access_identity, 'S3CanonicalUserId')
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::{}-wordpress-media-assets/*".format(self.stage)
}
]
}
))
cloudfront_distribution = template.add_resource(
Distribution(
"{}CloudfrontDistribution".format(self.stage),
DistributionConfig=DistributionConfig(
Origins=[
Origin(
Id="MediaAssetsOrigin",
DomainName=GetAtt(bucket_wordpress_media_assets, 'DomainName'),
S3OriginConfig=S3Origin(
OriginAccessIdentity=Join("", [
"origin-access-identity/cloudfront/",
Ref(cloudfront_origin_access_identity)
])
)
)
],
DefaultCacheBehavior=DefaultCacheBehavior(
TargetOriginId="MediaAssetsOrigin",
ForwardedValues=ForwardedValues(
QueryString=False
),
ViewerProtocolPolicy="allow-all"
),
Enabled=True,
HttpVersion='http2'
)
)
)
# Wordpress EC2 Instances
'''
EC2 Instances types:
Write node = To make changes to your blog. E.g: add new posts
Read Nodes = Instances open to the internet for blog reading
'''
wordpress_ec2_role = template.add_resource(
Role(
"{}WordPressEC2InstanceRole".format(self.stage),
RoleName="{}WordPressEC2InstanceRole".format(self.stage),
Path="/",
AssumeRolePolicyDocument={"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": ["ec2.amazonaws.com"]
},
"Action": ["sts:AssumeRole"]
}]},
Policies=[
Policy(
PolicyName="S3FullAccess",
PolicyDocument={
"Statement": [{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}],
}
)
]
)
)
spotfleetrole = template.add_resource(
Role(
"{}spotfleetrole".format(self.stage),
AssumeRolePolicyDocument={
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "spotfleet.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
],
"Version": "2012-10-17"
},
ManagedPolicyArns=[
"arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole"
]
)
)
ec2_instance_profile = template.add_resource(
InstanceProfile(
"{}WriteWordpressEc2InstanceProfile".format(self.stage),
Roles=[Ref(wordpress_ec2_role)]
)
)
template.add_resource(
SpotFleet(
"{}WriteWordpressEc2Instance".format(self.stage),
SpotFleetRequestConfigData=SpotFleetRequestConfigData(
AllocationStrategy="lowestPrice",
IamFleetRole=GetAtt(spotfleetrole,"Arn"),
LaunchSpecifications=[LaunchSpecifications(
IamInstanceProfile=IamInstanceProfile(
Arn=GetAtt(ec2_instance_profile, "Arn")
),
ImageId=self.write_instance_image_id,
InstanceType=self.write_instance_type,
KeyName=self.write_instance_key_name,
SecurityGroups=[SecurityGroups(GroupId=Ref(web_dmz_security_group))],
SubnetId=next(iter(public_subnets)),
UserData=Base64(
Join("", [
""" #!/bin/bash
yum install httpd php php-mysql -y
cd /var/www/html
echo \"healthy\" > healthy.html
wget https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
cp -r wordpress/* /var/www/html/
rm -rf wordpress
rm -rf latest.tar.gz
chmod -R 755 wp-content
chown -R apache:apache wp-content
echo -e 'Options +FollowSymlinks \nRewriteEngine on \nrewriterule ^wp-content/uploads/(.*)$ http://""",
GetAtt(cloudfront_distribution, 'DomainName'),
"""/$1 [r=301,nc]' > .htaccess
chkconfig httpd on
cd /var/www
sudo chown -R apache /var/www/html
cd html/
sudo find . -type d -exec chmod 0755 {} \;
sudo find . -type f -exec chmod 0644 {} \;
sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf
sed -i 's/AllowOverride none/AllowOverride All/g' /etc/httpd/conf/httpd.conf
echo -e "*/1 * * * * root aws s3 sync --delete /var/www/html s3://""",
Ref(bucket_wordpress_code),
"""">> /etc/crontab
echo -e "*/1 * * * * root aws s3 sync --delete /var/www/html/wp-content/uploads s3://""",
Ref(bucket_wordpress_media_assets),
"""">> /etc/crontab
service httpd start
"""
])
)
)],
TargetCapacity=1,
Type="request"
)
)
)
template.add_resource(
LaunchConfiguration(
"{}WordPressReadLaunchConfiguration".format(self.stage),
InstanceType=self.read_instance_type,
ImageId=self.read_instance_image_id,
KeyName=self.read_instance_key_name,
LaunchConfigurationName="{}-wordpress-launch-config".format(self.stage),
SecurityGroups=[Ref(web_dmz_security_group)],
IamInstanceProfile=Ref(ec2_instance_profile),
SpotPrice="0.5",
UserData=Base64(
Join("", [
""" #!/bin/bash
yum install httpd php php-mysql -y
cd /var/www/html
echo \"healthy\" > healthy.html
wget https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
cp -r wordpress/* /var/www/html/
rm -rf wordpress
rm -rf latest.tar.gz
chmod -R 755 wp-content
chown -R apache:apache wp-content
echo -e 'Options +FollowSymlinks \nRewriteEngine on \nrewriterule ^wp-content/uploads/(.*)$ http://""",
GetAtt(cloudfront_distribution, 'DomainName'),
"""/$1 [r=301,nc]' > .htaccess
chkconfig httpd on
cd /var/www
sudo chown -R apache /var/www/html
cd html/
sudo find . -type d -exec chmod 0755 {} \;
sudo find . -type f -exec chmod 0644 {} \;
sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf
sed -i 's/AllowOverride none/AllowOverride All/g' /etc/httpd/conf/httpd.conf
echo -e "*/1 * * * * root aws s3 sync --delete s3://""",
Ref(bucket_wordpress_code),
""" /var/www/html">> /etc/crontab
echo -e "*/1 * * * * root aws s3 sync --delete s3://""",
Ref(bucket_wordpress_media_assets),
"""/var/www/html/wp-content/uploads">> /etc/crontab
service httpd start
"""
])
)
)
)
alb = template.add_resource(
LoadBalancer(
"{}ApplicationLoadBalancer".format(self.stage),
Name="{}-wordpress-alb".format(self.stage),
SecurityGroups=[Ref(web_dmz_security_group)],
Subnets=public_subnets,
Type="application"
)
)
target_group = template.add_resource(
TargetGroup(
"{}TargetGroup".format(self.stage),
Name="{}-wordpress-target-group".format(self.stage),
Port=80,
Protocol="HTTP",
VpcId=ImportValue("{}{}VpcId".format(self.stage,vpc_name_formatted)),
HealthCheckPort=8080
)
)
template.add_resource(
AutoScalingGroup(
"{}AutoScalingGroup".format(self.stage),
DependsOn="{}WordPressReadLaunchConfiguration".format(self.stage),
AutoScalingGroupName="{}-wordpress-auto-scaling".format(self.stage),
LaunchConfigurationName="{}-wordpress-launch-config".format(self.stage),
TargetGroupARNs=[Ref(target_group)],
MaxSize="3",
MinSize="1",
VPCZoneIdentifier=public_subnets,
Tags=[
Tag("Name", "{}-wordpress-read-node".format(self.stage), True)
]
)
)
template.add_resource(
Listener(
"ALBListener",
DefaultActions=[
Action(
TargetGroupArn=Ref(target_group),
Type="forward"
)
],
LoadBalancerArn=Ref(alb),
Port=80,
Protocol="HTTP"
)
)
f = open("modules/template_wordpress.yaml", 'w')
print(template.to_yaml(), file=f)
def add_rds_db_subnet(self, name, subnet):
return self.add_resource(
DBSubnetGroup(name + "DBSubnetGroup",
DBSubnetGroupDescription=
"Subnets available for the RDS DB Instance",
SubnetIds=subnet))
u'CIDR': u'192.168.131.128/25'
},
u'TEST-RDS-AZ3': {
u'CIDR': u'192.168.132.0/25'
},
u'VPC': {
u'CIDR': u'192.168.128.0/21'
}
})
RdsSubnetGroupTest = t.add_resource(
DBSubnetGroup(
"RdsSubnetGroupTest",
SubnetIds=[
Ref("SubnetTestRdsAz1"),
Ref("SubnetTestRdsAz2"),
Ref("SubnetTestRdsAz3")
],
DBSubnetGroupDescription="Subnets for RDS Test",
))
DhcpOptions = t.add_resource(
DHCPOptions(
"DhcpOptions",
Tags=Tags(
Name="VPC_DHCP",
project="ShelterMutual",
),
DomainNameServers=["AmazonProvidedDNS"],
DomainName="sheltermutual-aws.internal",
))
def create():
from troposphere.ec2 import PortRange, NetworkAcl, Route, \
VPCGatewayAttachment, SubnetRouteTableAssociation, Subnet, RouteTable, \
VPC, NetworkInterfaceProperty
mydb = mysql.connector.connect(host="localhost",
user="******",
passwd="AmazingTheory62",
database="cloud_formation")
mycursor = mydb.cursor()
mycursor.execute("SELECT * FROM customize_table")
myresult = (mycursor.fetchone())
sname = myresult[0]
instance1 = myresult[1]
instancetype1 = myresult[2]
instance2 = myresult[3]
instancetype2 = myresult[4]
dbname = myresult[5]
dbuser = myresult[6]
dbpassword = myresult[7]
dbstorage = myresult[8]
dbinstance = myresult[9]
vpcname = myresult[10]
subnetname = myresult[11]
t = Template()
t.add_version('2010-09-09')
t.set_description("""\
AWS CloudFormation Sample Template VPC_Single_Instance_In_Subnet: Sample \
template showing how to create a VPC and add an EC2 instance with an Elastic \
IP address and a security group. \
**WARNING** This template creates an Amazon EC2 instance. You will be billed \
for the AWS resources used if you create a stack from this template.""")
keyname_param = t.add_parameter(
Parameter(
'KeyName',
ConstraintDescription=
'must be the name of an existing EC2 KeyPair.',
Description=
'Name of an existing EC2 KeyPair to enable SSH access to \
the instance',
Type='AWS::EC2::KeyPair::KeyName',
Default='jayaincentiuskey',
))
sshlocation_param = t.add_parameter(
Parameter(
'SSHLocation',
Description=
' The IP address range that can be used to SSH to the EC2 \
instances',
Type='String',
MinLength='9',
MaxLength='18',
Default='0.0.0.0/0',
AllowedPattern=
r"(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})",
ConstraintDescription=(
"must be a valid IP CIDR range of the form x.x.x.x/x."),
))
instanceType_param = t.add_parameter(
Parameter(
'InstanceType',
Type='String',
Description='WebServer EC2 instance type',
Default=instancetype1,
AllowedValues=[
't1.micro',
't2.micro',
't2.small',
't2.medium',
'm1.small',
'm1.medium',
'm1.large',
'm1.xlarge',
'm2.xlarge',
'm2.2xlarge',
'm2.4xlarge',
'm3.medium',
'm3.large',
'm3.xlarge',
'm3.2xlarge',
'c1.medium',
'c1.xlarge',
'c3.large',
'c3.xlarge',
'c3.2xlarge',
'c3.4xlarge',
'c3.8xlarge',
'g2.2xlarge',
'r3.large',
'r3.xlarge',
'r3.2xlarge',
'r3.4xlarge',
'r3.8xlarge',
'i2.xlarge',
'i2.2xlarge',
'i2.4xlarge',
'i2.8xlarge',
'hi1.4xlarge',
'hs1.8xlarge',
'cr1.8xlarge',
'cc2.8xlarge',
'cg1.4xlarge',
],
ConstraintDescription='must be a valid EC2 instance type.',
))
instanceType_param1 = t.add_parameter(
Parameter(
'SecindInstanceType',
Type='String',
Description='WebServer EC2 instance type',
Default=instancetype2,
AllowedValues=[
't1.micro',
't2.micro',
't2.small',
't2.medium',
'm1.small',
'm1.medium',
'm1.large',
'm1.xlarge',
'm2.xlarge',
'm2.2xlarge',
'm2.4xlarge',
'm3.medium',
'm3.large',
'm3.xlarge',
'm3.2xlarge',
'c1.medium',
'c1.xlarge',
'c3.large',
'c3.xlarge',
'c3.2xlarge',
'c3.4xlarge',
'c3.8xlarge',
'g2.2xlarge',
'r3.large',
'r3.xlarge',
'r3.2xlarge',
'r3.4xlarge',
'r3.8xlarge',
'i2.xlarge',
'i2.2xlarge',
'i2.4xlarge',
'i2.8xlarge',
'hi1.4xlarge',
'hs1.8xlarge',
'cr1.8xlarge',
'cc2.8xlarge',
'cg1.4xlarge',
],
ConstraintDescription='must be a valid EC2 instance type.',
))
t.add_mapping(
'AWSInstanceType2Arch', {
't1.micro': {
'Arch': 'PV64'
},
't2.micro': {
'Arch': 'HVM64'
},
't2.small': {
'Arch': 'HVM64'
},
't2.medium': {
'Arch': 'HVM64'
},
'm1.small': {
'Arch': 'PV64'
},
'm1.medium': {
'Arch': 'PV64'
},
'm1.large': {
'Arch': 'PV64'
},
'm1.xlarge': {
'Arch': 'PV64'
},
'm2.xlarge': {
'Arch': 'PV64'
},
'm2.2xlarge': {
'Arch': 'PV64'
},
'm2.4xlarge': {
'Arch': 'PV64'
},
'm3.medium': {
'Arch': 'HVM64'
},
'm3.large': {
'Arch': 'HVM64'
},
'm3.xlarge': {
'Arch': 'HVM64'
},
'm3.2xlarge': {
'Arch': 'HVM64'
},
'c1.medium': {
'Arch': 'PV64'
},
'c1.xlarge': {
'Arch': 'PV64'
},
'c3.large': {
'Arch': 'HVM64'
},
'c3.xlarge': {
'Arch': 'HVM64'
},
'c3.2xlarge': {
'Arch': 'HVM64'
},
'c3.4xlarge': {
'Arch': 'HVM64'
},
'c3.8xlarge': {
'Arch': 'HVM64'
},
'g2.2xlarge': {
'Arch': 'HVMG2'
},
'r3.large': {
'Arch': 'HVM64'
},
'r3.xlarge': {
'Arch': 'HVM64'
},
'r3.2xlarge': {
'Arch': 'HVM64'
},
'r3.4xlarge': {
'Arch': 'HVM64'
},
'r3.8xlarge': {
'Arch': 'HVM64'
},
'i2.xlarge': {
'Arch': 'HVM64'
},
'i2.2xlarge': {
'Arch': 'HVM64'
},
'i2.4xlarge': {
'Arch': 'HVM64'
},
'i2.8xlarge': {
'Arch': 'HVM64'
},
'hi1.4xlarge': {
'Arch': 'HVM64'
},
'hs1.8xlarge': {
'Arch': 'HVM64'
},
'cr1.8xlarge': {
'Arch': 'HVM64'
},
'cc2.8xlarge': {
'Arch': 'HVM64'
},
})
t.add_mapping(
'AWSRegionArch2AMI', {
'us-east-1': {
'PV64': 'ami-50842d38',
'HVM64': 'ami-08842d60',
'HVMG2': 'ami-3a329952'
},
'us-west-2': {
'PV64': 'ami-af86c69f',
'HVM64': 'ami-8786c6b7',
'HVMG2': 'ami-47296a77'
},
'us-west-1': {
'PV64': 'ami-c7a8a182',
'HVM64': 'ami-cfa8a18a',
'HVMG2': 'ami-331b1376'
},
'eu-west-1': {
'PV64': 'ami-aa8f28dd',
'HVM64': 'ami-748e2903',
'HVMG2': 'ami-00913777'
},
'ap-southeast-1': {
'PV64': 'ami-20e1c572',
'HVM64': 'ami-d6e1c584',
'HVMG2': 'ami-fabe9aa8'
},
'ap-northeast-1': {
'PV64': 'ami-21072820',
'HVM64': 'ami-35072834',
'HVMG2': 'ami-5dd1ff5c'
},
'ap-southeast-2': {
'PV64': 'ami-8b4724b1',
'HVM64': 'ami-fd4724c7',
'HVMG2': 'ami-e98ae9d3'
},
'sa-east-1': {
'PV64': 'ami-9d6cc680',
'HVM64': 'ami-956cc688',
'HVMG2': 'NOT_SUPPORTED'
},
'cn-north-1': {
'PV64': 'ami-a857c591',
'HVM64': 'ami-ac57c595',
'HVMG2': 'NOT_SUPPORTED'
},
'eu-central-1': {
'PV64': 'ami-a03503bd',
'HVM64': 'ami-b43503a9',
'HVMG2': 'ami-b03503ad'
},
})
ref_stack_id = Ref('AWS::StackId')
ref_region = Ref('AWS::Region')
ref_stack_name = Ref('AWS::StackName')
VPC = t.add_resource(
VPC('VPC',
CidrBlock='10.0.0.0/16',
Tags=Tags(Name=vpcname, Application=ref_stack_id)))
subnet = t.add_resource(
Subnet('publicSubnet',
CidrBlock='10.0.1.0/24',
AvailabilityZone='us-west-2b',
VpcId=Ref(VPC),
Tags=Tags(Name=subnetname, Application=ref_stack_id)))
subnet1 = t.add_resource(
Subnet('publicSubnet1',
CidrBlock='10.0.3.0/24',
AvailabilityZone='us-west-2a',
VpcId=Ref(VPC),
Tags=Tags(Name=subnetname, Application=ref_stack_id)))
publicsubnet = t.add_resource(
Subnet('PrivateSubnet',
CidrBlock='10.0.0.0/24',
AvailabilityZone='us-west-2a',
VpcId=Ref(VPC),
Tags=Tags(Name=subnetname, Application=ref_stack_id)))
publicsubnet1 = t.add_resource(
Subnet('PrivateSubnet1',
CidrBlock='10.0.2.0/24',
AvailabilityZone='us-west-2b',
VpcId=Ref(VPC),
Tags=Tags(Name=subnetname, Application=ref_stack_id)))
internetGateway = t.add_resource(
InternetGateway('InternetGateway',
Tags=Tags(Application=ref_stack_id)))
gatewayAttachment = t.add_resource(
VPCGatewayAttachment('AttachGateway',
VpcId=Ref(VPC),
InternetGatewayId=Ref(internetGateway)))
routeTable = t.add_resource(
RouteTable('RouteTable',
VpcId=Ref(VPC),
Tags=Tags(Application=ref_stack_id)))
route = t.add_resource(
Route(
'Route',
DependsOn='AttachGateway',
GatewayId=Ref('InternetGateway'),
DestinationCidrBlock='0.0.0.0/0',
RouteTableId=Ref(routeTable),
))
routeTable1 = t.add_resource(
RouteTable('PrivateRouteTable',
VpcId=Ref(VPC),
Tags=Tags(Application=ref_stack_id)))
# route1 = t.add_resource(
# Route(
# 'PublicRoute',
# DependsOn='AttachGateway',
# GatewayId=Ref('InternetGateway'),
# DestinationCidrBlock='0.0.0.0/0',
# RouteTableId=Ref(routeTable1),
# ))
subnetRouteTableAssociation = t.add_resource(
SubnetRouteTableAssociation(
'SubnetRouteTableAssociation',
SubnetId=Ref(subnet),
RouteTableId=Ref(routeTable),
))
subnetRouteTableAssociation1 = t.add_resource(
SubnetRouteTableAssociation(
'SubnetRouteTableAssociation1',
SubnetId=Ref(subnet1),
RouteTableId=Ref(routeTable),
))
subnetRouteTableAssociation2 = t.add_resource(
SubnetRouteTableAssociation(
'SubnetRouteTable1Association2',
SubnetId=Ref(publicsubnet),
RouteTableId=Ref(routeTable1),
))
subnetRouteTableAssociation3 = t.add_resource(
SubnetRouteTableAssociation(
'SubnetRouteTable1Association3',
SubnetId=Ref(publicsubnet1),
RouteTableId=Ref(routeTable1),
))
#
# subnetRouteTableAssociation4= t.add_resource(
# SubnetRouteTableAssociation(
# 'SubnetRouteTable1Association4',
# SubnetId=Ref(subnet1),
# RouteTableId=Ref(routeTable1),
# ))
instanceSecurityGroup = t.add_resource(
SecurityGroup(
'InstanceSecurityGroup',
GroupDescription='Enable SSH access via port 22',
SecurityGroupIngress=[
SecurityGroupRule(IpProtocol='tcp',
FromPort='22',
ToPort='22',
CidrIp=Ref(sshlocation_param)),
SecurityGroupRule(IpProtocol='tcp',
FromPort='80',
ToPort='80',
CidrIp='0.0.0.0/0')
],
VpcId=Ref(VPC),
))
instance = t.add_resource(
Instance(
'WebServerInstance',
#Metadata=instance_metadata,
ImageId=FindInMap(
'AWSRegionArch2AMI', Ref('AWS::Region'),
FindInMap('AWSInstanceType2Arch', Ref(instanceType_param),
'Arch')),
InstanceType=Ref(instanceType_param),
KeyName=Ref(keyname_param),
NetworkInterfaces=[
NetworkInterfaceProperty(GroupSet=[Ref(instanceSecurityGroup)],
AssociatePublicIpAddress='true',
DeviceIndex='0',
DeleteOnTermination='true',
SubnetId=Ref(subnet))
],
Tags=Tags(Name=instance1, Application=ref_stack_id),
))
instance1 = t.add_resource(
Instance(
'WebServerInstance1',
#Metadata=instance_metadata,
ImageId=FindInMap(
'AWSRegionArch2AMI', Ref('AWS::Region'),
FindInMap('AWSInstanceType2Arch', Ref(instanceType_param1),
'Arch')),
InstanceType=Ref(instanceType_param1),
KeyName=Ref(keyname_param),
NetworkInterfaces=[
NetworkInterfaceProperty(GroupSet=[Ref(instanceSecurityGroup)],
AssociatePublicIpAddress='true',
DeviceIndex='0',
DeleteOnTermination='true',
SubnetId=Ref(subnet1))
],
Tags=Tags(Name=instance2, Application=ref_stack_id),
))
# rdssubnet = t.add_parameter(Parameter(
# "Subnets",
# Type="CommaDelimitedList",
# Default=Ref(publicsubnet1),
# Description=(
# "The list of SubnetIds, for at least two Availability Zones in the "
# "region in your Virtual Private Cloud (VPC)")
# ))
mydbsubnetgroup = t.add_resource(
DBSubnetGroup(
"MyDBSubnetGroup",
DBSubnetGroupDescription=
"Subnets available for the RDS DB Instance",
# Type="CommaDelimitedList",
SubnetIds=[Ref(publicsubnet),
Ref(publicsubnet1)],
))
mydb = t.add_resource(
DBInstance(
"MyDB",
DBName=dbname,
AllocatedStorage=dbstorage,
DBInstanceClass=dbinstance,
Engine="MySQL",
EngineVersion="5.5",
MasterUsername=dbuser,
MasterUserPassword=dbpassword,
DBSubnetGroupName=Ref(mydbsubnetgroup),
))
t.add_output(
Output("JDBCConnectionString",
Description="JDBC connection string for database",
Value=Join("", [
"jdbc:mysql://",
GetAtt("MyDB", "Endpoint.Address"),
GetAtt("MyDB", "Endpoint.Port"), "/", "customizedb"
])))
# print(t.to_json())
file = open('customizejson.json', 'w')
file.write(t.to_json())
file.close()
os.system('aws cloudformation create-stack --stack-name ' + sname +
' --template-body file://customizejson.json')
# create()
def create_rds_template():
template = Template()
vpc = template.add_parameter(
parameter=Parameter(title='Vpc', Type='String'))
subnet_a = template.add_parameter(
parameter=Parameter(title='SubnetA', Type='String'))
subnet_b = template.add_parameter(
parameter=Parameter(title='SubnetB', Type='String'))
master_user_name = template.add_parameter(
parameter=Parameter(title='DBMasterUserName', Type='String'))
master_user_password = template.add_parameter(
parameter=Parameter(title='DBMasterUserPassword', Type='String'))
storage_size = template.add_parameter(
parameter=Parameter(title='StorageSize', Default='20', Type='String'))
instance_class = template.add_parameter(parameter=Parameter(
title='InstanceClass', Default='db.t2.micro', Type='String'))
engine_version = template.add_parameter(parameter=Parameter(
title='EngineVersion', Default='5.7.26', Type='String'))
security_group = template.add_resource(
resource=SecurityGroup(title='SampleSecurityGroup',
GroupDescription='sample-rds',
SecurityGroupIngress=[{
'IpProtocol': 'tcp',
'FromPort': 3306,
'ToPort': 3306,
'CidrIp': '0.0.0.0/0',
}],
VpcId=Ref(vpc)))
db_subnet_group = template.add_resource(resource=DBSubnetGroup(
title='SampleDBSubnetGroup',
DBSubnetGroupDescription='sample-rds',
DBSubnetGroupName='sample-rds',
SubnetIds=[Ref(subnet_a), Ref(subnet_b)]))
template.add_resource(resource=DBInstance(
title='SampleDBInstance',
DBSubnetGroupName=Ref(db_subnet_group),
# VPCSecurityGroups=[Ref(security_group)],
VPCSecurityGroups=[GetAtt(security_group, 'GroupId')],
AllocatedStorage=Ref(storage_size),
DBInstanceClass=Ref(instance_class),
DBInstanceIdentifier='sample-rds',
DBName='sample_rds',
Engine='mysql',
EngineVersion=Ref(engine_version),
MasterUsername=Ref(master_user_name),
MasterUserPassword=Ref(master_user_password),
PubliclyAccessible=True))
with open('./rds.yml', mode='w') as file:
file.write(template.to_yaml())
def emit_configuration():
vpc = cfn.vpcs[0]
region = Ref("AWS::Region")
dbname = template.add_parameter(
Parameter(
"RDSDatabaseInstanceName",
Default="reporting{0}".format(CLOUDENV),
Description="Postgres Instance Name",
Type="String",
MinLength="1",
MaxLength="63",
AllowedPattern="[a-zA-Z][a-zA-Z0-9]*",
ConstraintDescription=
"Must begin with a letter and contain only alphanumeric characters"
))
dbuser = template.add_parameter(
Parameter(
"RDSDatabaseUser",
Default="sa",
Description="The database admin account username",
Type="String",
MinLength="1",
MaxLength="63",
AllowedPattern="[a-zA-Z][a-zA-Z0-9]*",
ConstraintDescription="Must being with a letter and be alphanumeric"
))
dbpassword = template.add_parameter(
Parameter(
"RDSDatabasePassword",
NoEcho=True,
Description="The database admin account password",
Type="String",
MinLength="1",
MaxLength="41",
AllowedPattern="[a-zA-Z0-9]*",
ConstraintDescription="Must contain only alphanumeric characters.",
Default="LeafLeaf123"))
dbclass = template.add_parameter(
Parameter("RDSInstanceClass",
Default="db.t2.medium",
Description="Database instance size",
Type="String",
AllowedValues=[
"db.t2.small", "db.t2.medium", "db.m3.medium",
"db.m3.large", "db.m3.xlarge", "db.m3.2xlarge",
"db.r3.large", "db.r3.xlarge", "db.r3.2xlarge",
"db.r3.4xlarge", "db.r3.8xlarge"
]))
allocated_storage = template.add_parameter(
Parameter("RDSAllocatedStorage",
Default="100",
Description="The size of the Postgres Database (GB)",
Type="Number",
MinValue="5",
MaxValue="512",
ConstraintDescription="Must be between 5 and 512 GB"))
db_subnet_group = template.add_resource(
DBSubnetGroup(
"RDSSubnetGroup",
DBSubnetGroupDescription="Subnets available for RDS in {0}".format(
CLOUDNAME),
SubnetIds=[
Ref(sn)
for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.DATABASE)
],
DependsOn=[
sn.title
for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.DATABASE)
]))
ingress_rules = [
SecurityGroupRule(IpProtocol=p[0],
CidrIp=DEFAULT_ROUTE,
FromPort=p[1],
ToPort=p[1]) for p in [('tcp', 5432)]
]
security_group = template.add_resource(
SecurityGroup("RDSDatabaseSecurityGroup",
GroupDescription="Security group for Postgres Instances",
VpcId=Ref(vpc),
SecurityGroupIngress=ingress_rules,
DependsOn=vpc.title))
database = template.add_resource(
DBInstance(
"RDSPostgresInstance",
DBInstanceIdentifier=Ref(dbname),
AllocatedStorage=Ref(allocated_storage),
DBInstanceClass=Ref(dbclass),
Engine="postgres",
EngineVersion="9.3.6",
MasterUsername=Ref(dbuser),
MasterUserPassword=Ref(dbpassword),
DBSubnetGroupName=Ref(db_subnet_group),
VPCSecurityGroups=[Ref(security_group)],
DependsOn=[
sn.title
for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.DATABASE)
]))
template.add_output(
Output("ConnectionString",
Description="JDBC connection string for Postgres",
Value=Join("", [
GetAtt("RDSPostgresInstance", "Endpoint.Address"),
GetAtt("RDSPostgresInstance", "Endpoint.Port")
])))
dballocatedstorage = t.add_parameter(
Parameter(
"DBAllocatedStorage",
Default="5",
Description="The size of the database (Gb)",
Type="Number",
MinValue="5",
MaxValue="1024",
ConstraintDescription="must be between 5 and 1024Gb.",
))
mydbsubnetgroup = t.add_resource(
DBSubnetGroup(
"MyDBSubnetGroup",
DBSubnetGroupDescription="Subnets available for the RDS DB Instance",
SubnetIds=Ref(subnet),
))
myvpcsecuritygroup = t.add_resource(
SecurityGroup("myVPCSecurityGroup",
GroupDescription="Security group for RDS DB Instance.",
VpcId=Ref(vpcid)))
mydb = t.add_resource(
DBInstance(
"MyDB",
DBName=Ref(dbname),
AllocatedStorage=Ref(dballocatedstorage),
DBInstanceClass=Ref(dbclass),
Engine="MySQL",
Parameter(
'SubnetAZ2',
Type=SUBNET_ID,
Description='Subnet in AZ 2 to use for Postgres Instance',
))
security_group = template.add_parameter(
Parameter(
'SecurityGroup',
Type='String',
Description='Security Group to use for Postgres',
))
subnet_group = template.add_resource(
DBSubnetGroup(
'SubnetGroup',
DBSubnetGroupDescription='Subnets group for Postgres Instance',
SubnetIds=[Ref(subnet_az_1), Ref(subnet_az_2)]))
rds_postgres = template.add_resource(
DBInstance('DB',
DBInstanceIdentifier='dev-db',
DBName='dev',
DBInstanceClass='db.t2.micro',
AllocatedStorage='10',
Engine='postgres',
EngineVersion='9.6.3',
MasterUsername=Ref(master_user),
MasterUserPassword=Ref(master_user_password),
DBSubnetGroupName=Ref(subnet_group),
VPCSecurityGroups=[Ref(security_group)],
PubliclyAccessible=True))
